Description:
The provided 73168.zip file is password-protected. Cracking the password using fcrackzip reveals that an all-numeric password was used, and that the zip file contains another password-protected zip file, which in turn contains another password-protected zip file, etc.
Let’s write a script that recursively cracks and extracts the zip files:
#!/usr/bin/env bash
while [ -e *.zip ]; do
files=*.zip;
for file in $files; do
echo -n "Cracking ${file}… ";
output="$(fcrackzip -u -l 1-6 -c '1' *.zip | tr -d '\n')";
password="${output/PASSWORD FOUND\!\!\!\!: pw == /}";
if [ -z "${password}" ]; then
echo "Failed to find password";
break 2;
fi;
echo "Found password: \`${password}\`";
unzip -q -P "${password}" "$file";
rm "${file}";
done;
done;Leave it running for a while, and you’ll end up with 12475.zip, a zip file with a slightly more complex password. Let’s crack it:
$ fcrackzip -u -l 1-6 -c 'a1' 12475.zip
PASSWORD FOUND!!!!: pw == b0yzzThe password is b0yzz. Let’s unzip:
$ unzip -q -P b0yzz 12475.zipWe end up a file named mess.wav. Open it in a sound editor like Audacity, and view the sound waves as a spectrogram.
It reveals the text BallsRealBolls, which is the flag.
An alternative way to come up with the passwords for all the intermediate zip files, is by using unzip -l to list the compressed file’s file name (which was always the same as the password for the parent zip for this challenge):
#!/usr/bin/env bash
f="$1";
while test -e "$f"; do
mv "$f" _a.zip;
p=$(unzip -l _a.zip | grep -v Archive | grep zip | awk '{print $NF}' | sed 's:\.zip::'| head -1);
echo "File = '_a.zip', password = '$p'";
unzip -P "$p" _a.zip;
f="$p.zip";
ls -l "$f";
done;- none yet