Help! I’ve created a zip archive that contains my favorite flag, but I forgot the password to it. Can you help me recover my flag back?
You may need to use another program such as wget to download the file if your browser is blocking the download. Now to get the password hash from the zip file
As mentioned in the challenge description, the provided Zip archive was password protected. The description also mentions getting “…the password hash from the zip” which is a clear hint that the password will need to be cracked.
I used the
zip2john utility from John the Ripper to extract the password hash from the Zip file:
$ zip2john flag.zip > flag.hash ver 2.0 flag.zip/flag.png PKZIP Encr: cmplen=21967, decmplen=26352, crc=574ADED2 type=8
I then used John the Ripper and the “RockYou” wordlist against the extracted hash:
$ john flag.hash --wordlist=rockyou.txt Using default input encoding: UTF-8 Loaded 1 password hash (PKZIP [32/64]) Will run 4 OpenMP threads Press 'q' or Ctrl-C to abort, almost any other key for status Soldat*13 (flag.zip/flag.png) 1g 0:00:00:01 DONE (2020-10-24 14:53) 0.8547g/s 9053Kp/s 9053Kc/s 9053KC/s Stoop!..SoCcEr007 Use the "--show" option to display all of the cracked passwords reliably Session completed.
The password Soldat*13 was identified fairly quickly as the correct one and opening the Zip archive produced a PNG image file containing the flag: