SocialMediaInvestigationHub
SocialMediaInvestigationHub is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Scenario
SocialMediaInvestigationHub attack path
SocialMediaInvestigationHub is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Objective
Challenge walkthrough focused on OSINT evidence, validation, and reusable operator lessons.
Walkthrough flow
Inspect static React/Vite bundle for API routes and...
Start API session to enumerate exact questions.
Correlate TechReviewer2024 across ChirpNet,...
Extract identity, prior employer, campaign codename,...
Submit accepted answer strings and request final...
Source coverage
High source coverage
Status: complete. This article is generated from 4 sanitized Markdown sources and keeps raw flags, credentials, keys, cookies, and reusable secrets out of the rendered blog.
Good confidence: the page has enough source material to read as a complete walkthrough, but the supporting evidence set is smaller than the highest-confidence cases.
- OSINT/SocialMediaInvestigationHub/writeup.md
- htb-challenge/OSINT/SocialMediaInvestigationHub/notes.md
- htb-challenge/OSINT/SocialMediaInvestigationHub/memory-summary.md
- htb-challenge/OSINT/SocialMediaInvestigationHub/hypothesis-board.md
Technical Walkthrough
Writeup
Challenge
- Name: Social Media Investigation Hub
- Category: OSINT
- Difficulty: Unknown
- Remote:
<TARGET>:32046
Summary
The live app is a React/Vite single-page OSINT hub with three mock platforms: ChirpNet, ConnectPro, and ForumHub. Searching TechReviewer2024 exposes linked accounts that identify the operator, prior RivalTech employment, coordinated reviewer network, campaign codename, and target product.
The final solve uses the API's accepted answer formats for all nine questions and requests the final flag.
Artifact Inventory
analysis/http-index-response.txt: app shell.analysis/index.js: frontend bundle with mock social data and API calls.analysis/api-start-response.txt: sanitized API question response.analysis/platform-evidence.md: extracted cross-platform findings.analysis/answer-format-attempts.txt: accepted answer validation.solve/solve.py: reproducible API solve.
Analysis
The frontend bundle exposed API routes:
POST /api/start-challengePOST /api/submit-answerPOST /api/get-flag
It also embedded the mock platform data. The critical cross-platform links were:
- ConnectPro real identity:
Alex Morgan. - ConnectPro prior employer:
RivalTech Inc. - ForumHub coordination post:
XyloPhone Pro Campaign Coordination. - ForumHub codename:
operation_social_storm_2024. - ChirpNet timing: suspicious reviewer accounts clustered around February 2024.
Solve
Run:
python3 solve/solve.py <TARGET> 32046 --save loot/flag.txtThe script starts a session, submits all accepted answers, prints the flag, and optionally saves it to loot/flag.txt.
Flag
Raw flag is stored in loot/flag.txt.
Lessons
- For web-backed OSINT hubs, inspect the frontend bundle before manual UI work.
- Mock social platforms may expose structured data directly in the bundle.
- Save failed answer-format attempts because they reveal the API's expected interpretation of ambiguous questions.
Source-Backed Dossier
The sections below are merged from companion Markdown notes for the same case. They are rendered after sanitization so the article stays precise without publishing raw flags, credentials, or target-specific secrets.
Notes
Scope
- Challenge: Social Media Investigation Hub
- Category: OSINT
- Difficulty: Unknown
- Remote instance:
<TARGET>:32046 - Start time: 2026-05-11T18:43:33Z
- Operator: Codex
Artifact Inventory
| File | Size | SHA256 | Type | Notes |
|---|---|---|---|---|
analysis/http-index-response.txt | 844 | see analysis/sha256sums.txt | HTTP response | Static app shell |
analysis/index.js | 183430 | see analysis/sha256sums.txt | JavaScript | Frontend bundle with mock platform data |
analysis/api-start-response.txt | 1170 | see analysis/sha256sums.txt | HTTP/JSON response | Sanitized API question response |
Evidence Ledger
| Time | Action | Output/File | Finding | Confidence | Next |
|---|---|---|---|---|---|
| 2026-05-11T18:43:33Z | Fetched / | analysis/http-index-response.txt | nginx serves React/Vite Social Media Investigation Hub | High | Inspect bundle |
| 2026-05-11T18:43:53Z | Downloaded frontend assets | analysis/index.js, analysis/index.css | Bundle contains mock ChirpNet, ConnectPro, ForumHub data plus API calls | High | Query API questions |
| 2026-05-11T18:44:20Z | POST /api/start-challenge | analysis/api-start-response.txt | API returns nine TechReviewer2024 investigation questions | High | Extract cross-platform evidence |
| 2026-05-11T18:45:00Z | Reviewed bundle data | analysis/platform-evidence.md | Real name, RivalTech history, campaign codename, product, subreddit role, education, connections, karma identified | High | Submit answers |
| 2026-05-11T18:46:00Z | Submitted answer candidates | analysis/answer-format-attempts.txt | API accepted all nine answers after one education-format correction | High | Request final flag |
| 2026-05-11T18:46:10Z | Requested /api/get-flag | loot/flag.txt | Final HTB-format flag captured and stored in loot only | High | Write solve script |
Key Findings
TechReviewer2024maps to Alex Morgan through ConnectPro.- Alex Morgan previously worked for
RivalTech Inc.. - ForumHub contains direct XyloPhone Pro campaign coordination and the codename
operation_social_storm_2024. - Cross-platform timing points to February 2024 for suspicious reviewer-account coordination.
- The API's accepted education answer was the institution, not the degree.
Secrets/Flags
Raw flags and sensitive material stay in loot/ only. Do not paste them here.
| 2026-05-27T23:35:17Z | backfill | challenge-state.json | Legacy workspace backfilled with deterministic state | High | Validate before further work |
Memory Summary
Metadata
- Platform: HackTheBox Challenges
- Category: OSINT
- Challenge: Social Media Investigation Hub
- Difficulty: Unknown
- Source workspace:
<local workspace>
Validated Solve Chain
- Inspect static React/Vite bundle for API routes and embedded mock social data.
- Start API session to enumerate exact questions.
- Correlate
TechReviewer2024across ChirpNet, ConnectPro, and ForumHub. - Extract identity, prior employer, campaign codename, target product, account timing, subreddit role, institution, connection count, and karma.
- Submit accepted answer strings and request final flag.
Reusable Lessons
- Web-backed OSINT hubs can store all social-platform evidence client-side in the JavaScript bundle.
- API explanations after accepted answers are useful evidence and should be saved.
- Ambiguous questions may expect institution rather than degree, or exact platform wording rather than natural-language interpretation.
Dead Ends
Bachelor of Science in Marketingwas rejected for the education question;University of California, Berkeleywas accepted.
Tool Quirks
/robots.txtand/sitemap.xmlreturned the SPA shell.- Session cookies and session ids appear in API captures and must be redacted before memory export.
Evidence Paths
analysis/index.jsanalysis/api-start-response.txtanalysis/platform-evidence.mdanalysis/answer-format-attempts.txtsolve/solve.py
Ingestion Decision
- Proposed for LightRAG: yes
- Requires user approval before ingestion: approved for sanitized learning auto-ingest by user instruction
- Ingested into CTF LightRAG: 2026-05-11T19:22:13Z via track
scan_20260511_192213_765c608c
Hypothesis Board
| Rank | Path | Evidence | Missing Proof | Cheapest Validation | Confidence | Status |
|---|---|---|---|---|---|---|
| 1 | Cross-platform mock social data contains all answers | React bundle includes ChirpNet, ConnectPro, ForumHub profiles for TechReviewer2024 | Exact accepted strings | Submit answers to /api/submit-answer | High | Confirmed |
Closed Branches
| Branch | Evidence Tested | Failure Output | Reason Closed | Revisit Condition |
|---|---|---|---|---|
| Education answer as degree | Submitted Bachelor of Science in Marketing | API rejected answer | API expected institution rather than degree | Revisit if question wording or accepted answer changes |
Technical analogy
How to remember this solve
Think of OSINT like building a detective board. Each source is one pinned note; the solve comes from connecting the notes that agree with each other and rejecting the ones that only look plausible.
For SocialMediaInvestigationHub, keep the mental model simple: identify the trusted assumption, prove it with the smallest safe test, then automate or repeat only the part that directly leads to the flag.