DeconstruCT.F 2023 - Hash Roll
Description
Category: Forensics
Augustine’s friend took a important file of augustine and stashed it. He was able to grab all the files from his friend’s machine but he is worried that the files are encrypted. Help him get the file back
Attachments:
Hint
Rule 3 does not apply here. Bruteforce is allowed.
Resolution
As the name implies encrypted1.zip
is encrypted.
We can bruteforce the password using John the Ripper:
- we convert the zip to a hash so that
john
can crack it:1
$ ./zip2john encrypted1.zip > hash
- we crack the password using dictionary attack with
rockyou.txt
:1 2 3 4 5 6 7 8 9 10 11 12
$ john hash --wordlist=rockyou.txt Warning: detected hash type "ZIP", but the string is also recognized as "ZIP-opencl" Use the "--format=ZIP-opencl" option to force loading these as that type instead Using default input encoding: UTF-8 Loaded 1 password hash (ZIP, WinZip [PBKDF2-SHA1 256/256 AVX2 8x]) Cost 1 (HMAC size) is 143716 for all loaded hashes Will run 8 OpenMP threads Press 'q' or Ctrl-C to abort, 'h' for help, almost any other key for status diosesamor (encrypted1.zip/flag.jpg) 1g 0:00:00:00 DONE (2023-08-05 11:27) 1.960g/s 32125p/s 32125c/s 32125C/s 123456..christal Use the "--show" option to display all of the cracked passwords reliably Session completed.
Now we have the password, we can decrypt encrypted1.zip
and open flag.jpg
:
And we get the flag: dsc{N3v3r_9OnNA_gIv3_y0u_up}
.
This post is licensed under
CC BY 4.0
by the author.