Oct 24, 2020
“Super Secure Startup’s private information is being leaked; can you find out how?”
Zip Password: hackthebox
sha256: 40f3ad64d83c3e18052888a6a64653c947683480d2caf225419d207a050f242f
Begin by downloading the file and using the password provided to extract everything.
Inside, you will find a couple more .zip files nested within each other, eventually hitting a roadblock when “username.zip” needs a password. I organized them all in a row on my desktop because it was easier to work with:
For this I first tried fcrackzip. It should be included with Kali, but if you need it:
apt-get update
apt-get install fcrackzip
I’m also going to use the rockyou.txt word-list, which can be found HERE if you don’t have it (auto-download).
fcrackzip -uDp <path to wordlist> <path to file>
However, it eventually turned up no results, so I am guessing the password was not in that wordlist. I reran the command using the bruteforce option, but did not have hope of that working anytime soon.
While that was running, I was looking up Super Secure Startup online, and found some things on Twitter:
I will check out this one first:
I found this post down at the bottom:
I think I recognize Alia from another challenge I did? Yeah, she is also involved in the “Infiltration” OSINT challenge on HTB (both by greenwolf). So this seems like a good lead.
We have an email with a domain name. However, supersecurestartup.com just pulls up a sketch looking site that I don’t think is part of the challenge.
Looking into Johanna, she does seems to post a lot of info about the company:
I downloaded these and tried stegsolve, which did not bring up much. I also tried strings on them both.
After this, I was thinking that the folder I need to unlock is called “username”. We have Johanna posting her company email name as j.boyce. I tried variations of all the employees I found:
j.boyce
jboyce
a.mccarty
amccarty
bphelps
b.phelps
Did not get anywhere with that, until I saw this tweet:
j.terranwald worked!
Annnnd now we have another .zip file to unlock.
Tried fcrackzip on it JUST to be sure…and it failed again…
So, let’s have a look at Josh Terranwald, “Web Developer, Father, Full of front of stack passion.”
He seems to like Eminem:
Cute dogs:
And the Avengers:
I thought it was interesting he posted an Eminem song named “Venom”, and that there is also a character named Venom in the Marvel Universe:
So I tried quite a few variations of that, but got nowhere.
He also seemed to be following a lot of football teams:
I tried many variations of these, which did not work, and wasted a lot of my time.
I’m moving on from Josh and looking a bit more closely at Bianka:
Eventually I focused on this:
I skipped by this originally because it just looked like a stock photo, but upon closer inspection you will see this:
SSH default password?
SupSecStart#Winter2018!
This did not work. So then I’m thinking, Josh got hired in Spring of 2019, right?
Let’s try:
SupSecStart#Spring2019!
Yep, it’s big brain time.
Your flag will be in the password folder, in a document called flag.txt:
Happy Hacking! ❤
