We have a leak - OSINT Challenge

here it begins

azeroth

Tagged:
«13

Comments

  • Post enumeration, I'm left with an email address having a domain that doesn't exist.
    What am I doing wrong?

  • Is Bi..ka post about their product a rabbit hole? Anyway @greenwolf have nice sense of humor (Im talking about senior skilz, junior $).

    elearning

  • Hello everybody. I found the password of the zip file but when I try to decompress it tells me that it is incorrect. Any suggestions?

    nemen91

  • edited September 14
    a really interesting challenge, so far... I also ended up with a domain name and a password protected zip file, but can't find much else... Should I follow connections with Infiltration challenge?
  • edited September 14

    @dnperfors said:
    a really interesting challenge, so far... I also ended up with a domain name and a password protected zip file, but can't find much else... Should I follow connections with Infiltration challenge?

    I'm such a fool. The file is there for download the whole time yet I didn't see it. :D

    limbernie
    Write-ups of retired machines

  • I've found Default SSH PW, but I still missing the zip password.

    Deleite

  • Type your comment> @deleite said:

    I've found Default SSH PW, but I still missing the zip password.

    Same this side. Also found partial flag on a post perhaps. But other than this im stuck.

  • Also not sure how to unzip the folder with the default ssh key, tried various combinations but none worked :(

  • Spoiler Removed

    limbernie
    Write-ups of retired machines

  • yeah everything i found so far has come from twitter

  • I started with the download, but when I was stuck on the password I went to twitter
  • I also found the default SSH PW, but can't make it work with the .zip. Am I doing something wrong with the formatting of the PW, or am I missing something?

  • Eventually pwned this challenge... I must say it is real world but a bit misleading with decrypting the ZIP files for alot of people.

  • Got the flag, Thanks @r0tt3d .The zip is another challenge itself

    elearning

  • @elearning You mean the zip isn't needed for the flag?

  • Type your comment> @rheaalleen said:

    @elearning You mean the zip isn't needed for the flag?

    It is needed. All the info needed are on twitter :) (This should save you alot of time)

  • edited September 14
    @rheaalleen no I mean after you get all the info from social media sites, you have to figure out how to use that knowledge on the zip file, and its not that easy.

    elearning

  • edited September 15

    Guess I´ll try in the morning, found everything on Twitter but VM was powered down already

  • I am almost there... I think I still need 1 password, which should also be hidden in plain sight, but I don't see it yet...
  • if the challenge had more relevant description it would be perfect.
    but in any case it is very interesting challenge, so play it if you have a lot of free time and love to dicover new things ;)

    tabacci

  • Completed! Thanks for the challenge!

    While these are fun at times, I think one huge problem about these is scope creep - the way these are set up, it starts blurring between what's in scope for the challenge vs reality. IIRC one of the previous challenges linked to a legit website, not owned by the challenge creator.

    reconvillage ctf did a good job of mixing in real sites for challenges. As an example of the types of problem sets, I'm linking our dearest keramas writeups from the latest reconvillage:
    https://k3ramas.blogspot.com/2018/08/recon-village-ctf-defcon-26.html

    just2c (prob worthless :D)

    fnitepresident

  • I have solved it now as well. It was really in front of me, I just needed a more structured way of trying different combinations.
    Anyway, my tip for this one. There is no need to go deeper into the link of the previous challenge.
  • Ping me if u need nudge

    azeroth

  • Very fun challenge. Thanks to @azeroth for the nudge.

    Hints:
    Everything is on twitter
    if your password is not working try to figure out why (I don't mean typos).

  • edited September 18

    i have no clue about password for the last zip files, please hint me


    got it ! thanks @azeroth about hints
    Don't think too much all information is all you got on twitter.

  • i feel i am close.but dunno how much, can someone pm me to tell if i am in the right way or if i am just wasting time

  • Took me some time and clever thinking for this one, message me if you need some help

  • edited September 19

    Thanks a lot @azeroth . Don't underestimate the smallest details. Thanks to @eelz too. So many good guys in HTB :blush:

  • edited September 20

    I have an email with domain and a ssh password. Now what should I do ?
    Nothing seems to work with the zip file :/

    Edit : owned. Pretty hard to give more hint without spoilers.

  • Type your comment> @Crafty said:

    I have an email with domain and a ssh password. Now what should I do ?
    Nothing seems to work with the zip file :/

    look at the folder stucture of the zip file and think how can you use information from email and def password.

    elearning

Sign In to comment.