Damjan Cvetko

Damjan Cvetko

Developer, System Architect, Hacker.

Xmas CTF 2019 - Day 6

2 minutes read

Challenge: Santa locked some children letters and forgot the password. Please help Santa to unlock the wishes so the kids around the world will be happy!

Attached file: letters.zip with one file in it, letters.txt

This time it’s an encrypted zip file, the challenge is to find the password.

I have to confess I spent way more time on this that I should have, but have learned a lot about the pkzip2 encryption.

My initial, and also correct reaction was to brute force is. To do that I used John the Ripper tool zip2john to get a password “hash” and then used hashcat to search for the the password. My initial attempt failed because I had a pretty old wordlist. I used crackstation and rockyou but since that did not yield any hits I want down the rabbit hole.

Since I have a decent GPU I tried to brute force it. That ran more or less for a whole day, I got a bunch of hits but all were wrong. How wrong? Like this wrong:

It became obvious that plain brutforce won’t cut it. I started to think it’s more complex. Perhaps the password is the flag not the contents? Or the contents is the flag and I need to use some clever “partial plaintext” attack? It led me down to read up on pkzip2 file format and crypto scheme. Doing some paper math I realized no known partial plaintext was possible. Only full known plaintext. pkzip2 works by padding the start of the the plaintext with random bytes (10 bytes) then adding the known crc32 (2 bytes). The crc32 is also written in the local file header and can thus be used to verify decryption process. That is why false positive keys, that had a crc32 collision could decrypt the file but not into something useful. The description of the cypher was also useful to understand that I was left with either finding the key, or brute-forcing it with a wordlist.

In the evening I decided to check out some recent wordlists and found SecLists. The hash hit was nearly instant after that.

> zip2john.exe letters.zip
ver 2.0 letters.zip/letters.txt PKZIP Encr: cmplen=36, decmplen=24, crc=287F7681
letters.zip/letters.txt:$pkzip2$1*1*2*0*24*18*287f7681*0*29*0*24*287f*71c2*1e8674d4879cd4b4efafd5a8f4434740a563ef5a92fa6df06f509f8e283867e45dd205eb*$/pkzip2$:letters.txt:letters.zip::letters.zip

Remove the leading and trailing file names.

> hashcat -m 17210 -a 0 -o results.txt letters.zip.hash seclists\*

Password: vjnbkmlf2012 Flag: xmas{H4ndC4ndyChristmas}

What did I learn: Try more than one popular password lists!

Recent posts

See more

Categories

About