Insider

Download and unzip the file and check the hint:

Hint: A potential insider threat has been reported, and we need to find out what they accessed. Can you help?

Files: 113 files inside a Mozilla folder

If we look in the Mozilla/Firefox/Profiles/2542z9mo.default-release folder (it's the first profile), we find a logins.json file with an encrypted username and password. Some simple Google-Fu brings us to https://github.com/unode/firefox_decrypt. Clone into that and run it against that first 2542z9mo.default-release profile.

┌──(kali㉿kali)-[~/Desktop/HTB/Insider/firefox_decrypt]
└─$ python3 firefox_decrypt.py -f json ../2542z9mo.default-release 
2022-01-29 12:24:16,199 - WARNING - profile.ini not found in ../2542z9mo.default-release
2022-01-29 12:24:16,199 - WARNING - Continuing and assuming '../2542z9mo.default-release' is a profile location
[
  {
    "url": "http://acc01:8080",
    "user": "admin",
    "password": "HTB{ur_8RoW53R_H157Ory}"
  }
]
 

Well that was easy.

©2020 Phoenix Computing Solutions | Powered by Coffee, Sarcasm, and Insanity
  Everything included in the site is the intellectual property of Chris Ruggieri (Neocount Phoenix) and Phoenix Computing Solutions.
  This information should not be construed as legal advice. The owner can not be held liable for anything another entity does with this information.
  This information is solely the opinions and experiences of myself (Chris Ruggieri) and should not be construed as endorsement of any product, service, or of illegal activity

(GET WRITTEN PERMISSION PEOPLE!!)
  Any links I provide as a convenience and for informational purposes only; they do not constitute an endorsement or an approval by the owner of this site for any of the products, services or opinions of the corporation or organization or individual.
  Contact the external sites for answers to questions regarding its content.
  This Includes any links posted by Chris Ruggieri in any other websites, Social Media networks, Online Groups and Online sharing Websites.