N0PSctf 2025 - Bibzy Clickbear
Description
Category: OSINT
1. A Kidnappanda (1/4)
Bibzy Clickbear is missing. Find out where the kidnappers are talking to each other.
Flag format : N0PS{https://example.com}
Challenge designed by OSINTOPIA
Unlock Hint for 0 points This gives me butterflies…
Unlock Hint for 0 points links can be gathered in only one place right?
In one of the CTF organizer’s Discord profile there is a linktr.ee which corresponds to the second hint.
On the linktr.ee page, we can see a butterfly icon which corresponds to the first hint:
The butterfly icon leads to sto4.bsky.social which indicates that we should search on the social media Bluesky.
By searching Bibzy Clickbear in Bluesky, we found one user who seems to be one of the kidnappers:
While searching for social media about mondeywebsnare, we found a Github repo webtopia:
We cloned the repo and found their email address: mondeywebsnare@gmail.com
1
2
3
4
5
6
git log
commit c24d0454fd3d1a77a7119b3b911510f4729ee35d (HEAD -> main, origin/main, origin/HEAD)
Author: mondeywebsnare <mondeywebsnare@gmail.com>
Date: Sat May 10 14:13:32 2025 +0200
Create index.html
We used holehe, an email OSINT tool to find any services related to this email address1:
1
2
3
4
holehe mondeywebsnare@gmail.com
...
[+] en.gravatar.com / FullName Mondey Websnare / https://gravatar.com/aehdqsendnedi
...
We found a Gravatar profile and it has a link to a news website covering the Topia regions:
Flag: N0PS{https://topianews.com}
2. What Three Names (2/4)
What are the names of the 3 spies? (in alphabetical order of the Topias they belong to)
Flag format : N0PS{spy1_spy2_spy3}
Example : if the 3 spies are Don Key from Cryptopia, Lady Bug from PwnTopia and Lord HTTP from WebTopia, the flag will be N0PS{key_bug_http}
Challenge designed by OSINTOPIA
Unlock Hint for 0 points deja vu
After reading all the posts we found nothing interesting.
However, https://topianews.com/images is accessible and we can view all the images directly:
After looking at all pictures, we see faces we haven’t seen before (hence the hint deja vu):
- https://topianews.com/images/boomer.png
- https://topianews.com/images/cryptie.png
- https://topianews.com/images/digitowl.png
Since each person’s profile page follows the format: https://topianews.com/NAME.html, we managed to see their profile even if they were never mentioned in the website.
Among those three users’ profile page, one catch our attention:
When we go to this page (m7o263b6fetopgjj5bombfnpxvapday6cj4jqmsi4cdxp3axb6arjtid.onion), we identified the three spies:
Flag: N0PS{keyflipper_hackpaw_websnare}
3. Where’s The Bear ? (3/4)
According to your information, where is the hostage being held?
Flag format : N0PS{location}
Example : N0PS{Nopstopia_Biggest_Tower}
Challenge designed by OSINTOPIA
View Hint LEETerature
On the same page just below, we see the hostage’s location:
Flag: N0PS{Pixel_Candy_Factory}
4. Whoooo’s whoooo (4/4)
What is the real identity of the leader?
Flag Format : N0PS{name_surname}
Challenge designed by OSINTOPIA
Again, just below the spies’ profiles on the same page, we find the leader’s profile:
Flag: N0PS{elias_nightshade}