Hack The Box Breach challenge is one of the challenges I recently completed. The Breach is as well an easy challenge like other challenges in the OSINT section.
The challenge comes with a zipped folder, that contains there files. A
My initial thoughts ware like, somting to do with web designing and a website. The job posting decoment gave me a hint about the domain name, however the domain is not registered, so I procced to check the twitter account @supersecstartup.





From the twitter page I found couple of SuperSecureStartuo’s employees. I searched them in the data breach list, I found the HR staff Bianka Phelps’ email and password.
17620,Bianka,Phelps,b.phelps@supersecurestartup.com,Female,126.204.123.232,"Love!July2018"





I thought I can use this password to unlock the key file, but the password isnt accepted. A small hint in the forum helped me to guess the password.
The password I found in the breached list "Love!July2018"
Love!March2019





And it worked!! – The file has an Encrypted SSH Key for root user. SFRCe1A0c3N3MHJkX0JyM2FjaDNzX0M0bl9CM19BX1RyM2FzdXIzX1Ryb3YzXzBmX0luZjBybWF0aTBufQ==
Its a base64 encoading, so I used CyberChef to decode the key





Flag: HTB{P4ssw0rd_Br3ach3s_C4n_B3_A_Tr3asur3_Trov3_0f_Inf0rmati0n}