We have a leak - OSINT Challenge

Finally get it to work, and thanks to @AviusX and @tXxc for the hints. Please let me know if anyone needs help. I can feel how u feel when you cannot get the flag.

Hi All

I don"t know if a got the right pass for username.zip

I got a password.zip file and a CRC error, I try other Zip file tools…
Anybody for a little hint please :wink:

Type your comment> @hammeh said:

I’m stuck on username.zip… I found the twitter pages of the company and 4 links to it. Got the mail address and default ssh pw. Can someone give me a nudge?

Same problem, hoping to get some help here ! Thanks in advance

Please any hints? Stuck at the password part.

Really stuck on this one. Found several twitter accounts and noticed some things inside the pictures, but no password seems to work unziping We_have_a_leak.zip. Any hint or nudge would be very welcome. Thank you.

Need a help to navigate to the password folder. All the information that was on Twitter did not help to promote. Most likely I’m missing something (((

I have checked every comment, every picture of all of the accounts for Secure Corp and their employee, i really wonder where on earth there is that default password that everyone is talking about ?!?!

EDIT: got it

Type your comment> @monstr said:

@SleepyKaze Just pm me if you want, I can try to nudge you in the right direction :slight_smile: I was stuck at the same place, but the answer was right infront of me the whole time.

@elearning Media :slight_smile:

hi can you help me in this challenge?

i have the default ssh passwd and mail and all twitter info but stuck on the last password.zip, can anyone nudge me @monstr @elearning @SleepyKaze @lebutter
anyone …pls it would be helpful

Wow thanks for the challenge … quite enjoyed it
an it was one of the first challenges i tried!

All hints needed are on this forum!
Read every post.

Please a nudge! I need help. I have the password from the zip, but no more. THX

I have looked all over the company twitter feed, I’ve seen hints about one hire and one applicant, seen an email address. Thats it. Is my Twitter-fu really this bad?

Well I slept on it, and this morning I’ve got it :slight_smile:

I’m pretty sure I figured out the password for password.zip, but i’m getting this error:
Error: invalid compressed data to inflate
any help?

Spoiler Removed

Hi everybody, i get the username.zip password, but not able to find out password.zip password. Anyone can help me in DM??

TNX

pls help me i have password.zip with me which asks for password now … edit:finally solved myself. My advice to people struck in the final frontier, stop and its time you dive in the swimming pool using …

Hi, could really use a nudge here - can’t figure out username.zip pw, found twitter accounts and the GH repo but no luck from there. thanks!

Been banging my head against password.zip for quite some time now, created some wordlists from data gathered from the Twitter pages but some passwords give me false positives extracting the flag which comes up empty.

Tried with 7zip, explorer, WinRar on Windows, thunar and unzip on Kali but no dice.

I can keep generating huge wordlists but it’s such a pain in the ■■■ with the the false positives x_x

Can someone give me a nudge in the right direction bls?

I was confused by the use of nested zip files as a mock ssh login. Specifically, if you click on username.zip in Windows it lets you navigate all the way to password.zip and says “File ‘password.zip’ is password protected. Please enter the password…” So I thought the username wasn’t required and it was looking for the password. But you’re actually still just unlocking username.zip, so it wants a username.

Also if you run “unzip -l username.zip” on Linux, it shows the file “username/password.zip”. So I thought maybe the zip password was a concatenated “myusername/mypassword” string. Nope.

Hope this eliminates unnecessary rabbit holes unrelated to the challenge.