UTCTF’19 RIP Forensics Write-Up

So UTCTF went great for us. We finished 6th in CTF and also ended up in the top 5 for the CTFs which were almost running parallelly(Pragyan CTF, AeroCTF) with this one. So yeah, it was a great weekend for us.

So let us get on with the challenge now.


Screenshot from 2019-03-11 10-15-31

The description gives away the exploit for the challenge. We have to use John-The-Ripper to unlock the ZIP file. Wait, it is not that easy.

Well, the only clue I received from the admin was to RTFM(not offensive folks :P) of John-The-Ripper.

So I pretty much figured out that I had to change the “john.conf” file to suit my needs.

Searching on the internet, I came across this wonderful blog that almost helped me to solve the challenge,


This blog gave the necessary info on what the challenge was about. So I had to (maybe) insert a custom rule set in the john.conf file to crack the password. But my version of John, JTR-1.8.0 did not have any custom rule set preloaded in it and also when I tried to change the rule set, the change resulted in JTR not working at all 😦

So I found a GitHub repository which provided me with bleeding-jumbo and setting it up is pretty simple(Please go through the README for that)


So installed john from this repository and hoped that it would work. For the wordlist, I chose the most famous one, RockYou.txt

So now, I ran the following command,Screenshot from 2019-03-12 10-56-03

The password is: minicooper3

So, running the above command yielded me the password. So using the password, I extracted out the flag.png


FLAG: utflag{m1n1_c00p3r_f4n}


2 thoughts on “UTCTF’19 RIP Forensics Write-Up

Add yours

    1. Hey, I actually didn’t give it any custom rule to solve. I just gave the extension “–rules” and I guess it went through all the specified ones in the file “john.conf”. You can look at the images uploaded now for better understanding. Thanks!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Powered by WordPress.com.

Up ↑

Create your website at WordPress.com
Get started
%d bloggers like this: