We have a leak - OSINT Challenge

1234568

Comments

  • New to these challenges and currently stuck on password.zip Unable to open it. Getting prompted for pw (on OSX and was ending up with corrupted zips but using iZip seems to have helped) would love to share what I have and get some pointers or a tip. I am focused on Twitter as well. Thanks in advance

  • Type your comment> @GenesisWaffle said:

    New to these challenges and currently stuck on password.zip Unable to open it. Getting prompted for pw (on OSX and was ending up with corrupted zips but using iZip seems to have helped) would love to share what I have and get some pointers or a tip. I am focused on Twitter as well. Thanks in advance

    I have the corp twitter and 2 employees and still stuck at password.zip. Was looking on discord as well for some chatops but don't see a challenge channel. tips and help appreciated.

  • Type your comment> @GenesisWaffle said:

    Type your comment> @GenesisWaffle said:

    New to these challenges and currently stuck on password.zip Unable to open it. Getting prompted for pw (on OSX and was ending up with corrupted zips but using iZip seems to have helped) would love to share what I have and get some pointers or a tip. I am focused on Twitter as well. Thanks in advance

    I have the corp twitter and 2 employees and still stuck at password.zip. Was looking on discord as well for some chatops but don't see a challenge channel. tips and help appreciated.

    Same problem..

  • found default ssh pass, but stuck on username.zip.
    A little nudge through pm will be appreciated :blush:

    shaswata56
    ** Life is simple, we make it complex just out of curiosity **

  • i stuck on password.zip, but i think i got the the default ssh but it doesn't work.
    i need a little nudge ^^pm me please

  • edited May 5

    Im stuck on the password.zip i have run it through a custom wordlist using the default PW as template and still no hits ive done this 5 times dif list no joy on all please help. also running the dates from 2 years back to 2 years forward and using all seasons and months still nothing.

    EDIT: got it, issue with john not list. DM for help you need it

  • edited May 7

    Can someone give me a tip? I've checked twitter and found an email and some other interesting stuff , but after this i'm completely stuck at username.zip.

    EDIT: I also found the default SSH, but have no idea what to do after this.
    EDIT: SOLVED

  • I too seem to be stuck on finding the passwords to the zip-files Username and Password. I've been looking at their Twitter for quite a bit now, but to no avail...

  • Type your comment> @RobertMalengre said:

    I too seem to be stuck on finding the passwords to the zip-files Username and Password. I've been looking at their Twitter for quite a bit now, but to no avail...

    Make sure you look at every detail on the twitter page

  • edited May 8

    I've found all the twitter accounts and possibly the ssh password but im unable to get pass username.zip. Tried the names of all employees, but it didn't work. I have read about an email address but cant find any on the twitter pages.

    Edit: Got the flag. Solving the Breach OSINT challenge first helped a lot.

  • edited June 8

    On the struggle bus. Got through Breach, but can't seem to figure out the pattern for password.zip. Need a nudge. I have all the info, I've gone over all of the twitter details more times than I can count, just can't seem to piece it together. Thanks in advance!

    Edit: Solved! Thanks @Dethread for the nudge.

    Nudge from me: If you are receiving an error unzipping, use a different tool. Once you get to the password.zip file, trust your instincts. The solution may be right in front of you (as others have said). Pay attention to all of the details. I had all the info but was thinking WAY too hard. K.I.S.S.

  • Stuck on username.zip. I've found the company's Twitter page, as well as the account of 4 relevant people, including the one tweeting the default SSH password template for new hires. Still I can't find a way to open the .zip. Any help would be highly appreciated!

  • Ive got to the password at the end, but the password i've entered in all arrangements have not worked. I see alot of people with the same question, what am i getting wrong, tbh i didnt need any password to get to this point, got past user, mockssh etc. need a nudge plz as i know the answer, but its just not working.

  • Finally managed to crack this. There are some nice rabbit holes in this challenge due to the way zip archiving works. If I see another CRC error this week I'll panic :tongue:

    A quick hint to save some pain for anyone who went down the same rabbit hole I did:
    If the file unpacks but is broken, you might be running afoul of your program not distinguishing between a bad credential and a corrupt archive. It's probably not a problem with the archive. If the password is bad, it may not necessarily mean you're on the wrong track though...

  • I am stuck with the crc / finding the right program / password for user.....

  • HI guys,
    I'm stuck. I cant find the password to us****.zip. I found a def ssh pwd and tried various modifications regarding date but without success. And I can't find an email that everybody talks about.
    Please need help

  • edited June 26

    Got the username.zip. Stuck on the password. Also found the default SSH password. But still stuck on cracking password.zip. Anyone wants to point in the right direction?

    Edit: Got it..can't believe I missed that after having all the details

  • edited June 26

    Can I get a hint for this? Got the user but stuck on the password.zip password for a good few hours.

    EDIT: Got it, I can't believe I missed that

  • edited July 25

    hey, i'm newbie here i understand all the info but i am lost at all don't know how to use it. can somebody help me? plz pm me

  • Completed breach, tried using cewl on the employee twitter pages to unzip password.zip....trying to find patterns regarding posted images but at a loss. Could definitely use a nudge.

  • edited July 26

    @azeroth provided awesome nudge. Available on discord to pay it forward if anyone needs assist. At first liked challenge, then hated it and in hindsight like it again...once you solve it you understand realism of it...

  • stuck at password.zip to.
    manually brute many version of password.
    please - give me some hint, where you take default ssh pass???

  • edited August 2

    I also need a hint, found the two twitter accounts & the company one, then found user password but currently stuck at password.zip password, tried cracking it through John but no success. I also did Breach before starting this one and built different wordlists from the other challenge

  • got stuck on password.zip please help me out

  • really good challenge :smile: Was very interessting. PM me, if you need a hint

    Hack The Box

    Hello friend. Hello friend? I am always happy to help you, but also expect clear information about what you have achieved so far. Together we will raise the flag!
    Remember: Giving respect is a matter of honor

  • Hey! I try open zip with password d*****. But I have Error unpacking. I dont understand next step :(

  • Can someone help me with the hint? I have been trying for long time, but still cannot even get the password for username.zip. I also go through twitter and 2 other members: HR, and Web Dev. Any hint please?

  • Finally get it to work, and thanks to @AviusX and @tXxc for the hints. Please let me know if anyone needs help. I can feel how u feel when you cannot get the flag.

  • Hi All

    I don"t know if a got the right pass for username.zip

    I got a password.zip file and a CRC error, I try other Zip file tools...
    Anybody for a little hint please :wink:

  • Type your comment> @hammeh said:

    I'm stuck on username.zip... I found the twitter pages of the company and 4 links to it. Got the mail address and default ssh pw. Can someone give me a nudge?

    Same problem, hoping to get some help here ! Thanks in advance

Sign In to comment.