Infiltration / hosaka: 09:09 12/01/2020 / Category: Infosec  

Evil Corp LLC

The challenge brief reads "Can you find something to help you break into the company 'Evil Corp LLC'. Recon social media sites to see if you can find any useful information."

Wikipedia states "Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context". Since this challenge is focused on recon of social media sites, my attention is first turned to one of the most powerful freely available tools for gathering information on web sites. This tool leverages multiple data centers across the world and enormous amounts of bandwidth to brute force its way across the internet aggressively following every URL on every site it lands on, also using common directories and paths to guess where content on a given site may be. The data collected by this tool can be searched for using its full-text search index. This tool is Google ...

Google Dorks

Google has many advanced search features which can be leveraged for narrowing down the enormous amount of data it indexes. These include:

  • Exact words or phrases
  • Searching by site or domain
  • Searching by language and region
  • Searches by file type or extension
  • Searches by last update or in a given time frame

Plus many others (Do a Google search to find more!). As this challenged is focused on social media my initial searches were for:

  • "Evil Corp LLC"
  • "Evil Corp LLC"
  • "Evil Corp LLC"
  • "Evil Corp LLC"


The first hit for the first dork initially appeared to have (at least part) of what I was looking for. The page was for "Alia Mccarty" and the top tweet read "What Clas-ERR HTB{s are you?" along with a picture apparently related to Dungeons and Dragons (crests with Cleric, Barbarian, Druid etc.). Under this tweet another crest and the caption "Crest is the key". The format for HackTheBox flags is "HTB{flag}", so taking a couple of (un)educated guesses I tried variations of HTB{Cleric}, HTB{Barbarian} etc. This didn't appear to be the answer. My attention turned to the cryptic title of the post "Clas-ERR", which looked like an obvious clue, again some Google dorks for " "Clas-ERR" and various other social media sites turned up more potential information. Initially a hit on linkedin lead me to the pseudo company "Evil Corp LLC" and the other "employees" that work there, one of the employees Elliot Alderson (Mr Robot reference) had what appeared to be a HTB flag in their profile



This wasn't the flag. After trawling through more and more related linkedin profiles and various other dead ends I tried another Google dork for another social media site:

  • "Evil Corp LLC"

Only one hit. Immediately a picture stood out, a badge with a barcode. My presumption was the barcode itself may have a clue and my heart sank a little when contemplating requiring a barcode scanner. My presumption was wrong.


There it is, note that those are not capital "O" but "0"