Hack the Box: We Have a Leak

Challenge Lab: OSINT

Difficulty: Medium

“Super Secure Startup’s private information is being leaked; can you find out how?”

Zip Password: hackthebox

sha256: 40f3ad64d83c3e18052888a6a64653c947683480d2caf225419d207a050f242f

Begin by downloading the file and using the password provided to extract everything.

Inside, you will find a couple more .zip files nested within each other, eventually hitting a roadblock when “username.zip” needs a password. I organized them all in a row on my desktop because it was easier to work with:

For this I first tried fcrackzip. It should be included with Kali, but if you need it:

apt-get update

apt-get install fcrackzip

I’m also going to use the rockyou.txt word-list, which can be found HERE if you don’t have it (auto-download).

fcrackzip -uDp <path to wordlist> <path to file>

However, it eventually turned up no results, so I am guessing the password was not in that wordlist. I reran the command using the bruteforce option, but did not have hope of that working anytime soon.

While that was running, I was looking up Super Secure Startup online, and found some things on Twitter:

I will check out this one first:

I found this post down at the bottom:

I think I recognize Alia from another challenge I did? Yeah, she is also involved in the “Infiltration” OSINT challenge on HTB (both by greenwolf). So this seems like a good lead.

We have an email with a domain name. However, supersecurestartup.com just pulls up a sketch looking site that I don’t think is part of the challenge.

Looking into Johanna, she does seems to post a lot of info about the company:

I downloaded these and tried stegsolve, which did not bring up much. I also tried strings on them both.

After this, I was thinking that the folder I need to unlock is called “username”. We have Johanna posting her company email name as j.boyce. I tried variations of all the employees I found:

j.boyce

jboyce

a.mccarty

amccarty

bphelps

b.phelps

Did not get anywhere with that, until I saw this tweet:

j.terranwald worked!

Annnnd now we have another .zip file to unlock.

Tried fcrackzip on it JUST to be sure…and it failed again…

So, let’s have a look at Josh Terranwald, “Web Developer, Father, Full of front of stack passion.”

He seems to like Eminem:

Cute dogs:

And the Avengers:

I thought it was interesting he posted an Eminem song named “Venom”, and that there is also a character named Venom in the Marvel Universe:

So I tried quite a few variations of that, but got nowhere.

He also seemed to be following a lot of football teams:

I tried many variations of these, which did not work, and wasted a lot of my time.

I’m moving on from Josh and looking a bit more closely at Bianka:

Eventually I focused on this:

I skipped by this originally because it just looked like a stock photo, but upon closer inspection you will see this:

SSH default password?

SupSecStart#Winter2018!

This did not work. So then I’m thinking, Josh got hired in Spring of 2019, right?

Let’s try:

SupSecStart#Spring2019!

Yep, it’s big brain time.

Your flag will be in the password folder, in a document called flag.txt:

Happy Hacking! ❤

--

--

--

CTF Writeups to facilitate cyber education.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

SQL Joins: A Brief Example

True Elasticity of Oracle Autonomous Database

The art of deprecation

Choose Python Language for Bright Future — Hiring | Toogit

How To Manage Aragon On Ledger With MEW

Generic type in Swift

Using Azure AD B2C to Authenticate Web App Users

This photo shows a door with very heavy chains and a padlock. The door is intended to represent a protected web application that the user needs to log into before being able to use it.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Samantha

Samantha

CTF Writeups to facilitate cyber education.

More from Medium

Relevant — THM Walkthrough

MAL: Malware Introductory — TryHackMe CTF

OhSINT — TryHackMe Walkthrough

WindowsXP default wallpaper

HackTheBox: Pandora Write-up