search

DeadpoolAndObjectOrientedProgramming / icectf-2016

IceCTF 2016 repo
0 stars 0 forks source link

Stage 3 - R.I.P Transmission #37

Closed ikornaselur closed 8 years ago

ikornaselur commented 8 years ago

Description

This seems to be recieving some sort of transmission. Our experts have been working around the clock trying and figure out what the hell it means with no hope of getting to the bottom of it. You're our only hope.

Solution

Flag is: IceCTF{1_Lik3_7o_r1P_4nD_diP_411_7He_ziP5}

koddsson commented 8 years ago 
keidii
any hint for R.I.P. ?
...
resync
keidii: do you know what RIP is?
Glitch
keidii: please don't talk about problems
14:32 Glitch
resync: sush
koddsson commented 8 years ago

Ran binwalk -e on the file after reading this short CTF writeup and it spat out this password protected zip file.

rip.jpg.zip

koddsson commented 8 years ago

This file looked damaged and @ikornaselur wasn't reporting back any results with cracking the password so I googled around and found this guide where the author runs foremost on the zip files that are returned from binwalk. I decided to try and got a way better zip file that didn't look damaged. I proceeded to send that file to @ikornaselur for more bruteforcing.

00000000.zip

ikornaselur commented 8 years ago

Using fcrackzip to brute force the password was actually really quick, with the correct file. 

plex@absalon-plex [23:59:53] [/tmp/zip]   
-> % fcrackzip --help

fcrackzip version 1.0, a fast/free zip password cracker
written by Marc Lehmann <pcg@goof.com> You can find more info on
http://www.goof.com/pcg/marc/

USAGE: fcrackzip
          [-b|--brute-force]            use brute force algorithm
          [-D|--dictionary]             use a dictionary
          [-B|--benchmark]              execute a small benchmark
          [-c|--charset characterset]   use characters from charset
          [-h|--help]                   show this message
          [--version]                   show the version of this program
          [-V|--validate]               sanity-check the algortihm
          [-v|--verbose]                be more verbose
          [-p|--init-password string]   use string as initial password/file
          [-l|--length min-max]         check password with length min to max
          [-u|--use-unzip]              use unzip to weed out wrong passwords
          [-m|--method num]             use method number "num" (see below)
          [-2|--modulo r/m]             only calculcate 1/m of the password
          file...                    the zipfiles to crack

methods compiled in (* = default):

 0: cpmask
 1: zip1
*2: zip2, USE_MULT_TAB

plex@absalon-plex [00:00:15] [/tmp/zip] 
-> % fcrackzip -b -c a -v -m zip2 -l 1-8 -u 00000000.zip
found file 'rip.jpg', (size cp/uc 112199/112190, flags 9, chk ac11)
checking pw bdwgn                                   

PASSWORD FOUND!!!!: pw == bunny
ikornaselur commented 8 years ago

The file inside the zip

rip