![[+] – zer0space.html – [+]](http://zer0space.me/wp-content/uploads/2025/04/zzz.png)
What is Hacktoria?
I was recently introduced to a really cool website for OSINT, hacktoria.com. Hacktoria is a self-proclaimed story driven OSINT CTF. When you visit hacktoria.com, you will be taken to the page shown above. From here, you can choose the difficulty level for the CTF “contract” you’d like to do. You are playing as Special Agent K of SERPENT, an secret espionage/spy made up of people from several different countries, all working together to find smugglers, arms dealers, and (I’m sure) a ton more.
For this writeup, we will be starting with an easy contract. Once you click “Easy Contracts,” you will be taken to a page with instructions on how to play, a key indicating different skills used in each mission, and a list of easy contracts from which to choose. In the list of contracts, you will see a relevant image, a title, a description, and icons that indicate which specific skills from the key above will be used for that contract. We will be starting with the very first contract, “Cold War Enemies.” To get started, just click ‘Download the Materials’, unzip the file, and you’re ready to begin!
Cold War Enemies – Walkthrough
Once you unzip the file you just downloaded, you will see a narrative PDF for this contract, a writeup file with the full solution in case you get stuck, a few images, and a password protected zip file labeled ‘flag’. The goal is to use your analytical skills to figure out the password for the zip file, inside of which is a badge you can post for bragging rights. To get started, open up the ‘Cold War Enemies.pdf’ file.
This is the narrative behind the contract. You can read all of this if you like, but the file is 48 pages long, so here’s the gist. If you want to skip all of this, the actual instructions are on page 47.
Your target is a Russian politician and smuggler, Maksim Kotova. Just months after his smuggling operation was dismantled by SERPENT, the international espionage/spy group of which you, Special Agent K, are a member, Kotova escaped from a prison in Panama under suspicious circumstances. After 18 months of radio silence, you and the SERPENT team find matches for Kotova using facial recognition software. Led by the former MI6 agent Julia Sharpe, SERPENT consists of a Bulgarian hacker called Dmitri Zechev, historian and cultural expert Isabella Moreno, psychologist/interrogation specialist Mei Huang, former MI6 operative James Brown, French diplomatic expert Cassandra Laurent, and you – Special Agent K.
Skipping to page 47, we find the briefing for this contract and, on page 48, is the instructions to find the password. You are given the satellite image for an air base. Your goal is to find the name and location of the air base. Once you have found the base, you will need to find the country, governate, and district. The “Flag Format” section gives you instructions on how you should format the information to obtain the password for the flag file. If you open the image, you will see the following satellite image.
Lets start with a reverse image search. Head over to google images or tineye or the reverse image search of your choice. I used Google, which got me the solution pretty quickly.
Looking at our results, we get the name of an air base right away, the Khmeimim Air Base. If we compare this image to the image in the cold-war-enemies-target.jpg file, it looks like this is our base. Click on the Wikipedia page for the Khmeimim Air Base to get some more information.
Looks like we got everything we needed right away. Lets plug that information into our flag password format. As a reminder, the format for the flag is: country-governate-district-airbasename-air-base.
We already discovered the name of the air base, so we can substitute ‘airbasename’ with ‘khmeimim’. Though it is currently operated by Russia, we can see the base is located in the town of Jableh in the Latakia governate of Syria. For my US audience, a governate is an administrative subdivision, or an area or territory within a larger country that is controlled by a governor, hence the name governate. So now that we have all the information, lets plug it into the flag format and grab our badge!
This was a pretty quick and easy one, but it is the first easy contract and does a great job of introducing you to the format and general gameplay style of the contracts. I imagine they will get much, much more difficult. I had a lot of fun with this, so you will probably see a lot more of these types of write-ups. It can be difficult to find ways to practice OSINT skills without feeling creepy, and this is a great way to get around that. You get to use actual OSINT skills and tools with a clearly defined objective for targets that won’t file a restraining order or make your roommate a little more scared of you.
Hacktoria has a discord channel, which can be found at https://discord.hacktoria.com. I haven’t done it yet, but apparently you can post the badge in the #card-brag channel of their discord for some fun rewards.
Parting is such sweet sorrow. Anyways, happy hacking and stay safe!
– Z
