Hack The Box Breach challenge is one of the challenges I recently completed. The Breach is as well an easy challenge like other challenges in the OSINT section.
The challenge comes with a zipped folder, that contains there files. A
My initial thoughts ware like, somting to do with web designing and a website. The job posting decoment gave me a hint about the domain name, however the domain is not registered, so I procced to check the twitter account @supersecstartup.
From the twitter page I found couple of SuperSecureStartuo’s employees. I searched them in the data breach list, I found the HR staff Bianka Phelps’ email and password.
I thought I can use this password to unlock the key file, but the password isnt accepted. A small hint in the forum helped me to guess the password.
The password I found in the breached list
And it worked!! – The file has an Encrypted SSH Key for root user.
Its a base64 encoading, so I used CyberChef to decode the key