Challenge: Kryptic Ransomware



  • edited May 2020

    @p01arst0rm I'm ended in your same place (I saw your comment). I saw the coords at Li****s F******n, but nothing. Any advice?


  • When entering the in the coordinates, your browser can make a difference.
    Entering the same Coordinates in Firefox in Kali and Chrome in windows gave different results.

    Hack The Box

  • I got one hint at F*** which contains one location. I put the coordinate of this location in Zeus but I got 'None'.
    I'm thinking about the @Kucharskov comment about brute force, because I got one coordinate with a negative value. Did I find a wrong hint then?

  • Is this challenge broke? I got into L****** F******* but I'm so stuck. Any nudge will be aprecciated!!

  • edited June 2020

    UPDATE: It's not broken :hushed:

  • finally got it, beware of ****s (****2) not reporting all that can be found

  • edited June 2020

    Hey so I used wh**s and then used the email to find the the T*****r, can anyone hint me what I should be looking for on the F***r?

  • got it, i think its not easy challenge, first part is hard to find , pm me for any nudge :)

    Hack The Box

    You can pm me on discord sh4d0wless#6154

  • if any one can help, send me a DM. could use a nudge. have the T***** and have gone around in circles. need to talk to some one who has finished this so I can say everything have done and figure out if I am digging too deep or missing something obvious or what....

  • edited July 2020

    Edit: Never mind. Overthinking things.

    404 Friend Not Found

  • If you got a "Satellite is repositioning" message means you either entered the wrong GPS coordinates or entered them in the wrong format.

  • wow, what a frustrating challenge, but finally got it. Thanks to @sh4d0wless, @roaldnefs and @MountainMan for the nudges.

    one thing I will say. don't use iPhoto. it produces problems.

  • the tools you use definitely make the difference. I was banging my head against a wall and glad I asked.


  • You know what he likes. Maybe he does something similar?

    This challenge is borked in my opinion. Foothold data should be publicly accessible without need to register on some more-or-less shady websites (that are not free btw).


  • edited August 2020

    nudges pls.
    got the flag thanks to @sh4d0wless @sparrow1 i was really in deep rabbit hole and overthinking it
    my advice is: don't forget it's an OSINT don't go too deep

  • Got to the L**** f***. Stuck now., I can't seem to find any new direction.
    Could anybody pm me with a nudge

  • edited September 2020

    I don't get it.
    Found the p********* mail address of the leader and via this address his t***** account. Found the event that he liked/visited, but the coordinates of google maps of the place where the event was held didn't work. Even the location of a following date of this event isn't working

    Hack The Box

    Hello friend. Hello friend? I am always happy to help you, but also expect clear information about what you have achieved so far. Together we will raise the flag!
    Remember: Giving respect is a matter of honor

  • edited September 2020

    Yeah, I think I need a hint as well. It feels like I'm super close, I just don't have the exact right coordinates. OR, I took a wrong turn awhile back.
    Edit: Nevermind, some time away, and I'm back on track.

  • I'm in t*****r but i don't see the next step. A nudge would be appreciated. Thanks.

  • I got it!!! Thanks a lot to @MountainMan, @Sparrow1, @ZloyObezyan, @Hellburpp!!! Obstinacy in a path it is no good.

  • Guys, I need help determining the location of this impudent guy

  • There is data on his gmail and mails by gmail mail, it seems, I did not find anything what to do hmmm

  • edited October 2020

    Ok so I solved this using hints on the forum + some googling to find the link between domain and the registrant email, but can someone help me with how they get the initial p********* email without w****, as that seems to not work anymore.

    The field that should have the info is now:

    Registrant Email: Select Contact Domain Holder....

    A DM with how to do it without w**** would be really appreciated, because I feel the way I got it isn't really applicable in the majority of cases.

  • Completed!

    All in all not a huge fan of this one since the initial "lead" is hard to come by. Huge shoutout to @SuperVish for some help getting me out of rabbit holes.

    If you can find the T****** you are on the right track, and as @ElleuchX1 said, don't forget it's an OSINT challenge. Keep the original goal/challenge prompt in the back of your head as you look at things.

    ~ Feel free to PM me if you need a nudge

    Unix fanboy

  • Found Got the coordinates from the post metadata using ****tool and looked that up on Maps to get decimal format, when I enter the coordinates I get "none was found at that location" so I'm pretty sure I've got the right format for the key.

    I've tried the process of looking up the decimal coordinates and submitting both in Firefox and Chromium, just in case. I've tried alternative tools to extract the coordinates.

    Unless I'm looking for a different location, I assume there's some sort of error (rounding in the GPS extraction/conversion?) at play.

  • My hint for this is to take not on the zeus how many decimal places it is expecting and ensure you give it what it wants.

    Hack The Box

  • I could use a push in the right direction here.

    I've gleaned off this thread that there's supposed to be a p********* email you get from a w**** lookup of the url you can find in the provided files. Some people in here are talking about that step being broken, and I think it may be again, as a w**** doesn't return any useful information.

    Would someone mind PMing me how to get that email if this is the case? If no a nudge in where I'm off course please. Haven't been able to find anything with just the domain and keywords in the zip.


  • solved !
    at first i thought it's broken, important use correct converter ._.

  • whois data has been redacted by namecheap and by what i read here it shouldnt be.

  • So it the challenge still up? I cannot see anything useful in the w**** comparing to what people are commenting here. I am stuck at the foothold...

Sign In to comment.