zip2john2zip - BuckeyeCTF 2025

Đề bài

---

Giải

Nó cho mình một file hash.txt, mình sẽ dùng john để crack passwd do tên đề là thế luôn

┌──(kali㉿kali)-[/BuckeyeCTF 2025/forensics/zip2john2zip]
└─$ # 1) Save the hash
cat > hash.txt << 'EOF'
flag.zip/flag.txt:$pkzip2$1*1*2*0*34*28*64ac0ae2*0*26*0*34*64ac*a388*2c386d49756e1d70ab5f2d8b7ccf1703b28d2775e84d89ccf4bf26d0e735e9a817b0032b5071540889c34b9331b694d6042c30a0*$/pkzip2$:flag.txt:flag.zip::flag.zip  
EOF

# 2) Rockyou dictionary (most CTF zips fall to this)
john --format=PKZIP hash.txt --wordlist=/usr/share/wordlists/rockyou.txt --fork=8

# 3) Show result 
john --show hash.txt
Using default input encoding: UTF-8
Loaded 1 password hash (PKZIP [32/64])
Cracked 1 password hash (is in /home/kali/john/run/john.pot), use "--show"
No password hashes left to crack (see FAQ)
flag.zip/flag.txt:factfinder:flag.txt:flag.zip::flag.zip

1 password hash cracked, 0 left

Nhận được passwd là factfinder, sau đó mình sẽ từ hash $pkzip2$ và mật khẩu factfinder, giải mã trực tiếp phần dữ liệu thì nội dung flag.txt

┌──(kali㉿kali)-[/BuckeyeCTF 2025/forensics/zip2john2zip]
└─$ python3 extract_pkzip2.py factfinder <<'EOF'
flag.zip/flag.txt:$pkzip2$1*1*2*0*34*28*64ac0ae2*0*26*0*34*64ac*a388*2c386d49756e1d70ab5f2d8b7ccf1703b28d2775e84d89ccf4bf26d0e735e9a817b0032b5071540889c34b9331b694d6042c30a0*$/pkzip2$:flag.txt:flag.zip::flag.zip
EOF
bctf{not_all_hashes_are_hashed_equally}

---

Flag

Flag: bctf{not_all_hashes_are_hashed_equally}