26 May 2022

Pentesting Fun Stuff

following the cyber security path…

Infinite Loop

This challenge starts off with a zip file which off course needs to be unzipped with the password hackthebox
When unzipped I get another zip file. No special thing about it and it looks like this part consist of brute forcing.
After a few tries with a wordlist and not being successful I decided to write a script to create a numerical list and try to brute force the file.

created by n0w4n
# creating numerical list
echo "[-] Creating a numerical list for bruteforcing"
crunch 1 6 1234567890 -o num.list &>/dev/null
# running fcrackzip as long if needed
echo "[-] Running fcrackzip trying the numerical list"
while [[ true ]]; do
    file=$(ls | grep zip)
    fcrackzip -u -D -p num.list $file > result
    pwd=$(cat result | tr -d '\n' | awk '{print $5}')
    result=$(cat result | tr -d '\n' | grep FOUND)
    if [[ -z $result ]]; then
        echo "No password found in file $file"
        break 2
        echo "Password found in file $file == $pwd"
        unzip -q -P "$pwd" "$file"
        rm $file
# cleaning up
rm -f result num.list

It runs just nicely and after not to long it stops because it can’t find any password.

root@kali:~/Downloads/Eternal_Loop# ./brute.sh
[-] Creating a numerical list for bruteforcing
[-] Running fcrackzip trying the numerical list
Password found in file 37366.zip == 5900
Password found in file 5900.zip == 49805
Password found in file 49805.zip == 13811
Password found in file 10595.zip == 27833
Password found in file 27833.zip == 6969
[-] No password found in file 6969.zip

Let’s try fcrackzip again, but with a wordlist.

root@kali:~/Downloads/Eternal_Loop# fcrackzip -v -u -D -p '/usr/share/wordlists/rockyou.txt' 6969.zip
found file 'DoNotTouch', (size cp/uc 335181/884736, flags 9, chk 5b04)
PASSWORD FOUND!!!!: pw == letmeinplease


root@kali:~/Downloads/Eternal_Loop# unzip 6969.zip
Archive:  6969.zip
[6969.zip] DoNotTouch password:
  inflating: DoNotTouch
root@kali:~/Downloads/Eternal_Loop# ls
6969.zip  crack.sh  DoNotTouch
root@kali:~/Downloads/Eternal_Loop# file DoNotTouch
DoNotTouch: SQLite 3.x database, last written using SQLite version 3021000

A SQLite database. Kali has a nice browser installed for viewing these kinds of files: sqlitebrowser
After some searching I find the hash amidst the noise.

Not really that hard. A fun challenge to do if you need to get the hang of basic scripting.

3 thoughts on “Infinite Loop

    1. The file is zipped with a numerical password……multiple times.
      So there are 2 options, either you do the unzipping manually (which will take you forever) of you write or copy a script to do the work for you.
      If you don’t already use a pentest OS (like Kali, ParrotSec or BlackArch), you should check it out.
      They contain a lot of tools, which you can use for these kind of things.
      In this case you need: fcrackzip and crunch

  1. You shouldnt crack all the archives but use the name of n+1 archive as the archive n password. You must crack the last one (6969)

Leave a Reply to n0w4n Cancel reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.