The Last Great ZIP File

Challenge:

Help! I’ve created a zip archive that contains my favorite flag, but I forgot the password to it. Can you help me recover my flag back?

You may need to use another program such as wget to download the file if your browser is blocking the download. Now to get the password hash from the zip file

Solution:

As mentioned in the challenge description, the provided Zip archive was password protected. The description also mentions getting “…the password hash from the zip” which is a clear hint that the password will need to be cracked.

I used the zip2john utility from John the Ripper to extract the password hash from the Zip file:

$ zip2john flag.zip > flag.hash

ver 2.0 flag.zip/flag.png PKZIP Encr: cmplen=21967, decmplen=26352, crc=574ADED2 type=8

I then used John the Ripper and the “RockYou” wordlist against the extracted hash:

$ john flag.hash --wordlist=rockyou.txt 

Using default input encoding: UTF-8
Loaded 1 password hash (PKZIP [32/64])
Will run 4 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
Soldat*13        (flag.zip/flag.png)
1g 0:00:00:01 DONE (2020-10-24 14:53) 0.8547g/s 9053Kp/s 9053Kc/s 9053KC/s Stoop!..SoCcEr007
Use the "--show" option to display all of the cracked passwords reliably
Session completed. 

The password Soldat*13 was identified fairly quickly as the correct one and opening the Zip archive produced a PNG image file containing the flag:

Published:

Updated:

Leave a comment