Breach - Hack The Box Challenge

less than 1 minute read

  less than 1 minute read


You managed to pull some interesting files off one of Super Secure Startup’s anonymous FTP servers. Via some OSINT work(a torrent or online Password breach site) you have also procured a recent data breach dump. Can you unlock the file and retrieve the key?


Download the files, you’ll find 3 files, a key (key protected), an job offer and a file of the leaks (from the breach). So since one file is the target file and the other a filter list, maybe the next step is on the remaining file.

Reading the document, comment that the offers can be sent through the email [email protected].

If we search for the email you’ll find a twitter account from Bianka Phelps. So let’s check if your data is in the data file.

Yeah, we got her.

breach htb

Password = “Love!July2018”

Let’s try the password.. well it didn’t work.

But looking at the metadata we can see that the last modification was in March and seeing how your password was, it may be that you will update it, with March and 2019 being the year.

breach htb 1

OK, we got the pass.

Now decoding the BASE64 code there, you’ll get the flag.