Posted on by and filed under CSAW 2013.

Being a common word, Google is not going to help us much. On the Official ISIS CSAW IRC channel, we find that there is an OP user snOwDIN. If we run /WHOIS on the user, we get a clue.

[isis] |-INFO > snOwDIN [[email protected]]
[isis] |-INFO > ircname : linkedin:chinesespies
[isis] |-INFO > channels : @#csaw
[isis] |-INFO > server : isis.poly.edu [ISIS IRC Server]
[isis] |-INFO > : is using a Secure Connection
[isis] |-INFO > idle : 0 days 4 hours 15 mins 25 secs [signon: Fri Sep 20 21:26:19 2013]
[isis] |-INFO > End of WHOIS
“ircname” clue tells us that we may find more results on LinkedIn. Searching within LinkedIn does not return any results and also requires a User for most functions. The name format is http://www.linkedin.com/in/[NAME] so we try http://www.linkedin.com/in/chinesespies. We found the key!

ODIN

key{cookies_are_for_csaw]