top of page

HackTheBox OSINT Challenge We have a Leak

For any HackTheBox Challenge you need to first look for Files that can be downloaded or Start instances with a given port on and for any zip file first password is always hackthebox.

So, I downloaded the zip file for this challenge and opened it with "hackthebox" password.

HackTheBox often consist of clues that can really help in understanding what needs to be done. For OSINT challenges always focus on these small details.

So, in this challenge we get to know that

Super Secure Startup's private information is being leaked; can you find out how?

So, I used the same approach as I used in earlier challenges. I looked for information on Social Media accounts linked to Super Secure Startup.

I find out that Twitter have a lot of information from there I got a default SSH which needs to be modified accordingly and act as a password to unzip and

Follow the below procedure to retrieve a flag.

root@kali:~# cd Downloads/

root@kali:~/Downloads# unzip We_Have_a_Leak


[] we_have_a_leak/ password:

inflating: we_have_a_leak/

root@kali:~/Downloads# cd we_have_a_leak/

root@kali:~/Downloads/we_have_a_leak# ls


root@kali:~/Downloads/we_have_a_leak# cd mock_ssh_login/

root@kali:~/Downloads/we_have_a_leak/mock_ssh_login# ls


root@kali:~/Downloads/we_have_a_leak/mock_ssh_login# unzip


[] username/ password: CLUE: Search for a new joinee and use his username to unlock

extracting: username/

root@kali:~/Downloads/we_have_a_leak/mock_ssh_login# ls

abc.txt username

root@kali:~/Downloads/we_have_a_leak/mock_ssh_login# cd username/

root@kali:~/Downloads/we_have_a_leak/mock_ssh_login/username# ls

root@kali:~/Downloads/we_have_a_leak/mock_ssh_login/username# unzip


[] password/flag.txt password: CLUE: Search for Default SSH and modify it according to the new joinee.

inflating: password/flag.txt

root@kali:~/Downloads/we_have_a_leak/mock_ssh_login/username# ls


root@kali:~/Downloads/we_have_a_leak/mock_ssh_login/username# cd pas

bash: cd: pas: No such file or directory

root@kali:~/Downloads/we_have_a_leak/mock_ssh_login/username# cd password/

root@kali:~/Downloads/we_have_a_leak/mock_ssh_login/username/password# ls


root@kali:~/Downloads/we_have_a_leak/mock_ssh_login/username/password# cat flag.txt

After this you will get a flag.

Please share your comments and If you enjoyed this blog post, share it with a friend! See you guys in next post soon.

309 views0 comments

Recent Posts

See All