Rabbit Hole

Greetings Special Agent K. Today we have a special Contract. At the time of writing, 06.12.2022 at 19:48 EET, Hacktoria is now one year old. The first ever Monthly Capture the Flag event was announced roughly one year ago, between 06 and 15.12.2021. Meaning this was the week that the idea for “Story Driven OSINT Capture the Flag Exercises” was born.

To thank everyone who’s been a part of this journey and celebrate the birthday of Hacktoria, I present you with the “Rabbit Hole” Contract. The name stems from the OSINT term “Rabbit Hole”, where the investigator chases after suspected leads and clues, not knowing if or where they will end. Or… If they’re even real.

This Contract will take you through almost all disciplines covered in Hacktoria events and Contracts so far, with the inclusion of some new concepts as well. Only limited by the exclusion of steps that would be too fragile to stay online permanently. For example, the art gallery in the Mona Lisa Heist, would be too unpredictable for a permanent Contract. As a guideline, I can say this Contract is comprised of 10 steps in total. Various steps will hint to where you are, using the step number in filenames.

With the first step for this Contract, I present you the first ever complete archived screenshot of the Hacktoria website. Made on 15.12.2021 at 14:04:04. I hope you enjoy this Contract, and all those to come in the future. Thank you for being part of this.

As always, Special Agent K. The Contract is yours, if you choose to accept.

Password instruction flagfile:

  • Species from step 03
  • Social handle from step 06
  • Username from step 08
  • Country and Streetname from step 10

Example password:


Download Flagfile

Download Original Image

Write-ups: Rabbit Hole

Submit your own in our Discord “brand-intel” channel for a reward of 100,000 HC or 200,000 HC for the first write-up of the contract.

7069wrk (detailed)https://medium.com/@7069wrk/hacktoria-rabbit-hole-8f82f99f99a3