Challenge Lab: OSINT

Difficulty: Easy

“You managed to pull some interesting files off one of Super Secure Startup’s anonymous FTP servers. Via some OSINT work(a torrent or online Password breach site) you have also procured a recent data breach dump. Can you unlock the file and retrieve the key?”

Zip Password: hackthebox

sha256:f08a8d0f64177b09518575ed02b510bfa423e69369f50d5ee07285a610bf3269

Start off by downloading the included zip file and opening it with the provided password.

There is a help wanted ad, a password protected document called “Key”, and the public data breach.

I just did another OSINT challenge focused on this company, so I was familiar with the Twitter pages, having combed them all for hours yesterday evening.

What I’m going to do now is just search through the data breach to see if I can get any of the employee login credentials.

If you use Ctrl F you can search through it easily.

Bianka was the only one I can find, but that should be enough. We now have her email, IP address, and a password.

Unfortunately, this password did not work for the locked file. BUT, since I had just completed the other challenge, which had a very similar password situation, I decided to check around the file some more:

It says it was modified in March 2019, so we could assume she changes her password every month and try Love!March2019?

Just an FYI here though, this information did not pop up on my Windows OS. It had modified/accessed dates as today’s date because there were issues with extracting. I had to use my Kali OS to see the correct ones.

Yes! The password worked! Now we have a document that says this:

I recognized this as Base64 and used an online tool to convert it:

I think if I hadn’t struggled with the earlier challenge this would have taken me a lot more time and I may have classified it as medium, especially if I had not changed my OS and saw the difference in file properties.

Happy Hacking! ❤

CTF Writeups to facilitate cyber education.