So UTCTF went great for us. We finished 6th in CTF and also ended up in the top 5 for the CTFs which were almost running parallelly(Pragyan CTF, AeroCTF) with this one. So yeah, it was a great weekend for us.
So let us get on with the challenge now.
The description gives away the exploit for the challenge. We have to use John-The-Ripper to unlock the ZIP file. Wait, it is not that easy.
Well, the only clue I received from the admin was to RTFM(not offensive folks :P) of John-The-Ripper.
So I pretty much figured out that I had to change the “john.conf” file to suit my needs.
Searching on the internet, I came across this wonderful blog that almost helped me to solve the challenge,
This blog gave the necessary info on what the challenge was about. So I had to (maybe) insert a custom rule set in the john.conf file to crack the password. But my version of John, JTR-1.8.0 did not have any custom rule set preloaded in it and also when I tried to change the rule set, the change resulted in JTR not working at all 😦
So I found a GitHub repository which provided me with bleeding-jumbo and setting it up is pretty simple(Please go through the README for that)
So installed john from this repository and hoped that it would work. For the wordlist, I chose the most famous one, RockYou.txt
So now, I ran the following command,
The password is: minicooper3
So, running the above command yielded me the password. So using the password, I extracted out the flag.png