Challenge: Kryptic Ransomware

Done.
Thank you @roaldnefs for sending me the right information after it got broken.
That was really fun.

After PM’ing @roaldnefs, I believe I was already past the “broken” part and got the required info. Now I just need to dig deeper for more information I guess. Will update if I manage to get further or solve the challenge.

For now my tips would be:
don’t rely on WHOIS, as that got changed.
remember it’s an OSINT challenge.

Got it, only thing I would say is follow the handle :slight_smile: First step is fixed.

@roaldnefs helped me with the correct info for first step (which as @godylocks says is now fixed). but then got completely stuck on the next stage. i’ve tried several locations for different events, etc but sounds like i’m not at the location stage yet anyway… is it obvious when you find the correct place? i noticed that if i search an address on google maps then the co-ords change depending on my level of zoom.

I am in the same boat @daverules. I’ve searched for the coordinates of those events but none of them are working. We must be ignoring something important. Thanks to @roaldnefs for the help.

Struggling around the first step I think, a nudge would be appreciated.

Type your comment> @m4rchy said:

Struggling around the first step I think, a nudge would be appreciated.

same. not sure if the first step is still broken or what…

Just checked the previously broken part and it seems fixed again. Don’t forget that it’s an OSINT challenge.

Thanks to @roaldnefs for the nudge. Respect given on the main HTB page. Pointed me in a direction I hadn’t thought of

@godylocks I have found coords, when I place them in Zeus satellite I get “Sattelite is repositioning…”, I think I have the right ones since any other input just throws a “None was found at that location…”, I don’t know if it’s broken or if I have wrong coords, any help would be appreciated.

I think I have found the right place.

! “There is no place like 127.0.0.1 !”
But I can’t get the coords working on the Zeus page.

Am I missing something? There seems to be nothing indicating any kind of domain to actually investigate.

EDIT: No clue how I missed that.

This challenge has so many rabbit holes, i can’t even begin to count them. And i think i fell for them all. Since you have to enter coordinates, you’ll find them literally everywhere. As a hint for the ones lost:
The zoom level on google maps is not important when solving the challenge.

Shout out to CyberSecNV, who pulled me out of quite a few pits.

Spoiler Removed

I found some cords and getting the “Sattelite is repositioning…” alert. Looking at the source, it’s a catch-all error to the decryption. Can I DM someone with my findings to confirm I’m on the right path and it’s not something on my machine.

(wrong channel …deleted)

all related account and platform checked, still no idea…

Can someone PM to verify if I’m going on the right path?

I’d appreciate some guidance on this, if someone can spare the time - having read a social media feed, I’ve found 2 locations for an event (in the same city); one co-ord gives me “None found”, the other gives me “Repositioning”.

I thought I was on the right track, and started fiddling around with the JS, before remembering this is an OSINT challenge not a “mucking about with code” challenge. Am I on the threshold of a deep rabbit hole?

Hi guys! I’m quite stuck on this one. I did the logical first step which gave me the protonmail. After trying to find additional info on the leader (which everyone seems to have found), I haven’t been able to find anything at all.

Any help would be greatly appreciated! DM me if possible