8/2/2023 0 Comments Encryptedzip![]() ![]() We’ll use the -v option to generate verbose output and keep track of what it’s doing, and -u, which tells fcrackzip to attempt to use the guessed password to unzip the file to verify that it is correct and reduce the risk of false positives. The tool we’ll use for discovering the password to our ZIP file is fcrackzip. We can see that if we open archive.zip, we can see the file listing inside, but if we double-click to open any of the files we receive a prompt and cannot see the contents without entering the correct password.Ĭracking the password-protected ZIP archive with fcrackzip Now let’s check that the password was properly applied to the archive using the GUI. Also note that the lack of a space isn’t a typo - that’s just the way 7-Zip wants the information to be provided. Finally, the -p option allows us to add a password - in this case, the very secure thisisapassword. We then specify the name of the archive and the file we wish to add. ![]() The a option tells 7-Zip that we’re adding files to an archive. We can then use 7-Zip to create a password-protected ZIP archive. echo "This is a secret file." > secretfile. Creating the text file is a simple as using echo to write some content to a file. To emulate the conditions of the CTF, I needed to create a ZIP archive containing a text file with the would-be flag. Creating a password-protected ZIP archive To make sure I can complete similar challenges in future CTFs (or live scenarios), I decided to do some digging, crack a ZIP, and document my method. One of the questions I didn’t have time for, which I deprioritised as I would have needed to look up the methodology, involved discovering the password to an encrypted ZIP file to access the flag inside. I got most of the answers and finished joint second. Exercises like this are always both a lot of fun and a good way to share knowledge and learn - after all, there’s no better time to pick up new techniques than in the heat of competition. Participants were provided with a system disk image and asked to mount it and complete a number of challenges to discover various flags hidden within the data. I recently took part in a DFIR capture the flag with some colleagues. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |