We have a leak - OSINT Challenge

@Sedekt said:
It’s mandatory to being registered on Twitter?

No, but they make it difficult to use the “Tweets and Replies” tab on a user’s profile. You can still view the tweets and retweets made without logging in, but seeing what someone replied to is more difficult. The search function will work, however.

Can someone send a nudge?

I got through username.zip and am at password.zip.

I think I’ve found all of the relevant twitter profiles, but am failing at putting together useful intel from the info on the profiles. Currently, I’m trying to bruteforce it, but I’d prefer to do this the right way (and without the numerous hours that bruteforcing is going to take).

just need a push in the right direction. Thanks!

@Sedekt said:
It’s mandatory to being registered on Twitter?

While I’m stuck where I’m at, I can say that for OSINT, having burner profiles on all the SM platforms is pretty much mandatory. You shouldn’t have it tied to anything that would identify you as you - just use a burner email to register and don’t use your phone. If you really want to pull out the stops - only use the profile through a VPN or TOR.

Well, finally I’ve got the challenge, all the info it was in front of me, just needed to mount the puzzle.

No twitter account used, but It was more tricky.

The fact that I don’t have for twitter it’s because it always ask me for a phone number, but using the 10 min sms doesn’t work.

Btw, great challenge!

Hey everyone, thank you for playing We Have a Leak!

I really appreciated reading all your positive comments and I’m glad you enjoyed the challenge!

Guau! Put on the big glasses guys! Thanks @Dethread for the hint!

I’m stuck on username.zip. I think I tried all permutations of hints from 2 ladies tweets ;( and still get incorrect pwd.

Edit: Got into username.zip. It was hiding in the plain sight. As always I was focusing to much on the girls :slight_smile: when the guy had the answer.

Edit2: password.zip was actually kinda similar to the Breach challenge.

BIG thanks @morjan27 for the hint! I learned a lot about rule_based_attack [hashcat wiki], but in the end I did not need it. After guessing the pattern I did it manually in few attempts.

Hey all, I have found my way into the username.zip file and believe I have found all the info I need for the password.zip but might be overthinking it. Any nudge is appreciated

Type your comment> @monstr said:

@SleepyKaze Just pm me if you want, I can try to nudge you in the right direction :slight_smile: I was stuck at the same place, but the answer was right infront of me the whole time.

@elearning Media :slight_smile:

Do you have a moment to help me there too?

Can anyone PLEASE give me a hint ?
I cant even describe how long im stuck on it and im pretty sure ive already seen the answer few times…

Type your comment> @Dan1T said:

Can anyone PLEASE give me a hint ?
I cant even describe how long im stuck on it and im pretty sure ive already seen the answer few times…

Popup anyone ? :frowning:

@greenwolf will you make new OSINT challenge? We need a new one :slight_smile:

Hey guys, I have a prob with the challenge. tried to crack the last zip with JTR but it’s not working. Can anyone help me out?

I know I’m very close but just cant get the password right for password.zip. Can anyone give me a hint?

Oh my - i have found the twitter - list of followers - the 2 other workers for supersecstartup. Need a nudge.

Hello guys. I am new to HTB. Done 2 of other challenges but stuck on this one. I found 2 twitter accounts and 1 LinkedIn as well but not getting idea how to move forward. Could anyone give a clue please? Thanks a ton.

Having some issues getting username.zip, would appreciate a PM to show what I have so far and a nudge in the right direction :slight_smile:

Hats off to Saphire Calypso, whoever they are. Great improvement to the challenge. The rabbit hole is mental. I stopped when I realised this is osint, not crypto

Lol anyone who succeed this one recently ?

I cannot figure out what is going on with the zipfile.