HackTheBox OSINT Challenge Breach

For any HackTheBox Challenge you need to first look for Files that can be downloaded or Start instances with a given port on docker.hackthebox.eu and for any zip file first password is always hackthebox.


So, I downloaded the zip file for this challenge and opened it with "hackthebox" password.


HackTheBox often consist of clues that can really help in understanding what needs to be done. For OSINT challenges always focus on these small details.


So, in this challenge we get to know that

You managed to pull some interesting files off one of Super Secure Startup's anonymous FTP servers. Via some OSINT work(a torrent or online Password breach site) you have also procured a recent data breach dump. Can you unlock the file and retrieve the key?

So, this challenge is also linked to the previous one as it mention Super Secure Startup.

After unzipping the files I find out there is a public data which consists of six fields and a FTP files folder with two doc files. So, I looked for the owner information of the files and search for him/her in the public data. I used that data and modify it accordingly to the joining of that person and unlocked key.docx file and find out a SSH root key which is encrypted with Base64 and decode it.


After decryption I found the HTB flag.

466 views0 comments

Recent Posts

See All