TJCTF 2019: All The Zips
Forensics - 20 points
140 zips in the zip, all protected by a dictionary word.
This was the first zip file challenge that I attempted. Afterwards, I have noticed that almost every CTF competition has at least one of these. A pile of zip files is provided, and one of them is supposed to contain the flag.
Being new to this, I first researched the tools I would need, and found that the fcrackzip utility is the easiest to use.
for i in *.zip ; do fcrackzip -D -u -p /usr/share/dict/words $i >> passwords ; done
These are the commands used to…
Crack a zip file at
$i using the system dictionary as a wordlist and save the result to a tempfile:
fcrackzip -D -u -p passwords zip3.zip | cut -c 27- | grep . > currentpassword
Read in password from file:
Save flag to a file,
unzip -p -P $password zip3.zip flag.txt | grep . >> allflags
Final script used to automate:
echo starting script... for i in *.zip do echo $i fcrackzip -D -u -p passwords $i | cut -c 27- | grep . > currentpassword password=$(cat currentpassword) echo $password unzip -p -P $password $i flag.txt | grep . >> allflags done