Hacktoria Follow The Black Rabbit Write up

4 min readJan 8, 2023

--

Disclaimer: This is my 1st time do write up for this type of challenge so please inform me if my formatting here is ok or not. Also, this write up contains spoilers for this challenge so try the challenge first before you read further just to not ruin the fun.

Here is the challenge link:

Follow the Black Rabbit - Hacktoria

This Collaboration Contract was made by our community member "Mr.Midnight". https://twitter.com/MrMidnight53 If you…

hacktoria.com

This is my first time playing this type of challenge, quite nice but with quite a lot of weird rabbit holes.

[Important details]

The briefing and the goal of this challenge

-Briefing-

Greetings, Special Agent X.. James called us yesterday at 9am, asking us to find out who stole his precious coffee beans. Apparently the day after he got the beans, he told his friends about it and now its missing.

We’ve located his school and found out the names and class-photo of his friends.

Your mission is to recover the stolen coffee beans, return it to james and find out who stole the precious coffee beans. Youll find further information in the folder that comes with this contract.

As always, Special Agent X. Our allies and the agency depend on you.

-Materials and Answer Instruction-

password sample for flagfile: name-of-coffee-beans-name-of-thief

sample password: midnight-og-coffee-beans-jimmy

So, our goal here is to get 2 items, the name of coffee beans stolen by the thief and the name of the beans thief

The content of the files given

This is the flagfile, the target where we put the keyphrase gathered in this challenge

This is the starting information file for this challenge. We will most of the time deal with this folder

[Goal 1: Figure out the name of coffee beans stolen by the thief]

Extract the starting information folder and see the content inside the information folder

This is the content inside the folder, let us open the unknown-backup one since the suspects one will be useful in the next step

2. Open the unknown-backup folder

This is the content in the unknown-backup folder

3. After lurking around this folder, here are the important details available within these folders:

The P455W0RD file in etc

this is the content of the file, looks like the format to open the vault (save it for later)

The password.png locate at root

I think this is the picture that we need to figure out the location

4. Use reverse image search to gather the location of password.png

Both of them point into one place which is Cologne Cathedral

This meant that the vaults password would be: cologne-cathedral-germany-cologne

5. Open the vault using the password gathered and check the content

This is the black-bunny-organization-card.jpeg

6. Email the secret to blackbunnyhideout@gmail.com and see what happens from there

This is what we get, a picture and a file that opens with the coordinates of the picture

7. Use reverse image search to try gather the coordinates of the picture

No conclusive place for the google lens so I tried the 1st link

San Mateo's Tunitas Creek Beach gets a makeover, Martins Beach could open to public

HALF MOON BAY, Calif. (KGO) -- New facilities are coming to a San Mateo County beach known for big parties and the mess…

abc7news.com

So, I got the california place but in this article there are 2 place linked, Tunitas Creek Beach and Martins Beach, both dosen’t look remotely similar to the picture that we got.

8. “Lucky” step: just copy the-coordinates as the zip file password

Due to my brain hurts trying to figure out the coordinates, I just tried the-coordinates as the password out of frustration.

Lo and behold, that is the damn password..

Mr Midnight, damn it.

9. Open the beans folder and gather the details