Day five
Day five broke me.
I’m sorry to admit it, but I spent a long time on this day. In yesterday’s post I mentioned that I had a horrible headache. On day five it got even worse and I fell off the wagon a bit. I failed in my goal to write a daily blog post, but I’ll make up for it! I’ll still be completing every day before the 25th rolls around. Just excuse the 9 day break.
Question one
In France, some municipal decrees (« arrêté » in French) are rather unusual, such as those forbidding the character encountered on 3 December from disrupting Santa’s work.
In December 2024, such decrees can be found on the WordPress sites of two communes.
What are the surnames of these two mayors?
There is a hint for this question. I’m not too sure when it was added but it steers us in the right direction:
Look up information about « Google Dorks » and the URLs used by WordPress.
Google Dorks are specific keywords and techniques you can use with Google to find specific information. Searching google for filetype:pdf site:TargetCompany.com could give you a lot of interesting information if you’re doing some OSINT against a target. There’s no need to get into the details of how search engines crawl sites, we just need to know what a Google Dork is and how to use them.
The second part of the hint, ’… and the URLs used by WordPress.’ gives us a big hint in what we need to include in our Google Dork. We can use the inurl query to specify a common WordPress directory like wp-content. This ensures that whatever else we add to the search query will always return something that matches the second part of the hint.
In the OSINT4Fun Discord I saw someone mention that specifing a custom time to the query to November - December of 2024 would also be helpful. This is another tool that you can use to narrow down search results.
The next steps is very open and thus takes a long, long time.
I’ll skip over the hair-pulling hours (and days) that took place after this. As I mentioned above, the only thing we absolutely need to include in the query is inurl:wp-content. We’re given a bit of a hint in that a municipal decree is called a arrêté. We can include arrêté and/or arrete to our query, without any quotes in case anything crops up.
A lot of the results will be .pdf documents which unfortunately have no OCR (Optical character recognition), so filtering for words like “Maire” (Mayor) won’t really help us.
To find one of the answers I used this query: inurl:wp-content pere noel arrete 2024.
inurl:wp-content- As mentioned above this is the only thing we know is needed.pere- This is the French word for Father. Any documents I found that had OCR did containperesomewhere. Some of the URLs too!noel- Christmassy themes innit. Although we’re filtering for documents uploaded around Christmas, this still helps a bit.arrete- As also mentioned above, this filters out most of the non-municipal decree uploads.2024- Similar to theinurlquery, the year of upload is often included in the WordPress URLs.
You’ll notice that I didn’t include ‘grinch’ here. This took me a few hours to get right. I wound up removing keywords back and forth, analyzing almost all of the links, then mixing and matching more keywords. The document we’re looking for that eventually shows up with the full query (this one!) doesn’t have Grinch in the URL. It is in the document, but there’s no OCR so it isn’t picked up by Google.
Looking at the above link we can see the name of the Mayor right at the bottom. There’s our first answer.
I don’t have the time to write my full process for finding this query, but after hours of reading French municipal decrees (My French isn’t too bad, but more on that at the end) I settled on this query: inurl:wp-content pere noel arrete commune maire grinch.
This query actually shows us the first answer too, but the first link (At least for me) is the second, and final answer to today’s question.
With the two mayors finally found we’ve completed the challenge. Yay!
Conclusion
Above is an extremely condensed write-up of the days I spent trying to find this answer. As a result I failed in my goal of publishing a blog-post every day. It’s a shame, but I know for next year.
Another valuable thing I learned is that OSINT4Fun is skewed more towards a French speaking audience. Today’s challenge might have been easier if I spoke French fluently. I had a decent grasp of the French language when I was younger, but that’s all but faded now. Plus, I didn’t really talk about municipalities and legal documents.
That’s it for today. I’ll be making up for my lost time as soon as possible!