Hack the Box: We Have a Leak

Challenge Lab: OSINT

Difficulty: Medium

“Super Secure Startup’s private information is being leaked; can you find out how?”

Zip Password: hackthebox

sha256: 40f3ad64d83c3e18052888a6a64653c947683480d2caf225419d207a050f242f

Begin by downloading the file and using the password provided to extract everything.

Inside, you will find a couple more .zip files nested within each other, eventually hitting a roadblock when “username.zip” needs a password. I organized them all in a row on my desktop because it was easier to work with:

For this I first tried fcrackzip. It should be included with Kali, but if you need it:

apt-get update

apt-get install fcrackzip

I’m also going to use the rockyou.txt word-list, which can be found HERE if you don’t have it (auto-download).

fcrackzip -uDp <path to wordlist> <path to file>

However, it eventually turned up no results, so I am guessing the password was not in that wordlist. I reran the command using the bruteforce option, but did not have hope of that working anytime soon.

While that was running, I was looking up Super Secure Startup online, and found some things on Twitter:

I will check out this one first:

I found this post down at the bottom:

I think I recognize Alia from another challenge I did? Yeah, she is also involved in the “Infiltration” OSINT challenge on HTB (both by greenwolf). So this seems like a good lead.

We have an email with a domain name. However, supersecurestartup.com just pulls up a sketch looking site that I don’t think is part of the challenge.

Looking into Johanna, she does seems to post a lot of info about the company:

I downloaded these and tried stegsolve, which did not bring up much. I also tried strings on them both.

After this, I was thinking that the folder I need to unlock is called “username”. We have Johanna posting her company email name as j.boyce. I tried variations of all the employees I found:







Did not get anywhere with that, until I saw this tweet:

j.terranwald worked!

Annnnd now we have another .zip file to unlock.

Tried fcrackzip on it JUST to be sure…and it failed again…

So, let’s have a look at Josh Terranwald, “Web Developer, Father, Full of front of stack passion.”

He seems to like Eminem:

Cute dogs:

And the Avengers:

I thought it was interesting he posted an Eminem song named “Venom”, and that there is also a character named Venom in the Marvel Universe:

So I tried quite a few variations of that, but got nowhere.

He also seemed to be following a lot of football teams:

I tried many variations of these, which did not work, and wasted a lot of my time.

I’m moving on from Josh and looking a bit more closely at Bianka:

Eventually I focused on this:

I skipped by this originally because it just looked like a stock photo, but upon closer inspection you will see this:

SSH default password?


This did not work. So then I’m thinking, Josh got hired in Spring of 2019, right?

Let’s try:


Yep, it’s big brain time.

Your flag will be in the password folder, in a document called flag.txt:

Happy Hacking! ❤




CTF Writeups to facilitate cyber education.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

SQL Joins: A Brief Example

True Elasticity of Oracle Autonomous Database

The art of deprecation

Choose Python Language for Bright Future — Hiring | Toogit

How To Manage Aragon On Ledger With MEW

Generic type in Swift

Using Azure AD B2C to Authenticate Web App Users

This photo shows a door with very heavy chains and a padlock. The door is intended to represent a protected web application that the user needs to log into before being able to use it.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


CTF Writeups to facilitate cyber education.

More from Medium

Relevant — THM Walkthrough

MAL: Malware Introductory — TryHackMe CTF

OhSINT — TryHackMe Walkthrough

WindowsXP default wallpaper

HackTheBox: Pandora Write-up