Cred Hunter - HackTheBox

Challenge Info

Field	Value
Event	HackTheBox
Category	Programming/Misc
Difficulty	Easy
Target	94.237.56.175:43741
Flag	HTB{th4t_1s_4n_0bvi0us_p41r1ng}

Description

The data leaked quietly - unnoticed, unguarded, and brimming with opportunity. You're in deep now. A tangle of credentials spilled from a forgotten system connected to CygnusCorp's sprawling digital perimeter. Half garbage, half gold. Somewhere in this chaos are access keys - real names, real logins, real passwords. You just have to find the ones that match.

Analysis

This is a web-based coding challenge using Monaco editor interface. The task involves:

1. Input: N strings containing a mix of emails and passwords
2. Email Format: CygnusCorp uses firstname + first_letter_of_lastname@domain
   • Example: [email protected] (Alice J.)
   • Example: [email protected] (Josh R.)
3. Valid Pair: An (email, password) pair is valid when the firstname (extracted from email) appears as a substring in the password
4. Output: All valid pairs sorted lexicographically by email, then by password

Key Insight

The email format firstnameX@domain means:

• Local part = firstname + first_letter_of_lastname
• Therefore: firstname = local_part[:-1] (remove last character)

For example:

• [email protected] -> firstname = lisabeth
• [email protected] -> firstname = nevin
• [email protected] -> firstname = joice

Solution

Algorithm

1. Parse input - Read N strings
2. Classify strings - Separate emails from passwords using regex
3. Extract firstnames - For each email, get local_part[:-1]
4. Find pairs - For each (email, password) combination, check if firstname is substring of password
5. Sort and output - Sort pairs lexicographically (email first, then password)

Python Solution

import re

...