HTB -Breach Challenge

Hey Folks !..I hope all you are fine.

Recently , I solved the challenge called Breach which is a HACK THE BOX challenge.This challenge is in My favourite category OSINT.

You managed to pull some interesting files off one of Super Secure Startup’s anonymous FTP servers. Via some OSINT work(a torrent or online Password breach site) you have also procured a recent data breach dump. Can you unlock the file and retrieve the key?

They gave us a zip file.we have to unzip the file called Breach.zip. After unzipping the file called public-data-breach.txt contains number of usernames and passwords and ip’s.

In ftp-files we have two docx files called key.docx and web developer needed.docx.

I don’t know how to get started in this challenge.After 5 minutes I got an idea of searching the phrase called ‘supersecurestartup’ in publicdatabreach.txt.

I found 6 results.In that 6 results I found a interesting phrase called ‘Love!July2018’

I thought this is the key for opening the key.docx file but unfortunately it was not.I’m stucking in this step for 15 mins.

Then I inspect the file properties of a file called key.docx.In that properties I found the modified date is 26 march 2019.

Then I recreate the key as ‘Love!March2019’.Luckily It was an correct key to open the key.docx file.After opened that file I found the SSH key like

SFRCe1A0c3N3MHJkX0JyM2FjaDNzX0M0bl9CM19BX1RyM2FzdXIzX1Ryb3YzXzBmX0luZjBybWF0aTBufQ==

It looks like base64 and I decode it with base64. I found the flag !!

Thank You…

Happy CTF !!

--

--

--

Security researcher | SDE

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Is Data The New Currency In Today’s World?

Anti-Phishing Skills: Don’t Bite The Bait!

APE attack incident technical analysis

How to Deploy a Solidity smart contract on ParaState’s testnet?

Understanding Threat Modeling

How the Digitization of Clinical Trials can Increase Efficiencies and Reduce Costs

{UPDATE} Sudoku Classic Puzzles Hack Free Resources Generator

Use HTTPS with Linux, Comodo SSL & Nginx — An end-to-end workflow

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ramalingasamy

Ramalingasamy

Security researcher | SDE

More from Medium

Year of the Fox [Tryhackme]

HacktheBox [Lame]

PortSwigger Web Security Academy Server-side topics — SQL Injection

How to get Invite code in Hack The Box