We have a leak - OSINT Challenge

@elearning You mean the zip isnā€™t needed for the flag?

Type your comment> @rheaalleen said:

@elearning You mean the zip isnā€™t needed for the flag?

It is needed. All the info needed are on twitter :slight_smile: (This should save you alot of time)

@rheaalleen no I mean after you get all the info from social media sites, you have to figure out how to use that knowledge on the zip file, and its not that easy.

Guess IĀ“ll try in the morning, found everything on Twitter but VM was powered down already

I am almost thereā€¦ I think I still need 1 password, which should also be hidden in plain sight, but I donā€™t see it yetā€¦

if the challenge had more relevant description it would be perfect.
but in any case it is very interesting challenge, so play it if you have a lot of free time and love to dicover new things :wink:

Completed! Thanks for the challenge!

While these are fun at times, I think one huge problem about these is scope creep - the way these are set up, it starts blurring between whatā€™s in scope for the challenge vs reality. IIRC one of the previous challenges linked to a legit website, not owned by the challenge creator.

reconvillage ctf did a good job of mixing in real sites for challenges. As an example of the types of problem sets, Iā€™m linking our dearest keramas writeups from the latest reconvillage:

just2c (prob worthless :D)

I have solved it now as well. It was really in front of me, I just needed a more structured way of trying different combinations.
Anyway, my tip for this one. There is no need to go deeper into the link of the previous challenge.

Ping me if u need nudge

Very fun challenge. Thanks to @azeroth for the nudge.

Hints:
Everything is on twitter
if your password is not working try to figure out why (I donā€™t mean typos).

i have no clue about password for the last zip files, please hint me


got it ! thanks @azeroth about hints
Donā€™t think too much all information is all you got on twitter.

i feel i am close.but dunno how much, can someone pm me to tell if i am in the right way or if i am just wasting time

Took me some time and clever thinking for this one, message me if you need some help

Thanks a lot @azeroth . Donā€™t underestimate the smallest details. Thanks to @eelz too. So many good guys in HTB :blush:

I have an email with domain and a ssh password. Now what should I do ?
Nothing seems to work with the zip file :confused:

Edit : owned. Pretty hard to give more hint without spoilers.

Type your comment> @Crafty said:

I have an email with domain and a ssh password. Now what should I do ?
Nothing seems to work with the zip file :confused:

look at the folder stucture of the zip file and think how can you use information from email and def password.

hello :slight_smile: found twitter page, i understand where is something strange on it but i am lost at all and donā€™t know what to do. can somebody help me?

I got some false positive passwords on the zip where the password worked but it got a crc error. That sent me on a wild goosechase of fixing the zip until I started over and got through the challenge.

Happy to help, just message me.

Finally got it! @azeroth Thank you for the nudge!

My tip: donā€™t over think. It really is the path of least resistance. Good luck :slight_smile:

Thanks to @Dethread for the nudge in the right direction on this. Dig Deeper as all the info is there like others have said.