So UTCTF went great for us. We finished 6th in CTF and also ended up in the top 5 for the CTFs which were almost running parallelly(Pragyan CTF, AeroCTF) with this one. So yeah, it was a great weekend for us.
So let us get on with the challenge now.
Description:
The description gives away the exploit for the challenge. We have to use John-The-Ripper to unlock the ZIP file. Wait, it is not that easy.
Well, the only clue I received from the admin was to RTFM(not offensive folks :P) of John-The-Ripper.
So I pretty much figured out that I had to change the “john.conf” file to suit my needs.
Searching on the internet, I came across this wonderful blog that almost helped me to solve the challenge,
https://www.gracefulsecurity.com/custom-rules-for-john-the-ripper/
This blog gave the necessary info on what the challenge was about. So I had to (maybe) insert a custom rule set in the john.conf file to crack the password. But my version of John, JTR-1.8.0 did not have any custom rule set preloaded in it and also when I tried to change the rule set, the change resulted in JTR not working at all 😦
So I found a GitHub repository which provided me with bleeding-jumbo and setting it up is pretty simple(Please go through the README for that)
https://github.com/magnumripper/JohnTheRipper
So installed john from this repository and hoped that it would work. For the wordlist, I chose the most famous one, RockYou.txt
So now, I ran the following command,
The password is: minicooper3
So, running the above command yielded me the password. So using the password, I extracted out the flag.png
FLAG: utflag{m1n1_c00p3r_f4n}
Thanks!
Abhiram's Blog 
What custom rule did you end up using?
LikeLike
Hey, I actually didn’t give it any custom rule to solve. I just gave the extension “–rules” and I guess it went through all the specified ones in the file “john.conf”. You can look at the images uploaded now for better understanding. Thanks!
LikeLike