Ov3rkill
Ov3rkill was a misc challenge
The Challenge was about automationg basically, laying emphasis on your need to know about bash scripting or any scripting at
So Downloading the the file we have a zip file, we have a assword protected zip file, cracking it, unzipping it we were greeted with another protected zip file From the description it says bash as far as the eye can see Initially I thouht it’ll be like 20-50 nested zip file so I went down the manual route because I had the commands in cycles but later I decided to admit defeat and create or modify a script for my need, initially I was using zip2john then crack the hashes with john but if i want to script that, it’ll take a bit of time to get the script to properly work and in this life If you can make things easier why not do it
There’s Another tool for cracking passworded zip file, it’s called fcrackzip
So let’s dive into it
#!/usr/bin/env bash
while [ -e *.zip ]; do
files=*.zip;
for file in $files; do
echo -n "Cracking ${file}… ";
output="$(fcrackzip -D -p /usr/share/wordlists/rockyou.txt -u *.zip | tr -d '\n')";
password="${output/PASSWORD FOUND\!\!\!\!: pw == /}";
if [ -z "${password}" ]; then
echo "Failed to find password";
break 2;
fi;
echo "Found password: \`${password}\`";
unzip -q -P "${password}" "$file";
rm "${file}";
done;
done;
So basically what the script does is as long as there’s a file endin with the .zip extention crack it, copy the password found, use it to unzip the file This file will only work once I could Iterate it to repeatedly loop and go to the new directory but that’ll start getting a bit complex so I created an alias in my .zshrc to run the script as a command
did a little in terminal bash scripting
for i in {1..1000}; do k; cd ./*/;done
So what this means is do the following command 1000 times
In linux you can run multiple commands one after the other with ; &&
and so many others while ipe | runs the command at the same time like both at once there’s a difference between the two but checkout the man page of bash for more details
kis our script commandcd ./*/will change directory to the directory in the current directory./In linux * is a wildcard but since we know it’s only one directory that get’s created after unzipping it’s safe to usefor i in {1..1000} is basic looping telling us do this 1000 times
Initally the zip was nested 9k+ times but because so many peole pc couldn’t handle the juice the shortened it to about 900+ 971 or so
Runnin that took about a 3 three minutes or less and we got to the file we needed
Viewing the file we saw a cryptic looking text
the file format is abcctf{}
The picture is hinting at using a script or thanking the fact a bash script got us here, scannin the text with google lens to copy out the ciphertext then sending it to dcode.fr/en to identify what sort of cipher it was
I got a few options such as caeser cipher, shift cipher, substituition, rot13 and the rest
luckily I did something similar for CS50x where I created a script to encode and decode caeser and substitution cipher so I had an Idea of what to do but couldn’t imlent it via code so I went the manual way
we know the flag format is abcctf{} and the beginning of the text was lnpqiv so the lnpq made me know it was incremntal, I started counting from a, from a to l was 11 if we add 11 to a we get l (ascii table and normal abcd look it up) and it was 12 to get n from b so we just keep adding as we go
So i went to dcode.fr/en shift ciher and started doing it trial and error proved me correct
Now all we have to shift is only the alphabets nothing else but count all ascii characters (l was 11, n was 12) continue in that order
flag was - abcctf{y0u_g0t_th1s_f4r???_m4d_r3sp3ct!_b4sh_aaaaaaaall_th3_w4y}
Secret Service
This was pretty easy and straight forward
we check the file type and notice it is a KGB archive, we make a copy with the .kgb extention then just extract