[OSINT] Breach

Easy challenge, specially if you at least started the previous one (“We Have a Leak”)

I love OSINT challenges, hope they will aprove new ones soon, maybe in a month? :wink:

Hey guys! I managed to find the password for the key.docx document, but I’m not sure what to do with the output. Could you give me nudge in the right direction?

@notseelan said:

Hey guys! I managed to find the password for the key.docx document, but I’m not sure what to do with the output. Could you give me nudge in the right direction?

Never mind, just got it. Fun challenge!

Type your comment> @z3nn said:

This took me a lot less now that I’m familiar with this company from ‘We Have A Leak’ … remember that she’s quite a seasonal password fan :smiley:

… i think I found the details I was looking in a more unconventional way by breaking up the word file in it’s more ‘raw’ state and found useful information in one of the resulting files.

if you solve the we have a leak, this is the best hint ever, with this hint it takes 1 min :slight_smile: thanks a lot :slight_smile: respect given :smiley:

I like it so Much … there are some rabbit holes, but guessing is the Magic here.
Thank you @greenwolf I have enjoy my time and learn something

Someone help me on this challenge

I’m just not understanding these :neutral:

I got to the password.zip in “we have a leak” - no idea where to go with that.

Someone mentioned completing BREACH helped them with “we have a leak”, so here I am… But again, no clue as to what I’m supposed to be looking at.

I feel like you have to think a certain way in order to solve these - and that’s what I’m also learning while doing these…how to think ■■■■

But yeah, I’m so lost with this…

It is a pretty nice challenge and I definitly learned something new about passwords :smiley:
PM me for a nudge :smiley:

got it, feel free to PM me

Anybody else have problems with Office2john? I ran that and built a quick and small wordlist based on the pattern I saw. For some reason, john and hashcat both failed to properly recover the password, despite it being in the list. I ended up just guessing it manually, but I would have like to see it worked via automation.

Hey guys, I feel a bit dumb, but… I cannot open the file related to the challenge (Login :: Hack The Box :: Penetration Testing Labs). The usual “hackthebox” password doesn’t seem to work. May you please confirm that it should work instead (i.e. this is not the password that I am supposed to go hunting for)?

I was able to get the ssh key, but not sure what to do next.

Type your comment> @fab13770 said:

Hey guys, I feel a bit dumb, but… I cannot open the file related to the challenge (Login :: Hack The Box :: Penetration Testing Labs). The usual “hackthebox” password doesn’t seem to work. May you please confirm that it should work instead (i.e. this is not the password that I am supposed to go hunting for)?

Same issue here and I am certain that I opened it once before. I can not open the breach.zip file using the htb password provided. Is this on purpose or is something broken?

Hi everyone, I got the password for the doc txt file and I modify the password so that I am certain that it is the right one, but somehow it doesn’t work. I am not sure what really happens. Can someone confirm?

Hint: no need to use Kali Linux or any password hacking tools.
This is why company password policy tells you to not use password pattern on a every 30 days password change.

can anyone PM me for a hint? i’m brute forcing based on the pattern but with no luck, just solved “we have a leak” and maybe i’m looking at the wrong info? but cant seem to find anything else

i’m stuck at extracting the zip file, and tried around 10 million permutations…

if someone is having the same problem as me, couldn’t extract the “Breach.zip” downloaded from hackthebox where the password is “hackthebox”, I could not extract it on MacOs and thought it was part of the challenge (yes I checked the checksum and it’s correct), spent the whole afternoon brute forcing only to realise that extracting it on linux with the password “hackthebox” worked fine.

just a heads up…

I don’t think this qualify as a spoiler xD

https://memegenerator.net/img/instances/81124954.jpg

I got the key in the file and I was using on the target, but failed… Am I missing sth?
Please PM me!

You can dm me if you need hints. a very easy challenge if you have solved we have a leak. took just 5 minutes.

Twitter was only useful for me to confirm I was looking at the right asset, but after spending a bit too much time looking at …blurry stuff… I just solved it by “refactoring” a password to make it “up to date”. What did I miss on Twitter?

Never mind. I’m bad at finding Waldo.