We have a leak - OSINT Challenge

Guess I´ll try in the morning, found everything on Twitter but VM was powered down already

I am almost there… I think I still need 1 password, which should also be hidden in plain sight, but I don’t see it yet…

if the challenge had more relevant description it would be perfect.
but in any case it is very interesting challenge, so play it if you have a lot of free time and love to dicover new things :wink:

Completed! Thanks for the challenge!

While these are fun at times, I think one huge problem about these is scope creep - the way these are set up, it starts blurring between what’s in scope for the challenge vs reality. IIRC one of the previous challenges linked to a legit website, not owned by the challenge creator.

reconvillage ctf did a good job of mixing in real sites for challenges. As an example of the types of problem sets, I’m linking our dearest keramas writeups from the latest reconvillage:

just2c (prob worthless :D)

I have solved it now as well. It was really in front of me, I just needed a more structured way of trying different combinations.
Anyway, my tip for this one. There is no need to go deeper into the link of the previous challenge.

Ping me if u need nudge

Very fun challenge. Thanks to @azeroth for the nudge.

Hints:
Everything is on twitter
if your password is not working try to figure out why (I don’t mean typos).

i have no clue about password for the last zip files, please hint me


got it ! thanks @azeroth about hints
Don’t think too much all information is all you got on twitter.

i feel i am close.but dunno how much, can someone pm me to tell if i am in the right way or if i am just wasting time

Took me some time and clever thinking for this one, message me if you need some help

Thanks a lot @azeroth . Don’t underestimate the smallest details. Thanks to @eelz too. So many good guys in HTB :blush:

I have an email with domain and a ssh password. Now what should I do ?
Nothing seems to work with the zip file :confused:

Edit : owned. Pretty hard to give more hint without spoilers.

Type your comment> @Crafty said:

I have an email with domain and a ssh password. Now what should I do ?
Nothing seems to work with the zip file :confused:

look at the folder stucture of the zip file and think how can you use information from email and def password.

hello :slight_smile: found twitter page, i understand where is something strange on it but i am lost at all and don’t know what to do. can somebody help me?

I got some false positive passwords on the zip where the password worked but it got a crc error. That sent me on a wild goosechase of fixing the zip until I started over and got through the challenge.

Happy to help, just message me.

Finally got it! @azeroth Thank you for the nudge!

My tip: don’t over think. It really is the path of least resistance. Good luck :slight_smile:

Thanks to @Dethread for the nudge in the right direction on this. Dig Deeper as all the info is there like others have said.

I have got the SSH ‘login’, but I can’t find the ‘password’ for the life of me. Anyone care to give me a nudge?

@Crashtastic sent you a message with hint…

cant get anywhere… got a zip file and a twitter page … care to give me a nudge?