We have a leak - OSINT Challenge

Can someone give me a small nudge for the username? Im fairly confident that I have all the necessary data for both the username and the password but apparently im entering it the wrong way.

Got it, must have messed up the input at the beginning and never bothered to try again :slight_smile: thanks to @jmehys

Can anyone give me some nudge as well? Found some information from twitter but not too sure if the order or case of the input matters?

Thanks to everyone who have been a great help especially H11 and 0byte. I’ve managed to get the password to the last zip file after some manual “brute forcing”. I realised that I already have the password in my list of “to try passwords” but I have probably mistyped it while keying it in .

Is the password for the username.zip an actual password or is it a username? I feel like I’m going the wrong direction.

username, have two options nickname and email… as here it is just one of them two.

It’s mandatory to being registered on Twitter?

@Sedekt said:
It’s mandatory to being registered on Twitter?

No, but they make it difficult to use the “Tweets and Replies” tab on a user’s profile. You can still view the tweets and retweets made without logging in, but seeing what someone replied to is more difficult. The search function will work, however.

Can someone send a nudge?

I got through username.zip and am at password.zip.

I think I’ve found all of the relevant twitter profiles, but am failing at putting together useful intel from the info on the profiles. Currently, I’m trying to bruteforce it, but I’d prefer to do this the right way (and without the numerous hours that bruteforcing is going to take).

just need a push in the right direction. Thanks!

@Sedekt said:
It’s mandatory to being registered on Twitter?

While I’m stuck where I’m at, I can say that for OSINT, having burner profiles on all the SM platforms is pretty much mandatory. You shouldn’t have it tied to anything that would identify you as you - just use a burner email to register and don’t use your phone. If you really want to pull out the stops - only use the profile through a VPN or TOR.

Well, finally I’ve got the challenge, all the info it was in front of me, just needed to mount the puzzle.

No twitter account used, but It was more tricky.

The fact that I don’t have for twitter it’s because it always ask me for a phone number, but using the 10 min sms doesn’t work.

Btw, great challenge!

Hey everyone, thank you for playing We Have a Leak!

I really appreciated reading all your positive comments and I’m glad you enjoyed the challenge!

Guau! Put on the big glasses guys! Thanks @Dethread for the hint!

I’m stuck on username.zip. I think I tried all permutations of hints from 2 ladies tweets ;( and still get incorrect pwd.

Edit: Got into username.zip. It was hiding in the plain sight. As always I was focusing to much on the girls :slight_smile: when the guy had the answer.

Edit2: password.zip was actually kinda similar to the Breach challenge.

BIG thanks @morjan27 for the hint! I learned a lot about rule_based_attack [hashcat wiki], but in the end I did not need it. After guessing the pattern I did it manually in few attempts.

Hey all, I have found my way into the username.zip file and believe I have found all the info I need for the password.zip but might be overthinking it. Any nudge is appreciated

Type your comment> @monstr said:

@SleepyKaze Just pm me if you want, I can try to nudge you in the right direction :slight_smile: I was stuck at the same place, but the answer was right infront of me the whole time.

@elearning Media :slight_smile:

Do you have a moment to help me there too?

Can anyone PLEASE give me a hint ?
I cant even describe how long im stuck on it and im pretty sure ive already seen the answer few times…

Type your comment> @Dan1T said:

Can anyone PLEASE give me a hint ?
I cant even describe how long im stuck on it and im pretty sure ive already seen the answer few times…

Popup anyone ? :frowning:

@greenwolf will you make new OSINT challenge? We need a new one :slight_smile:

Hey guys, I have a prob with the challenge. tried to crack the last zip with JTR but it’s not working. Can anyone help me out?