search

Van Gogh's GARBAGE hunt

OSINT

hashtag
Introduction

Helga, a maid working at Mr. X’s mansion, made a huge mistake—she unknowingly gave away his gold jewelry along with some old clothes. Now, she has no idea which textile collection point she left them at.

Our job? Track down the exact shop where the jewelry ended up and retrieve the flag.

hashtag
Step by Step Solution

hashtag
Step 1: Inspecting the Given File

The challenge provided a file: vangogh.zip. Unzipping it gave me a single image file:

I started by checking the metadata using exiftool.

The comment field contained something that looked like Base64-encoded text.

hashtag
Step 2: Decoding the Hidden String

The extracted Base64 string was:

I decoded it using:

Which gave me:

Looks like a username.

hashtag
Step 3: Investigating the Username

I used sherlock to find where this username exists online.

The X (Twitter) account stood out, so I checked it.

hashtag
Step 4: Checking the X account

The profile had only two tweets. One contained another Base64-encoded string:

I decoded it:

Result:

This looked like a BSSID (Wi-Fi MAC address).

hashtag
Step 5: Searching for the BSSID

I searched for the BSSID on wigle.net to get its location.

It pointed to His Majesty’s Theatre, so I checked Google Maps.

The location didn’t seem right. I decided to try reverse image searching the original chall.jpeg.

hashtag
Step 6: Reverse Image Search

I uploaded chall.jpeg to Google Lens and found a match.

Clicking the third link gave me this address:

I looked it up on Google Maps.

hashtag
Step 7: Identifying the Shop

From the challenge description:

Helga, a maid at Mr. X’s mansion, mistakenly gave away his gold jewelry to some textile collection point along with a pile of old clothes thinking they were GARBAGE.

The clue pointed to a textile collection point.

There was a store nearby called "The Swapshop", which fit perfectly.

hashtag
FLAG

PreviousSentMailNextDude where is my car

Last updated