Tiberian Order | The Spy who Vanished – Write-Up
The Spy who vanished is a CTF created by the Tiberian Order. You can find it here: https://tiberianorder.com/contracts/the-spy-who-vanished/
Briefing
Greetings, Special Agent K. We have received information regarding the long lost spy from MI5, Deloris Frozenwood. She went missing in action a few years ago, never to be seen again. From what we understand, she went on to provide services to whoever the highest bidder might be.
Before she went rogue, Deloris was a revered operative within MI5. Taking on some of the most dangerous assignments and quickly working her way through the ranks. Discontent with management, she took matters into her own hands. Often skirting the lines between rule of law and criminal behavior. She was eventually terminated from MI5.
What happened after her career at MI5 remains shrouded in mystery. She showed up on the radar several times, but only for very brief moments. Having become a target of the organization she once worked for, she’s even gotten arrogant. Often making deliberate appearances for a brief moment, before vanishing to the shadows once again.
Our colleagues at MI5 have asked us to obtain any information on Deloris Frozenwood we can find. They’re particularly interested in social media profiles. For reference, Deloris often appears as “Deloris Frozenwood”, or as “D Frozenwood”.
If you find Deloris, her presence will lead you to the password to unlock your linkfile, containing the link to your contract card for this contract.
As always. Special Agent K, the contract is yours, if you choose to accept.
Overview
So from the text, I understand that we need to search social media networks and fortunately, there are also clues, the preferred usernames:
- Deloris Frozenwood
- D Frozenwood
Time to start searching
Searching
To make decoding more efficient, I will focus only on the first block. The CyberChef will be used as usual:
Because there are numerous social networks and I don't feel like checking each one by hand, the right tool comes into play: https://whatsmyname.app/
In the first attempt, I try the full name "DelorisFrozenwood", but as you can see there are no hits here
Too bad, but I have a second possible username, so let's try "DFrozenwood".
Gotcha! An old tweet from the target. Let's make have a look:
First, we click on the link
Next, we hover over the 31st of August and click the time to reveal the tweet
This one looks cryptic, could it already be the password for the file or do further steps have to follow?
here is the direct link to the archived tweet
Solving the puzzle
Like most, I'm lazily efficient, so for now I'll try the content of the tweet as a password
gnf435ynFJEFN#&$*F*D(*FSJ$Fkdfshh5f
Click, it's open. That was easier than I thought :)
In the file is now the link to the well-deserved contract card:
Conclusion
Again, a small challenge, but it has been shown that with the help of the right tools, such a challenge can also be mastered. I'm already looking forward to the next challenge.
If you are looking for more CTF games yourself, check out Tiberian Order and try out the harder Contracts.