Hack the Box: We Have a Leak
Challenge Lab: OSINT
“Super Secure Startup’s private information is being leaked; can you find out how?”
Zip Password: hackthebox
Begin by downloading the file and using the password provided to extract everything.
Inside, you will find a couple more .zip files nested within each other, eventually hitting a roadblock when “username.zip” needs a password. I organized them all in a row on my desktop because it was easier to work with:
For this I first tried fcrackzip. It should be included with Kali, but if you need it:
apt-get install fcrackzip
I’m also going to use the rockyou.txt word-list, which can be found HERE if you don’t have it (auto-download).
fcrackzip -uDp <path to wordlist> <path to file>
However, it eventually turned up no results, so I am guessing the password was not in that wordlist. I reran the command using the bruteforce option, but did not have hope of that working anytime soon.
While that was running, I was looking up Super Secure Startup online, and found some things on Twitter:
I will check out this one first:
I found this post down at the bottom:
I think I recognize Alia from another challenge I did? Yeah, she is also involved in the “Infiltration” OSINT challenge on HTB (both by greenwolf). So this seems like a good lead.
We have an email with a domain name. However, supersecurestartup.com just pulls up a sketch looking site that I don’t think is part of the challenge.
Looking into Johanna, she does seems to post a lot of info about the company:
I downloaded these and tried stegsolve, which did not bring up much. I also tried strings on them both.
After this, I was thinking that the folder I need to unlock is called “username”. We have Johanna posting her company email name as j.boyce. I tried variations of all the employees I found:
Did not get anywhere with that, until I saw this tweet:
Annnnd now we have another .zip file to unlock.
Tried fcrackzip on it JUST to be sure…and it failed again…
So, let’s have a look at Josh Terranwald, “Web Developer, Father, Full of front of stack passion.”
He seems to like Eminem:
And the Avengers:
I thought it was interesting he posted an Eminem song named “Venom”, and that there is also a character named Venom in the Marvel Universe:
So I tried quite a few variations of that, but got nowhere.
He also seemed to be following a lot of football teams:
I tried many variations of these, which did not work, and wasted a lot of my time.
I’m moving on from Josh and looking a bit more closely at Bianka:
Eventually I focused on this:
I skipped by this originally because it just looked like a stock photo, but upon closer inspection you will see this:
SSH default password?
This did not work. So then I’m thinking, Josh got hired in Spring of 2019, right?
Yep, it’s big brain time.
Your flag will be in the password folder, in a document called flag.txt:
Happy Hacking! ❤