back to home

written by: bob yang
category: cybersecurity

DownUnder CTF 2025 Write-ups

OSINT: Zer0C00l

You used to call me on my cellphone.

Provided Clues

  • We are provided with an audio clip of someone connecting to dial-up internet.
  • This phone number is from Sydney.
  • This happened in 1995.
  • We need to try harder.

Chasing the Goose

Now, we must remember,

this is NOT forensics. This is OSINT.

(do not try to read the dial-up sound effect that happened AFTER the initial DTMF sounds) Repeat that 3 times before continuing.

Okay. So, by using Google or any research tool, we know that to connect to the dial-up internet, or some sort of modem using dial-up internet, we must first dial the phone number of that modem.
This is done through DTMF (Dual-Tone Multi-Frequency), this is the audio that plays when you press a number key on phones even to this day.

Using Google, we can find an online DTMF reader.
https://upload.cc/i1/2025/11/21/WuO5jg.png

This way, we can find that the number they have dialed, is, at least, some parts of, is 3693244.

Now, if you live in Australia, you will quickly find that that is no longer the number format we use anymore. In Australia, the phone number now is (01) 23 456 789.

There are often 10 digits instead of 7. Even with the added area code prefix of Sydney, which is (02), that still leaves us with (02) 369 3244.

What’s going on here?

Ask a Boomer

Now, in 1995, landlines and modems can still just have 7 digits after the area code, so in 1995, that would have been a perfectly normal phone number that you can call.
So, now we just need to find out who owns this number.

We will need to look up this number on Google, maybe in a few different formats as they might have been listed in an irregular format, who knows what happened in 1995. I can’t imagine being a millennial!

Trying many different formats of the same thing is quite a common strategy, see from IrisCTF 2024 Write-ups - OSINT: Harsh Reality of Passwords.

In Australia, when you use the international calling code to call an Australian phone number, you generally always remove the 0 at the front.

Let’s try:

023693244 (02) 369 3244 (02) 3693 244
+61 23693244 +61 (2) 369 3244 +61 (2) 3693 244
+61 023693244 +61 (02) 369 3244 +61 (02) 3693 244
+61-02-369-3244   +61-02-3693-244
+61-2-369-3244   +61-2-3693-244

Indeed, +61-2-369-3244 leads us somewhere. All other phone numbers will result in absolutely nothing.
You may need to turn SafeSearch off.

We can find this list of BBS’s in 1995, incidentally, that phone number just so happens to be on there!
https://upload.cc/i1/2025/11/21/AHrVUo.png

Solution

This reveals the flag to be DUCTF{Hotline\_BBS}.

OSINT: yippee

You son of a beach.

Provided Clues

https://upload.cc/i1/2025/11/21/GKe2HU.png

Chasing the Goose

First, we want to analyse this picture.
https://upload.cc/i1/2025/11/21/fubDaO.png
Now, we must analyse the clues one by one.

This sign is a very generic tide warning sign in Australia, as evident when you try to image search this thing.
So, something important would be the steep hills in the background. That is a unique feature to this beach or image. Let’s image search just that portion.
https://upload.cc/i1/2025/11/21/dokzm2.png

This will yield these results:
https://upload.cc/i1/2025/11/21/xNunZg.png

Now, I am very curious as to what happened in the first image, and why they are all blurred out. Sydney people must be very… expressive.

But that’s not relevant.

Every other image has led us to the same location, Port Macquire, Nobby’s Beach and Flynn’s Beach.

Solution

We can either try all these three flags one by one, or we can use Google Maps Street View, to finally rest the location on Nobbys Beach, Port Macquire…?
https://upload.cc/i1/2025/11/21/qmYf3N.png

Weirdly enough, this was not the flag. Although we can see the hills and views are almost an exact match, the flag was Flynn’s Beach, being DUCTF{Flynns_Beach}.

This is probably to avoid a conflict between Nobby’s Beach, Port Macquarie and an identically named Nobby’s Beach, Newcastle.

OSINT: Look at all those chickens!

Where did you get that hoodie? And how do I get one?

Provided Clues

https://upload.cc/i1/2025/11/21/FpLIqC.png

Chasing the Goose

Use Google Image Search. Selecting the important portion of the image, that being the central island and the little bit of residential area on the right.
We can find this article talking about a Bin Chicken Island.
https://upload.cc/i1/2025/11/21/k3KUnf.png

Using Google Maps we can find this location in Coburg, Victoria.
https://upload.cc/i1/2025/11/21/jheFRA.png
The challenge mentioned the location we are looking for is…
“… can you find out the name of the place where these birds were locked up?”

Now, let’s find where those bin chickens were locked up. Searching for the keyword “prison” on Google Maps, and there it is! The Pentridge Prison.

Solution

https://upload.cc/i1/2025/11/21/ZW9Nbz.png
And thus, the flag is DUCTF{Pentridge_Prison}

Afterword

This was the first time I did DownUnder CTF. The OSINT challenges were interesting, I think the most unique one was Zer0C00l, as all other challenges were either a simple Google Image search away, or some derivation of that.
Some flags were quite misleading, as well as the hints. I am also not too confident in if spamming “try harder” gifs are exactly the least taunting way to say “no hints”.



back to home