Rabbit Hole Contract by Hacktoria — A Complete Walkthrough

Published in

System Weakness

19 min readDec 13, 2022

This is a special contract, which was launched on one year anniversary of hacktoria.com. So, congratulations Hacktoria and all it’s active member on your one year anniversary. Personally, It’s been a great journey for me.

Here is the official link to the Rabbit-🐰-Hole contract:

Rabbit Hole - Hacktoria

Greetings Special Agent K. Today we have a special Contract. At the time of writing, 06.12.2022 at 19:48 EET, Hacktoria…

hacktoria.com

Before moving any forward, I’ll like to inform the readers that this is going to be a very long walkthrough write-up, probably my longest since it involves 10 steps in total. It took me multiple days to solve this contract and this was a team effort, I couldn’t have done it myself! I would like to thank all of you guys for helping me with this!

Let’s begin jumping into the Rabbit Hole!

Please read the the description carefully and take important points, which may be used in future OSINT processes. Here is the description to the contract:

Greetings Special Agent K. Today we have a special Contract. At the time of writing,
06.12.2022 at 19:48 EET, Hacktoria is now one year old. 
The first ever Monthly Capture the Flag event was announced roughly one year ago, between 06 and 15.12.2021. 
Meaning this was the week that the idea for “Story Driven OSINT Capture the Flag Exercises” was born.

To thank everyone who’s been a part of this journey and celebrate the birthday of Hacktoria, I present you with the “Rabbit Hole” Contract. 
The name stems from the OSINT term “Rabbit Hole”, where the investigator chases after suspected leads and clues, not knowing if or where they will end.
Or… If they’re even real.

This Contract will take you through almost all disciplines covered in Hacktoria events and Contracts so far, with the inclusion of some new concepts as well. 
Only limited by the exclusion of steps that would be too fragile to stay online permanently. For example, the art gallery in the Mona Lisa Heist, 
would be too unpredictable for a permanent Contract. 

As a guideline, I can say this Contract is comprised of 10 steps in total. 
Various steps will hint to where you are, using the step number in filenames.

With the first step for this Contract, I present you the first ever complete archived screenshot of the Hacktoria website. 
Made on 15.12.2021 at 14:04:04. I hope you enjoy this Contract, and all those to come in the future. Thank you for being part of this.

As always, Special Agent K. The Contract is yours, if you choose to accept.

There are also a section of instruction that tells us about the format of the password of the linkfile:

Password instruction flagfile:

    Species from step 03
    Social handle from step 06
    Username from step 08
    Country and Streetname from step 10

Example password:

galeocerdo-cuvier-dodgy_malaka08-logmein-germany-hamburger-d-strasse

Next up, download all the assets which include the linkfile and the ‘original image’.

Journey to the contract card (Methodology)

Step 1: The Original Image

This is the first and only clue to solve the step 1, after a lost of stenography and wasting my time, I realized that all I had to do is look at the image carefully. If you did look at the image carefully, you can notice the last section of the image, which is a link. It’s so obvious that, still it took me around 30 minutes to figure this!

hacktoria.com/wp-content/contracts/items/rabbithole/dmehuf/step2.zip

Paste this link in your browser and, the 1st step will be solved and clue to step 2 will be revealed.

Step 2: The Zip File from the Image

You can extract the step2.zip file and you will get a text file, which has three paragraphs, it will look something like this.

Here is the original paragraphs:

(9:=6-:?-2-D6?D6-6249->@C?:?8->2C<D-E96-368:??:?8-@7-Q2-?6H-52JQ-J6E[-2D-E9:D-=2DE-J62C-92D-D@F?565-E96-562E9-<?6==-@7-2?-6C2-5:D2DEC@FD-E@-E96-H6=72C6-2?5-92AA:?6DD-@7->2?<:?5-:?->2?J-H2JD[-D@-E96-}6H-*62C-;FDE-52H?:?8-AC@>:D6D-2?-6A@49-@7-F?A2C2==6=65-6?=:89E6?>6?E-2?5-@AA@CEF?:EJ-7@C->2?<:?5-E@-C64@FA-9:D-=@DD6D-DF776C65-E9C@F89-:8?@C2?46[-@C-H:==7F=-2?5-56=:36C2E6-DF3DE:EFE:@?-@7->2?VD-32D6-56D:C6D-2?5-56DECF4E:G6-H:==-7@C-E96-s:G:?6-(:==-2?5-!6C764E-!=2?-@7-v@5[-9:D-rC62E@CP-(62C:=J-5C:G6]8@@8=6]4@>-92G6-E96-52JD-5C28865-3J[-H9:=6-A=@ED-2?5-4@F?E6C-A=@ED-4@>A=:42E65-2?5->F=E:A=:65->2?VD-F?D@=G23=6-AC@3=6>D]-(6-92G6-H2E4965-H:E9-2-9@CC@C-:>A@DD:3=6-E@-C6AC6DD[->2?VD-:?67764EF2=-2EE6>AED-E@-6IEC:42E6-9:>D6=7-7C@>-E96-EC62496C@FD-BF:4<D2?5D-@7-5646AE:G6-Q28C66>6?EDQ-2446AE65-:?-2AA2C6?E-8@@5-72:E9[-@?=J-E@-36-CFE9=6DD=J-EC2>A=65-F?56C-7@@E-H96?-E96:C-6G:=-AFCA@D6-92D-366?-249:6G65]

V2h5IGRvIHdlIHNheSB0aGUgdGlkZSBoYXMgbm93IHR1cm5lZD8gQmVjYXVzZSBhbGwgbWFua2luZCBlbnNsYXZlZCBvciBzdGlsbCBjYXBhYmxlIG9mIHJlY292ZXJpbmcgdGhlaXIgbG9zdCBoZXJpdGFnZSBvZiBmcmVlZG9tIGJlZ2luIHRvIHNlZSBmb3IgdGhlbXNlbHZlcyB0aGUgZW5vcm1pdHkgb2YgdGhlaXIgZm9sbHkgaW4gdHJhbnNncmVzc2luZyBsYXdzIGFsbC1wb3dlcmZ1bCB0byBwcm9tb3RlIHRoZWlyIHBlcnNvbmFsIHByb2dyZXNzIGFuZCBjb25zZXF1ZW50IHBvc3Nlc3Npb24gb2YgYWxsIHRoZXkgbW9zdCBlYXJuZXN0bHkgbmVlZCBhbmQgZGVzaXJlISBXaGVuIHdpbGwgTWFuIGNlYXNlIGhpcyByaWRpY3Vsb3VzIGF0dGVtcHRzIHRvIG9ic3RydWN0IHRoZSBvcmRlcmx5IHByb2Nlc3NlcyBvZiBwcm9ncmVzc2l2ZSBkZXZlbG9wbWVudCBhcyBzZXQgaW4gbW90aW9uIGF0IHRoZSBjb21tZW5jZW1lbnQgb2YgaGlzIHNvam91cm4gb24gdGhlIHBsYW5ldCBTaGFuPyBUaGUgYW5zd2VyIGlzIGFic3VyZGx5IHNpbXBsZSEgL2RyaXZlL2ZvbGRlcnMgV2hlbiBoZSBhY2tub3dsZWRnZXMgdG8gaGltc2VsZiB0aGF0IGhpcyBwdW55IGJyYWluIGFuZCB1bnJ1bHkgaW1wdWxzZXMgY29uc3RpdHV0ZSBubyByZWxpYWJsZSBndWlkZSB0byB0aGUgYWNxdWlzaXRpb24gb2YgdGhvc2UgdGFuZ2libGUgYW5kIGludGFuZ2libGUgYXNzZXRzIHdpdGhvdXQgd2hpY2ggaGUgY2Fubm90IGhvcGUgdG8gZXNjYXBlIGEgbW9zdCB0ZXJyaWZ5aW5nIGZhdGUhIE1pZ2h0IHdlLCB3aG9tIHlvdSBoYXZlIG5hbWVkICJTcGFjZSBNZW4sIiBzaGFyZSB3aXRoIHlvdSB0aGUgYWN0dWFsLCBwcm92YWJsZSBmYWN0cyB3ZSBoYXZlIGJlZW4gYWJsZSB0byBkaXNjb3ZlciBieSBleHBlcmltZW50IGFuZCBleHBlcmllbmNlIGluIHRha2luZyBwcmVjaXNlbHkgdGhlIG9wcG9zaXRlIGNvdXJzZSBvZiBhY3Rpb24gdG8gdGhhdCBmb2xsb3dlZCBieSB0aGUgbWFqb3JpdHkgb2YgZWFydGggZHdlbGxlcnM/

IFRGOIDPNBTSA2TVNZTSAZ3VOJSXEIDVNZUXEIDPOJZGCIDBNB5HEZLCNBTCAZLOMZ2SA3THM5ZHUY3HMYQHU3TROIQG63BAOZQXA3TIM53GE2DGEBXXE6LWOJUXEZLGEB3GCICROZUXMYLSEBLGCZ3SPF4XM5DSMFYHELBAJJ3GM4LCPIQG4YLREBIGK4TOM53GS4RAKZQXI4TBNB3GO3BAM5RCA3TZOZ2GCIDHOVZHMZJAPF3GS4TGEBVHMZ3VEBTXK5TGEBTGQY3FOJ5HEIDHMV3GQ6TJOZSW4Z3SEBXWQZZAM5RCA2TVNZTSA3TJNZ3HSPZALJXGC6DWMFYSA5TBEB2HEYLSMVXHSIDKMJUHS4JAOVXGS4RAMFRGC4RAMJZSAZ3VOJ5CCICHOVZHMZJAONXGO4RAOZTCA3TZPEQGOYTCEBVHE6LZEB4GCYTKMEQGOYRANRRGQIJAIZ2W46LZEBVHEIDGOVXGK4RAM52W4ZZAONXGO4R7EBAUEIJAKZTSA5TGEBRGQZJANZUWE2TSOEQHMYLHOJQWO5TCMEQGOYRANZYGI2DOOZQWOIDMMJUCA2TWM52SAZ3VOIQGK4TGNB4WOZRAMJXWO3TWMFZHCIDHOVSWE2DUOUQGO5LSEBYGEYLGOZTGO4TBM4QG4YLREBRXEZLGOZTGO4TBM4QGQZTSEB3GCIDOEBYGEYLGM5SWQ4DHOZUXEIDKNZWCAYTTEBTXK4RANFZGK3BAONRGK4DSMYQGYYTIEB2W42LSEBUGM4TREBTWEIDROJTGOZLCNQQHE2LSMVWGO5LWMF2CA5DCMJYSA3TBOEQG64TONBTXM43IPEQG4YLREBQWE2RAOZQWM3TBOJ4WYIDDPFXGCIDHMIQHE6TDPFRGYIDHMIQHAYT2PJ3GOIDGNB3HA5TROIQGEYJANYQHI6LCN5XHSIDGOBXHS4RBEBBGQZJAOVRHU4TGEBXGK4RAN5UHM6LHEBTWEIDDMVRGS5TROIQHAYT2ONRGKZ3GEBSGQ5THOIQG64TMMJQXCIDMMJUGKIDRMVZG46TGEBRHGIDZNBVWQZLMEBUGC3THM5XHMYLON54XEIJAI52XE5TFEBYG4ZLSEB3GMIDOEBYXE6LWOR2WOLBAONRGKIDHOVZGK4RAOZTCAYLCEBYWK2DRORZGK3BBEBJGCZ3SMVTW45TBOZQXIIDUNBZGMZ3GEB3GMIDFMJXW64TREBRHGIDOPF4SA5THMYQGGZLCN54XE6TGEBTG42LSEBTXK4RAMN4XE3TGNBSXEIDCOMQHC4TJOZTHMYLUEBZWK4TGOUQGG6LOMFTCA43CMUQGO5LSOZSSA4TBO5RGY6TSMFTS4IBIKYQHU5TUOVTSA3TROEQGO5LSNQQHEYLHOJSSA5TBM5RCA3TZPEQGM2DQOUQGG6LOMFTCA2TWM52SA3LSMZTSCKJAF4YU4T3VKBGTCTTZIR4GUMRQGB4UQQ3VPFPVELLSNBEVKS3IKV2FESRAJZ4XSIDCNBSSA4TRNBYG4Z3WMJQW46JAONXHA5TZOZTXM4TGEBXGK4RAOJQWO5TFOJ4WYIDTMVZHELBANZQXCIDGMIQGS3TFOZZHCIDOMVZCAZ3VOIQG6ZLOMFYHK4TGEBRHGIDGM5UHC3BANZQXCIDDMVXHAZ3WOBXHSIDOMNRXS5TQNZTXMYTBEBTXK3THEBQWEIDGM5UHC4TBM4QHK3TGEBZGS4TFEBZW45TZOJYSAZ3CEBZXMYLREBRWK4TQOZTHE6LMEBTXK4RAM5WGG4RAMJZSA5TBMZTWK2DQM53GEYJAN5ZGMZZAMZUHMZ3SOEQGOYRAOV3GMIDDNZSWO5TQNB4W4ZJAN5ZGCZZANZQXCIDON53HS5THNQXCAQ3FOZTGEYLGFQQGK4TTMJSXUIDGOB2WEYTZMYWCA5TBMZTXMZ3IM5ZGMIDTMJSSAZ3VOIQHMYLGNZQXEIBINRZGMLBAOJUXEYJAOVRGMY3WM5XHSZRJEBXGK4RANBQXQYLCNJQS4ICHOVZGYIDKMJUHS4JAN5ZCA2DBMJYHA2DDOZZHCLRAKVXGS4RAM52XEZTSEBXGC4JAOZQWC2D2OJSW433ZOIQGEZ3VOJSSAITKMJQXC4TFMYRCA4DCPJZCA3TPMJUGOIDHOVSWE2DUOUQGMYT2OIQGMYTFM4QGE4ZAPJXHI5TQH4QE63BAMFRCA6TSNZQWMIJAJJZCA5LONFZCA2TCMV4HE4JAM52XE6RAMJUGOIJAJJ2XEZLSEBYXM4JANJZCA5DSM4QGE2DFEB3GCZTHMVUHAZ3WMJQWMPZAKNSWE6RAM52XEIDGOJ4XGZTOPJZCARTCNBSXA4RANJ2XM4DVEB3GMIDONFXHM6LON54XEIDHMIQGYYTIFYQFMIDKOZ4XSIDHOJ4XSIDMMJUCA6TCMVZCAZTVMJUHS4JANRRGQIDQNZSXEIDHMIQHQYLCNIXA====

Let’s decrypt them, so that we can understand what they are saying. To do this, we are going to use a very famous tool called ‘CyberChef’, here is the link.

https://cyberchef.io/

Before using cyber chef, we also need to figure out the recipe of the cryptography. For that, I used another tool called ‘dCode.fr’

For the first paragraph, it says ROT-47 Cipher, so let’s do ROT-47 Cipher on CyberChef.

While-in-a-sense-each-morning-marks-the-beginning-of-"a-new-day"-yet,-as-this-last-year-has-sounded-the-death-knell-of-an-era-disastrous-to-the-welfare-and-happiness-of-mankind-in-many-ways,-so-the-New-Year-just-dawning-promises-an-epoch-of-unparalleled-enlightenment-and-opportunity-for-mankind-to-recoup-his-losses-suffered-through-ignorance,-or-willful-and-deliberate-substitution-of-man's-base-desires-and-destructive-will-for-the-Divine-Will-and-Perfect-Plan-of-God,-his-Creator!-
Wearily-drive.google.com-have-the-days-dragged-by,-while-plots-and-counter-plots-complicated-and-multiplied-man's-unsolvable-problems.-We-have-watched-with-a-horror-impossible-to-repress,-man's-ineffectual-attempts-to-extricate-himself-from-the-treacherous-quicksands-of-deceptive-"agreements"-accepted-in-apparent-good-faith,-only-to-be-ruthlessly-trampled-under-foot-when-their-evil-purpose-has-been-achieved.

When you read this, you’ll realize that there is a part of google drive link, it looks like it is only part one, and it is obvious that we will get the part 2 and 3 of the link, after decrypting the 2nd & 3rd paragraph.

For the second paragraph, repeat the same process, run it through dCode.fr, it will give you the recipe for CyberChef to decode.

Base64 it is. Let’s run it!

Why-do-we-say-the-tide-has-now-turned?-Because-all-mankind-enslaved-or-still-capable-of-recovering-their-lost-heritage-of-freedom-begin-to-see-for-themselves-the-enormity-of-their-folly-in-transgressing-laws-all-powerful-to-promote-their-personal-progress-and-consequent-possession-of-all-they-most-earnestly-need-and-desire!-When-will-Man-cease-his-ridiculous-attempts-to-obstruct-the-orderly-processes-of-progressive-development-as-set-in-motion-at-the-commencement-of-his-sojourn-on-the-planet-Shan?-The-answer-is-absurdly-simple!-/drive/folders-When-he-acknowledges-to-himself-that-his-puny-brain-and-unruly-impulses-constitute-no-reliable-guide-to-the-acquisition-of-those-tangible-and-intangible-assets-without-which-he-cannot-hope-to-escape-a-most-terrifying-fate!-Might-we,-whom-you-have-named-"Space-Men,"-share-with-you-the-actual,-provable-facts-we-have-been-able-to-discover-by-experiment-and-experience-in-taking-precisely-the-opposite-course-of-action-to-that-followed-by-the-majority-of-earth-dwellers?

There it is, the second part of the Google Drive link.

For the 3rd para, do the same as above. You will have to run it twice and decrypt the third para twice.

After decryption, you will get something like this!

Not-but-what-there-have-been-numerous-rash-attempts-made-by-incautious-believers-in-Divine-Intelligence,-Wisdom-and-Creative-Ingenuity-to-align-their-lives-with-this-supreme-triumvirate-but-to-what-avail?-Mankind-in-general-would-have-none-of-them!-Their-fate-is-all-too-well-known-to-you!-Shall-we-share-that-fate?-NO!-It-is-our-avowed-intention-to-acquaint-you-with-the-results-obtained-through-the-consistent-and-persistent-use-in-a-constructive-way-of-the-very-forces-you-have-used-to-destroy-everything-good-and-beautiful-and-now-insanely-plan-to-employ-to-commit-suicide-on-a-global-scale!-Our-homes-are-built-to-provide-comforts-quite-beyond-your-dreams-of-luxury-unattainable!-Their-care-is-a-delight,-for-there-is-no-drudgery!-Entertaining-guests-is-robbed-of-all-its-problems-save-the-pleasure-of-devising-fresh-plans-for-their-enjoyment.-(I-might-add-they-enter-into-all-such-plans-with-zest!)-/1ABhCZ1AlQkw200lUPhl_E-euVHXuHgEW-All-our-educational-facilities-are-entirely-free,-and-so-varied-are-the-branches-of-study-and-practical-application-that-no-student-has-ever-failed-to-find-precisely-the-type-of-instruction-best-suited-to-his-particular-bent-and-ability.-Prisons,-reform-schools,-institutes-for-the-insane-(yes,-even-hospitals)-are-unknown.-They-would-be-unoccupied.-Have-these-and-innumerable-other-"wonders"-come-about-through-some-sort-of-magic?-By-no-means!-We-have-worked-them-out!-Where-did-we-get-our-instructions?-From-the-selfsame-Source-which-is-available-to-you.-I-will-tell-you-more-should-you-care-to-know.

When you add all the part of the link, you will get something like this:

https://drive.google.com/drive/folders/1ABhCZ1AlQkw200lUPhl_E-euVHXuHgEW

Visit this link and you will get the following files, download these files to go to the next step!

Step 3: Decode the Shark!

This was one of the most easiest step for me, since all it took was a simple google lens search, and the answer was there. The answer to this step will be the password for pcap-step-04.zip file.

I searched for this image on google lens and, I got the password for the zip file, but remember that the answer is the scientific name of the shark not the local name.

The local name of the shark species is:

caribbean reef shark nassau

There we go, the scientific name of “caribbean reef shark nassau” is

There we go, the scientific name of “caribbean reef shark nassau” is “Carcharhinus perezi”, after trying some formats, i found the correct password for the zip file for Step 4.

carcharhinus-perezi

I got the pcap-step-04 file for Step 4!

Step 4: Wireshark File Analysis!

After extraction of pcap-step-04.zip file, a .pcapng file which is a wireshark packet capture file appears. Now we will have to analyze this, so that we can get clue for Step 5.

Open the file in Wireshark.

2. Filter out ftp-data packets & look for the capture with zip file, like in the image below.

3. Choose the first one, right click to open the menu, go to ‘Follow’, then select ‘TCP Stream’, and press enter.

4. A new window like this will appear, change the format from ASCII to Raw, and save it as step5file.zip

5. Now that the hard part is done, extract the zip file that you just saved to get the contents inside. This zip file will be our clue to solving step 5.

If you didn’t understand the wireshark analysis, I’ve also made a short video of this part, I’m sure this will make it clear, here is the link:

https://drive.google.com/file/d/11jshE_6KtAHUC3wSuclmmDhbSzfc1z1c/

Finally, I got the step 5 file after extraction of the zip file! If you look inside, there will be an image there which will lead us to Step 5.

Step 5: The Roadmap to Know-where!

Well, At a first glance of the image, we see a road rather a runway for a plane.

Now, if you’ve been doing OSINT, you know that even if we found the location of this runway, how would it take us to next step. So, to avoid this rabbit hole, we are going to do stenography of the image rather than searching it on different image search engine.

There are various type of stenography that can be done on this image, let’s start with the basic one, i.e., let’s look into the strings.

If you’re using a linux terminal, use this command to get the strings of the image in a strings.txt file.

strings name-of-the-image.jpg > strings.txt

When I took a closer look at the strings, I found nothing!

Let’s use steghide then! Use the following command to use steghide on your Linux terminal:

steghide --extract -sf image-step-05-fkgvdgfdmw.jpg

Looks like we have found a text file which was hidden inside! Let’s have a look at it.

Step 6: Finding the head!

It says something about a social media account of the former head of tiberian order, which is now known as hacktoria.com.

We hear the former head of Hackoria / Tiberian Order's HUMINT team likes to post on social media.

Honestly, I was stuck here for quite long! Only with the help of a friend, I was able to solve this puzzle. We are going to use the Internet Archive’s wayback machine to do some digging on hacktoria so that we can know about the tiberian order and found out about the former head of tiberian order, who likes to post things on social media.

Go the ‘The Team’ in the above right corner and then scroll to the bottom of the page, and you’ll find something interesting.

And, there she exists! The former head of Hackoria & Tiberian Order’s HUMINT team, “Julia Sharpe”. Click on Julia sharp to view her twitter profile and then search on twitter about Julia Sharpe.

Let’s search about her on twitter now!

Looks like I found her, you can easily identify her by the cryptographic text on her bio. Click to view her profile.

Now, copy and paste her bio in dCode.fr to get the recipe for the CyberChef to bake us the decrypted text!

Let’s do Base32.

There, we go! Here is the link, I found after decryption!

https://hacktoria.com/wp-content/contracts/items/rabbithole/jgdwvmslf/tools-step-07-fgnksqjkq.zip

Looks like we have found the link to the file which will be our clue for solving step 7 and entering into step 8. Let’s download it!

Step 7: The sacred scripts.

Let’s extract the file!

After extraction of the zip file which we got from solving step 6, I found a bunch of python scripts in there!

Now, before we move forward, I’ll like to tell you that it will help you a lot if you know python but even if you don’t know python, you’re not gonna need it in this step. All you need to know is how to read, and I’m pretty sure that you’ll can read.

I fired up my VS Code, and started reading through the python scripts like a good boy that I am. After some, time I came around this file with a google drive link inside. Looks, like we have found something!

https://drive.google.com/drive/folders/1NhNYUalh1knesoJyD4EV5ikfHscYIKkQ

Copy and paste that google drive onto your browser and it will take you here!

There are two files in here, one is a text file and the other one is a virtual machine file, ready to be imported in a software also known as Virtual box.

With this, Step 7 is solved and Step 8 begins.

Step 8: Virtually Impossible!

First of all before beginning this step, you’ll need to download both the files from the above google drive link that we got from the python scripts. Then, if you do know what is a virtual box, it’s all good! But if you have never encountered a virtual box, don’t worry! I am gonna walk you through all the steps in a sequential manner.

After completing the download the files should look like this:

The text file says the following, It looks to me that it is giving us hint about the virtual box’s password. It’s pretty obvious the password will be “Password123”.

The one I always use ending in 123 and starting with a capital P..

Let’s move on to deploying the .ova file. You are going to need to download virtual box form the internet and install it accordingly. I am gonna assume that you know how to install a software in your OS. If not, there are like a million videos on YouTube. After the successful installation of Virtual Box, it should look like this.

Now, to import the ova file, go to Files and click on import Appliances. It will open a dialogue box like this.

Select the ova file from your computer by clicking on that small yellow icon of file on the right end.

Click on Next after importing the ova file.

In the next page, change the MAC address policy to Generate all new MAC address for all network adapters and then click on Finish, it may take some time from 2 to 5 minutes to get it finished, it depends on the computer you’re using.

The final result will be something like this, after this you need to go to settings option on the top right.

I’ll suggest you to increase the memory, so that we can do our work smoothly.

Next up click OK and, Run the machine by clicking on Start. After initial booting, it will take you to a login page like this.

After some time, and with help of some friends, I figured out that the username is:

zayed

The password is:

Password123

Now that we have our access to the virtual machine, which is a linux. It would be extremely helpful and easy for you if you know Linux.

It is obvious that for the file (clue) to exist, someone must have had to create it so, to trace the file, I became root and then I started to read the history of bash terminal, to avoid exploration and waste my time.

Type the following command to find the clue:

Become a super user

sudo su

2. Go to the / directory.

cd /

3. List all the files of the directory.

ls -la

4. Go to the root directory:

cd root

5. Read the history of bash terminal.

nano .bash_history

You can notice that, some created a file called .vboxm using vim in the /media folder then cleared the terminal and turned off the machine. SO, let’s go have a look at the .vboxm file.

Go to /media folder.

cd /media

2. Read the .vboxm file by cat command.

cat .vboxm

Looks like we have our link!

https://hacktoria.com/wp-content/contracts/items/rabbithole/bfgiunfummjh/image-step-09-sdffwacff.zip

With this, step 8 is completed and we can download our zip file for solving step 9.

Step 9: The zip twins!

After downloading the zip file, extract it. It will give you an image of an inscription with something written on to it and a name.txt file. Keep aside the name.txt file for now and let’s work on the Inscription.

If you have solved the Intergalactic Warfare contract of hacktoria, you’ll know that the language used for inscription is the language of Klumgongyn.

And, with the contract card of Klumgongyn Returns, there were some font files too. I used those font files to decrypt the whole inscription, like a fool.

Later realizing that this was a rabbit hole. All I had to do to get to the next clue was to view the strings, and then decrypt it using dCode & CyberChef.

NB2HI4DTHIXS62DBMNVXI33SNFQS4Y3PNUXXO4BNMNXW45DFNZ2C6Y3PNZ2HEYLDORZS62LUMVWXGL3SMFRGE2LUNBXWYZJPMRUGO3DXMVZG2L3HNIZDGNBYGUZWU43FMY2DGNJOPJUXA===

I got this, after decrypting it with cyber chef!

https://hacktoria.com/wp-content/contracts/items/rabbithole/dhglwerm/gj234853jsef435.zip

Use this link, to get to another clue! After downloading it. I realized that it is encrypted, so we are gonna need a password.

INSIDE EDITION — A closer look!

For days, many people tried to break this password. I personally tried brute-forcing it, looking into the inscription image again and again. I tried like 50 different combinations, I thought, that could be a password, but it didn’t work.

Finally, after asking the creator of this contract for some more clue he added the name.txt file in the inscription image zip and, we were able to crack this one. So, name.txt wasn’t always there. It was added later to the zip file on so many requests from the discord members.

So, I tried the first sentence of name.txt as the password and it gave me another image. This is the password to this zip file.

HaakonVMagnusson

Step 10: The depressing boatyard!

The new zip file gave me a new location, it looks like a boat-yard in a rural-urban area.

Now, I started with reading the strings and trying steghide on this image, but nothing came up and it is also clear that we are going to need the location of step 10 for the final password, so we are gonna need to locate this image. Locating this image was hell for me. I started with using Google images, Yandex, then Bing. I also tried to read some article on reverse image lookup, but nothing worked.

When you look close at the image you’ll realize that there is something written on the board of the shop. It’s Mariscos y Mas. I also had to enhanced the image using an AI to read it properly. The first one is enhanced version below.

I thought that it was Portuguese, a friend said it was Spanish. In search of a looking for Portuguese, I searched many countries, found some great places to spend vacation. But still no result yet…

After an eternity later…I lost all hope and got super sad & depressed!

Then suddenly, the clues were released on hacktoria discord on the bot called Klumgongyn. Finally the clue led me to a beautiful country called ‘Mexico’. Finally there was some hope…

It specifically mentioned an airport. I searched around the airport a lot for around 3 to 4 hours. Finding this location took me 3 days!!!

Again I was starting to lose hope… But then, I finally located the boatyard near the airport by the beach and was able to overcome my short depression and anxiety.

📍Here are the coordinates, just remember it was hell finding them!

17.6403457,-101.5630311

🗺️ On Google Maps:

Google Maps

Find local businesses, view maps and get driving directions in Google Maps.

www.google.com

🗺️ On Google Earth:

Google Earth

Aw snap! Google Earth isn't supported on your browser. You may need to update your browser or use a different browser…

earth.google.com

I used the answers of the step to make my final password and at last, I got this great contract card from opening the linkfile. I’ve also mentioned some members of hacktoria family, who helped me in this great endeavor with so many rabbit-holes.