We have a leak - OSINT Challenge

Is Bi…ka post about their product a rabbit hole? Anyway @greenwolf have nice sense of humor (Im talking about senior skilz, junior $).

Hello everybody. I found the password of the zip file but when I try to decompress it tells me that it is incorrect. Any suggestions?

a really interesting challenge, so far… I also ended up with a domain name and a password protected zip file, but can’t find much else… Should I follow connections with Infiltration challenge?

@dnperfors said:
a really interesting challenge, so far… I also ended up with a domain name and a password protected zip file, but can’t find much else… Should I follow connections with Infiltration challenge?

I’m such a fool. The file is there for download the whole time yet I didn’t see it. :smiley:

I’ve found Default SSH PW, but I still missing the zip password.

Type your comment> @deleite said:

I’ve found Default SSH PW, but I still missing the zip password.

Same this side. Also found partial flag on a post perhaps. But other than this im stuck.

Also not sure how to unzip the folder with the default ssh key, tried various combinations but none worked :frowning:

Spoiler Removed

yeah everything i found so far has come from twitter

I started with the download, but when I was stuck on the password I went to twitter

I also found the default SSH PW, but can’t make it work with the .zip. Am I doing something wrong with the formatting of the PW, or am I missing something?

Eventually pwned this challenge… I must say it is real world but a bit misleading with decrypting the ZIP files for alot of people.

Got the flag, Thanks @r0tt3d .The zip is another challenge itself

@elearning You mean the zip isn’t needed for the flag?

Type your comment> @rheaalleen said:

@elearning You mean the zip isn’t needed for the flag?

It is needed. All the info needed are on twitter :slight_smile: (This should save you alot of time)

@rheaalleen no I mean after you get all the info from social media sites, you have to figure out how to use that knowledge on the zip file, and its not that easy.

Guess I´ll try in the morning, found everything on Twitter but VM was powered down already

I am almost there… I think I still need 1 password, which should also be hidden in plain sight, but I don’t see it yet…

if the challenge had more relevant description it would be perfect.
but in any case it is very interesting challenge, so play it if you have a lot of free time and love to dicover new things :wink:

Completed! Thanks for the challenge!

While these are fun at times, I think one huge problem about these is scope creep - the way these are set up, it starts blurring between what’s in scope for the challenge vs reality. IIRC one of the previous challenges linked to a legit website, not owned by the challenge creator.

reconvillage ctf did a good job of mixing in real sites for challenges. As an example of the types of problem sets, I’m linking our dearest keramas writeups from the latest reconvillage:

just2c (prob worthless :D)