[OSINT] Breach

2»

Comments

  • OMG... I am new to htb. I tried all the passwords, email IDs, firstname, lastname to unlock the key.docs but no luck. Anyone can give a hint please?

  • edited January 14

    I managed to get the key after unlocking the key.docx. Kind of lost, what to do next? any idea?

  • Type your comment> @nkhan95 said:

    I managed to get the key after unlocking the key.docx. Kind of lost, what to do next? any idea?

    Woooowwwww.... I manage to complete the challenge... I am loving HTB... Long live HTB :)

  • It would be better if those 6 IP addresses from the breach file were reserved instead of pointing to innocent victims of this game. Someone will attempt to breach a real system thinking it is a part of the challenge.

    joeblogg801

  • Type your comment> @cknu said:

    I'm starting this challenge now, but i'm having problems with the password for the orginal zip file. The one in the site is not working. Checksum is ok.
    Is this the password i need to find first? Or is for another file inside the zip?

    Anyone?

  • Type your comment> @cknu said:

    Type your comment> @cknu said:

    I'm starting this challenge now, but i'm having problems with the password for the orginal zip file. The one in the site is not working. Checksum is ok.
    Is this the password i need to find first? Or is for another file inside the zip?

    Anyone?

    Works for me.

  • can anyone give me a nudge through PM?

  • I'm also having trouble figuring this one out.... Have narrowed it down but think I am focusing too much on the half dozen entries.
    I would really appreciate some help.

  • Type your comment> @sl0wl0ris said:

    I'm also having trouble figuring this one out.... Have narrowed it down but think I am focusing too much on the half dozen entries.
    I would really appreciate some help.

    Never mind...

  • Hi guys, I've been able to get the content of the key.docx file. Any hint on the next step?
    tnx!

  • Type your comment> @fr4c1d0 said:

    Hi guys, I've been able to get the content of the key.docx file. Any hint on the next step?
    tnx!

    never mind

  • edited January 18

    In case someone else didn't take the previous guy's warning seriously... try your passwords with Microsoft Word. I wasted a good few hours trying with Calligra which just denies access, even with the correct password. A sanity check with office2john saved me eventually... If anyone needs any help, PM me :)

  • Stuck on Key.docx file. Can anyone give me an Nudge?

    Vishvender

  • @50m30n3 Thanks for the help!! If anyone need ping me!!

    Vishvender

  • Dont overthink anything, did it without twitter, all the info that you need is in the files.

  • Solved :) thanks @Dethread for the help

  • Solved. PM me if you need help.
    My suggestion:
    look at doing "We Have A Leak" first, or narrow down your scope.

    Hack The Box

  • "We have a leak" surely helped a lot.

    Not sure if this can be classified as OSINT, can be easily done without web.
    It was like a "misdirection" on me.

    Hack The Box

  • @davihack it follows OSINT procedures to some degree

    Hack The Box

  • Do not bruteforce, examine closely everything you are given :)

    godylocks

    If you like my advice, please give me some respect! Thanks!
    Message me on discord for a faster response: godylocks#5721

  • Office2john gets me a hash which I can get a pass from the breach file but it does not work...I can't find any other info in the files anybody got a hint?

  • Type your comment> @WarrenVos said:

    Office2john gets me a hash which I can get a pass from the breach file but it does not work...I can't find any other info in the files anybody got a hint?

    You don't need any tools to complete the challenge.

    Hellburpp

  • Type your comment> @Hellburpp said:

    Type your comment> @WarrenVos said:

    Office2john gets me a hash which I can get a pass from the breach file but it does not work...I can't find any other info in the files anybody got a hint?

    You don't need any tools to complete the challenge.

    I've searched through all the files, xml etc but can't seem to see/find anything....I can only find 1 name but nothing else

  • Type your comment> @WarrenVos said:

    Type your comment> @Hellburpp said:

    Type your comment> @WarrenVos said:

    Office2john gets me a hash which I can get a pass from the breach file but it does not work...I can't find any other info in the files anybody got a hint?

    You don't need any tools to complete the challenge.

    I've searched through all the files, xml etc but can't seem to see/find anything....I can only find 1 name but nothing else

    did you also try to search their company name and the name that you found on the internet?

    Hellburpp

  • Type your comment> @Hellburpp said:

    Type your comment> @WarrenVos said:

    Type your comment> @Hellburpp said:

    Type your comment> @WarrenVos said:

    Office2john gets me a hash which I can get a pass from the breach file but it does not work...I can't find any other info in the files anybody got a hint?

    You don't need any tools to complete the challenge.

    I've searched through all the files, xml etc but can't seem to see/find anything....I can only find 1 name but nothing else

    did you also try to search their company name and the name that you found on the internet?

    I did...tried the 6 passwords from the file but nothing...tried all words I could find for the person on twitter and nothing.....not sure what I'm missing :-(

  • Type your comment> @WarrenVos said:

    Type your comment> @Hellburpp said:

    Type your comment> @WarrenVos said:

    Type your comment> @Hellburpp said:

    Type your comment> @WarrenVos said:

    Office2john gets me a hash which I can get a pass from the breach file but it does not work...I can't find any other info in the files anybody got a hint?

    You don't need any tools to complete the challenge.

    I've searched through all the files, xml etc but can't seem to see/find anything....I can only find 1 name but nothing else

    did you also try to search their company name and the name that you found on the internet?

    I did...tried the 6 passwords from the file but nothing...tried all words I could find for the person on twitter and nothing.....not sure what I'm missing :-(

    I'll DM

    Hellburpp

  • What do you do after you unlock the key.docx? I have the SSH key for root, but not sure what else to do?

Sign In to comment.