in

Operation Brutus

Mission Briefing

This CTF is now closed for participation, all available materials are added to this CTF page for reference.

Mission Briefing

from: [email protected]
to: [email protected]
date: March 01, 2022, 21:00 EET
subject: Briefing Operation Brutus

Hi,

Glad we’re able to get some resources for this, your department must be swamped right now with that shitshow going on. After a chase across the globe we were finally able to capture Maksim Kotova. He collaborated nicely, though given the current political climate and location of his arrest, he’s been detained in an undisclosed location.

Besides ratting out a few very high level government officials and people active as spies inside various western governments, Maksim gave us some intelligence on a wildlife smuggling operation. He didn’t know too much about it, but was contacted at some point to take part. Apparently he had some decency, because even he thought this was horrible and didn’t want any of it. He was however able to get us a “handler file”.

These files are a collection of information intended for the person in charge of the whole operation, from where the animals are hunted to wherever people buy them. Among the files are hunting grounds, destinations and also personal files in an encrypted folder. These belonged to the previous handler who fucked up his Op-Sec, they made him swim with fishes. It’s probably nothing important, but it was in there non-the-less. We will need your help in mapping this entire operation, this hopefully leads to a lot of arrests.

Below you’ll find a link to the information and a form to fill out all the details we need to stop their operations. I know it’s out of place, but… Happy Hunting.

https://www.dropbox.com/sh/2yl7wty4m6y02qd/AACSBr89vxCqjBNlJGzJEwhxa

DISCLAIMER

ANY MENTION OF REAL LOCATIONS, PEOPLE, COUNTRIES, ORGANISATIONS AND SUCH, ARE NOT AFFILIATED WITH HACKTORIA, OR OUR CHALLENGES. THESE ARE INCORPORATED INTO OUR STORIES TO MAKE THEM MORE IMMERSIVE AND RELATABLE. PLEASE DO NOT CONTACT ANY ORGANISATION, GOVERNMENT OR INDIVIDUAL, OTHER THAN THOSE EXPLICITLY MARKED FOR INTERACTION IN OUR CHALLENGES. ALL ACCOUNTS, LINKS, PEOPLE AND MATERIALS CONTAINING IMPORTANT INFORMATION ARE INCLUDED IN THE CTF BRIEFING.
– Players will never have to incur costs to complete a CTF, for example calling phone numbers
– No hacking unless explicitly mentioned for the specific CTF
– Our CTF’s are fictional events, any resemblance to real events is purely coincidental
*All copyrighted materials shown, belong to their respective owners, and they are used for educational purposes only. Any reproduction is prohibited.

Certificate of Completion

Besides the prize(s), participants receive a Certificate of Completion, if the CTF was completed in the month the event is active. Certificates will be emailed.

Prize Sponsored by The XSS Rat

First 5 spots win the XSS Rat’s Full-House Course Bundle and every finisher the Burp Suite Course, during March 2022. The codes for these will be emailed.

CTF Master

Written by CTF Master

Leave a Reply

Avatar

Your email address will not be published.

14 Comments

    • Yeah I called it quits. I could only find the harbour the shipment leaves from despite days on end banging searching for everything else. Hopefully there will be a detailed walkthrough released so we can learn for future CTF events 🙂

      • Don’t give up you can do this. There’s always some critical information within the details they’ve handed to us to use as clues to piecing together accurate patterns that lead to a flag.

      • If you have found the harbor, the hunting grounds and camping site are not that far away. Just imagine a hunter trying to smuggle animals, he’s not going to cross half the country for that 😉 As for the harbor of arrival, try to locate some harbors with docks like in the pictures. Hopefully you have an idea of the target country.

      • Keep after it, maybe check out hacktorias twitter feed that helped me. But don’t get stuck in one frame of thought like “this must be here for x reason” I constantly did that and it wasn’t until I looked at it differently that I was able to make progress.

  1. My first shot at a CTF, too. So far I have the coordinates for the hunting camp and the hunting sites and the shipping facility, plus name and description for the marketing contact. I have a dictionary attack running against the .7z right now, but I’m gathering from comments above that there is a way to guess the password. All the guesses I’ve tried so far have failed, but I’ll look again.

    • BigFluffySheep. for the password – Think outside the box – look at ‘all’ you have and then ask yourself “is there only one way to get information?” then re-approach.

      I too have much of the information but i expect you will make it into the 7z file and breeze through the rest.

  2. First time CTF attempt, and this is extremely interesting so far – but wondering if there’s a forum for discussion of applicable techniques/tools. I’ve got origination and destination location details and have accessed the 7z files, but am struggling on way forward for shipment details and some of the data on the handler (email, phone, etc.).

  3. This is my first CTF task and I’m really struggling… If I’m on the right track, I need to view map data for China but unable to access Baidu/alternatives regardless of VPN location and the area I suspect the market could be based at is blurred on Google maps. Any tips?

    • morning – i too am fumbling around but just saw something not blurred in the market photos that may lead to the location. I just have to trust that the subject wouldn’t have an otherwise mostly redacted photo and that this item was left – not blurred. Also, try YANDEX for your search of the images. for me it is not a perfect match but there are elements in the photos that are unique to markets in the country i believe to be the destination for the exports.

      my hurdle is getting this dang 7z opened. obviously the hunters opsec was good enough to trip me up.

      note: i am being intentionally vague because i wouldnt want to be banned for dropping an answer.