What in the world are Google dorks?? I'm a bit of a Google dork... I use it every day.

Google "dorking" is a technique of searching Google (or other search engines) that makes use of special operators to search for very specific information. Dorks can be used to find information that would otherwise be difficult to find via regular Google searches.

Run /challenge/solve to get started.

Social Media OSINT

Social media is a fun place where we get to post about our lives, share moments that mean the most to us, and connect with friends. However, since we typically post more about ourselves than we realize, attackers can use the information we freely provide to hack into our accounts.

One of the most common ways Open Source Intelligence (OSINT) is used, is by collecting personal information on a target and using that information to create a list of possible passwords they may use.

This is a successful attack because most user's passwords are not strong. They may include their birth year (ex. Balogna2005), their pet's names, (ex. Rex123!), or things surrounding their hobbies (ex. ILoveFishing99).

Since most online users want to remember their passwords, they pick easy to remember things in their life to formulate them; but a lot of what they pick are things they also freely share on social media.

In this challenge, you will see a fake social media page that contains information on a particular individual known as @random_dude12. It is up to you to use the information within the three posts to try and come up with a potential password for the users account.

Start the machine, then run /challenge/run in the terminal to start the website. Then in a browser, browse to http://127.0.0.1:5000 to view the crude Instagram clone!

Gather information from reading the posts so you can craft a potential password! Then run /challenge/verify to see if your password is valid given the information!

Wayback Machine I

The internet is a great place to find information on basically anything. That also makes it scary.

You know how people say, "if it's on the internet, it's forever." Whether that's true or not is up for debate, but we should treat it as if it is true, because functionally it is. Tools like The Wayback Machine at web.archive.org have made it their goal to archive the entire internet. This is done imperfectly and doesn't preserve every website at every moment of history, but they have archived over 916 billion web pages, spanning decades, since the project started.

Tools like the Wayback Machine are useful to us when we are trying to find certain information that may not necessarily exist on a website anymore. For example, maybe you want to reread a blog post from an old website that has since been changed. If that old site was archived by the Wayback Machine you can look up the URL, and select the proper year and month, and actually view that blog post from that point in time (assuming it was archived).

The Wayback Machine has sites archived from 1996 all the way up to our current day. This means there exists a wide breadth of data for us to potentially find information we need.

How To Use

1. Browse to web.archive.org.
2. Enter a website URL into the search bar. For testing you can do dsu.edu
   • Once the results are displayed, you should see a calendar with each month and day, as well as a selector above that to pick the year.
3. Select a year, month, and a day.
   1. Click a black bar within any of the years (the black bar means there is archived data for that year).
   2. Find a month that has blue or green dots on some of the days, and hover over it. It should display times that snapshots were taken of the webpage.
4. Click a time in the selection to load that archived version of the webpage.
5. Browse the webpage as normal!

Conclusion

You can see that the Wayback Machine is a powerful tool that can be used for many purposes when performing OSINT. In this challenge, you will be asked to use the Wayback Machine to locate information from a website that no longer exists on it today!

Start the challenge and then run /challenge/run to get your challenge! You will need to use your own local browser to access the Wayback Machine!

Once you find the information required, run verify and it will ask for your answer! Submit it, and get the flag!

Wayback Machine II

Now that you're familiar with the Wayback Machine, let's do something a little more difficult!

Start the challenge and then run /challenge/run to get your challenge! NOTE: You will need to use your own local browser to access the Wayback Machine!

Once you find the information required, run verify and it will ask for your answer! Submit it, and get the flag!