Back with another Hacktoria walkthrough, easing myself in by working through all the easy ones first and this time it is ‘The Killer Clown‘.
Greetings, Special Agent K. We have a very urgent case on our hands. The San Francisco Police Department is working on a true horror case this October. There is an actual killer clown roaming the streets of the greater San Francisco area.
The killer is dressed as a clown and strikes at night, mostly targeting women and younger men. The victims are drugged and bound tightly with a long rope, stretching all the way around the body. After this, the killer attaches an oxygen tank to the victim and puts them inside a coffin sized box. Making it impossible to move, but just enough to breathe slowly.
The victim is then buried alive and a picture is taken of the location, which is then sent to the police. With the amount of oxygen in the tank, victims usually last about 24 hours. Though with the panic setting in, some die within 6 hours. A few others suffered a heart attack from the panic. They are left as a game, for the police to find the location in time, or not. So far there have been several sightings of a clown at night, though only for brief moments. In one of the photo’s, the image of the clown was visible in a car mirror caught on camera.
About 30 minutes ago, the San Francisco Police Department received a new picture from the clown. This time we have reason to believe the victim is Melany Parker, a 23 year old woman from Northwest Berkeley. She was reported missing by her boyfriend, after she didn’t return from her evening jog.
Given the circumstances, we have no time to waste. Your assignment is simple, find the location of the picture below. Before the next victim dies, tied up in a box underground, slowly suffocating while tightly wrapped in ropes.
Special Agent K. The contract is yours, if you choose to accept.
Construct the password for the flagfile, using the name of the location and pathway where the victim is buried.
Sample password, no caps: local-park-name-dirty-mud-path
Ok, so I won’t try to over think this like I did on the lost at see when i tried to crack the password using the RockYou.txt lol.
So the image we received from the clown.
The mistake I made in the fist one was not reading the mission properly and getting all the details out so what are the main things we see from the mission.
- Name: Melany Parker
- Age: 23
- Lives: Northwest Berkeley
- Last Location: Didn’t return from her evening jog.
So, first thing to look at was the image and the info together, the image looks like some kind of park, people like to job in parks (not that I would know personally other than what I’ve seen on TV ;-)).
Before we begin lets download the file.
Step one, lets just google maps Northwest Berkeley and see what comes up.
Right, only one park there, good stuff.
Next I went to google images to see if I could find a picture with the bench and bin but couldn’t find the exact one but it was fairly obvious it was the right park.
I went back and re-read the info:-
“Construct the password for the flagfile, using the name of the location and pathway where the victim is buried.”
So I added some layers in google maps and zoomed into the park.
From this there is really only one pathway that stands out and has an actual name and that is Ohlone Greenway
.
So, with the instructions “Sample password, no caps: local-park-name-dirty-mud-path” I extracted the file and put in the password cedar-rose-park-ohlone-greenway and BOOM!
Nice little CTF and like these easy ones for getting back in the swing of things.
Regards
Alex
Hello, I follow you from Argentina, I am a student of cybersecurity and planning to do CTF in the not too distant future. This combination of professional skills with games I really love, thanks for bringing this content. Keep it up