HackTheBox OSINT Challenge Kryptic Ransomware
For any HackTheBox Challenge you need to first look for the Files that can be downloaded or Start instances with a given port on docker.hackthebox.eu and for any zip file first password is always hackthebox.
So, I downloaded the zip file for this challenge and opened it with "hackthebox" password.
HackTheBox often consist of clues that can really help in understanding what needs to be done. For OSINT challenges always focus on these small details.
So, in this challenge we get to know that
Europol EC3 is looking for clues that will lead to the arrest and prosecution of the Enigma Team leader. According to the latest intel, the fugitive was tracked spending time in . The evidence extracted by forensic experts include a screenshot of the Kyprtic v1.0 malware from a Microsoft Windows XP machine. Europol asked the help of all security researchers and OSINT experts to locate the mastermind behind the latest crypto ransomware. Find the GPS coordinates of the suspect and track them down using the Zeus satellite portal(a simple HTML file where you need to input your coordinates).
So, after unzipping I got a screenshot and an HTML file. So, our main focus here is to use this screenshot and find out the coordinates to track down the flag.
So, I find out a domain on screenshot and run whois information on it. From there I find out a mail id and search for that specific username on social media platforms and find out a twitter account with the same name. Then I researched his twitter account and get to know about a flickr website. I searched for the same person over there and find out his account which has three photos. Then using exiftool I extract the information associated with the photo and find out the coordinates. Now, these coordinates need to be in the exact format which is upto 6 decimal places. So, I converted DMS to decimal and enter those in HTML browser file and finally, I got the Flag.
Please share your comments and If you enjoyed this blog post, share it with a friend! See you guys in next post soon.