- This week we have a challenge!
- The challenge is to unzip a zip file!
unzip Safe.zipArchive: Safe.zip[Safe.zip] jXeC.zip password:- The challenge is to guess the password!
- The challenge is to unzip a zip file!
- The challenge is to guess 30 passwords!
- That sounds hard!
- So we’ll do it automatically!
- So we’ll do it automatically!
- That sounds hard!
- You may notice that this doesn’t parse the output of john!
- That seems like it might be hard!
- We’ll do it… semiautomatically!
- That seems like it might be hard!
What follows is real, uncensored shell history – viewer discretion is advised
$ ./solve.sh jXeC.zip
$ john --show jXeC.zip
$ john --show example.hash
$ unzip jXeC.zip
$ ./solve.sh dHag.zip
$ unzip dHag.zip
$ ./solve.sh bSmC.zip
$ unzip bSmC.zip
$ ./solve.sh pbtJ.zip
$ unzip pbtJ.zip
$ ./solve.sh VGQc.zip
$ unzip VGQc.zip
$ ./solve.sh jxLD.zip
$ unzip jxLD.zip
$ ./solve.sh iXZA.zip
$ unzip iXZA.zip
$ ./solve.sh KxrU.zip
$ unzip KxrU.zip
$ ./solve.sh DlTL.zip
$ unzip DlTL.zip
$ ./solve.sh PEOa.zip
$ unzip PEOa.zip
$ ./solve.sh Dggp.zip
$ unzip Dggp.zip
$ ./solve.sh tXFO.zip
$ unzip tXFO.zip
$ ./solve.sh IrHd.zip
$ unzip IrHd.zip
$ ./solve.sh wedJ.zip
$ unzip wedJ.zip
$ ./solve.sh wbTt.zip
$ unzip wbTt.zip
$ ./solve.sh TUuF.zip
$ unzip TUuF.zip
$ ./solve.sh tiTW.zip
$ unzip tiTW.zip
$ ./solve.sh dFhG.zip
$ unzip dFhG.zip
$ unzip dFhG.zip -P DSLA
$ unzip dFhG.zip
$ ./solve.sh fjIZ.zip
$ unzip fjIZ.zip
$ ./solve.sh CMMw.zip
$ unzip CMMw.zip
$ ./solve.sh MzNR.zip
$ unzip MzNR.zip -p YQND
$ man unzip
$ unzip -P YQND MzNR.zip
$ ./solve.sh jLUX.zip
$ unzip -P YQND jLUX.zip
$ unzip -P WBOZ jLUX.zip
$ ./solve.sh XDDN.zip
$ unzip -P PEEC XDDN.zip
$ ./solve.sh vfyN.zip
$ unzip -P qoxe vfyN.zip
$ ./solve.sh uwPY.zip
$ unzip -P NgHV uwPY.zip
$ ./solve.sh xfQR.zip
$ unzip -P fhkC xfQR.zip
$ ./solve.sh DtQE.zip
$ unzip -P teEk DtQE.zip
$ ./solve.sh KWHz.zip
$ unzip -P peRR KWHz.zip
$ ./solve.sh EVqP.zip
$ unzip -P wgcw EVqP.zip
$ ./solve.sh DZen.zip
$ unzip -P Alon DZen.zip
$ ./solve.sh Qymr.zip
$ unzip -P rTPR Qymr.zip
- That was convenient and definitely faster than figuring out how to parse out the stdout of john! (UNIX timestamps benchmark me at around 650 seconds and honestly that might be faster than how long it would take for me to script that)
- We have a word doc!
grep -rn osu{returns nothing 🙁- Let’s look at the .docx file after unzipping it!
feh media/image1.png
- Let’s look at the .docx file after unzipping it!
- We have a word doc!
- Epic! Let’s scan it with our phone!
- Helb helbbb heellp it not working!
- Oh it’s not supposed to be a link. ok. I guess i never really put it together that these things can hold more than just a link
- Let’s scan it with our computer!
- Let’s scan it with our computer!
- Oh it’s not supposed to be a link. ok. I guess i never really put it together that these things can hold more than just a link
- Helb helbbb heellp it not working!
7f 45 4c 46 01 01 01 00 79 5f 66 69 67 30 30 33 02 00 03 00 01 00 00 00 50 ef bf bd 04 08 2c 00 00 00 00 00 00 00 00 00 00 00 34 00 20 00 01 00 00 00 00 00 00 00 00 ef bf bd 04 08 00 ef bf bd 04 08 ef bf bd 00 00 00 ef bf bd 00 00 00 05 00 00 00 00 10 00 00 31 31 69 6e ef bf bd 04 00 00 00 31 ef bf bd 43 ef bf bd 04 00 00 00 ef bf bd 7d ef bf bd 04 08 cd 80 ef bf bd ef bf bd 71 cd 80 29 ef bf bd cd 80 ef bf bd ef bf bd 44 cd 80 ef bf bd ef bf bd 35 4a 4a cd 80 48 4b cd 80 6f 73 75 7b 7d 0a 0a
- This is an ELF!
- Converting it to a binary in cyberchef gives us
$ ./download.dat
zsh: exec format error: ./download.dat
- But that’s ok! Because we can run
strings!
$ strings download.dat
y_fig003
11in
osu{}
$submit osu{fingy_30011}$submit osu{y_fig00311in}- Helb helbbb heellp it not working!
- Helb helbbb heellp it not working!
Let the record show that I was getting pretty close with my guesses and if hypothetically the flag ended in a g I definitely 100% would have guessed it in one second. Please hypothetically award me a gold star.