Fri. Jul 3rd, 2020

Pentesting Fun Stuff

following the cyber security path…

Infinite Loop

This challenge starts off with a zip file which off course needs to be unzipped with the password hackthebox
When unzipped I get another zip file. No special thing about it and it looks like this part consist of brute forcing.
After a few tries with a wordlist and not being successful I decided to write a script to create a numerical list and try to brute force the file.

It runs just nicely and after not to long it stops because it can’t find any password.

Let’s try fcrackzip again, but with a wordlist.

Success.

A SQLite database. Kali has a nice browser installed for viewing these kinds of files: sqlitebrowser
After some searching I find the hash amidst the noise.

Not really that hard. A fun challenge to do if you need to get the hang of basic scripting.

3 thoughts on “Infinite Loop

    1. The file is zipped with a numerical password……multiple times.
      So there are 2 options, either you do the unzipping manually (which will take you forever) of you write or copy a script to do the work for you.
      If you don’t already use a pentest OS (like Kali, ParrotSec or BlackArch), you should check it out.
      They contain a lot of tools, which you can use for these kind of things.
      In this case you need: fcrackzip and crunch

  1. You shouldnt crack all the archives but use the name of n+1 archive as the archive n password. You must crack the last one (6969)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.