We have a leak - OSINT Challenge

here it begins

Post enumeration, I’m left with an email address having a domain that doesn’t exist.
What am I doing wrong?

Is Bi…ka post about their product a rabbit hole? Anyway @greenwolf have nice sense of humor (Im talking about senior skilz, junior $).

Hello everybody. I found the password of the zip file but when I try to decompress it tells me that it is incorrect. Any suggestions?

a really interesting challenge, so far… I also ended up with a domain name and a password protected zip file, but can’t find much else… Should I follow connections with Infiltration challenge?

@dnperfors said:
a really interesting challenge, so far… I also ended up with a domain name and a password protected zip file, but can’t find much else… Should I follow connections with Infiltration challenge?

I’m such a fool. The file is there for download the whole time yet I didn’t see it. :smiley:

I’ve found Default SSH PW, but I still missing the zip password.

Type your comment> @deleite said:

I’ve found Default SSH PW, but I still missing the zip password.

Same this side. Also found partial flag on a post perhaps. But other than this im stuck.

Also not sure how to unzip the folder with the default ssh key, tried various combinations but none worked :frowning:

Spoiler Removed

yeah everything i found so far has come from twitter

I started with the download, but when I was stuck on the password I went to twitter

I also found the default SSH PW, but can’t make it work with the .zip. Am I doing something wrong with the formatting of the PW, or am I missing something?

Eventually pwned this challenge… I must say it is real world but a bit misleading with decrypting the ZIP files for alot of people.

Got the flag, Thanks @r0tt3d .The zip is another challenge itself

@elearning You mean the zip isn’t needed for the flag?

Type your comment> @rheaalleen said:

@elearning You mean the zip isn’t needed for the flag?

It is needed. All the info needed are on twitter :slight_smile: (This should save you alot of time)

@rheaalleen no I mean after you get all the info from social media sites, you have to figure out how to use that knowledge on the zip file, and its not that easy.

Guess I´ll try in the morning, found everything on Twitter but VM was powered down already

I am almost there… I think I still need 1 password, which should also be hidden in plain sight, but I don’t see it yet…