This challenges provides us with a password-protected zip file. You can still see what it contains, but upon trying to extract the “flag.txt” file it prompts for a password that we don’t know. The challenge gives us a clue that the password consists (spelling error in the challenge) of five numbers. 00000 through 99999 is only 100,000 possibilities, so let’s try them all in a brute force attack.

We have a couple of options that we could take with this. One is to use a tool made specifically for this called fcrackzip which you can install onto your Linux machine sudo apt-get install fcrackzip. You can find tools for Windows that perform the same function, as well. Otherwise, you could attempt to write a script to try each password. For this write-up, I’ll still to fcrackzip.

Once installed, type fcrackzip --help to learn how to use it. Let’s use -b to brute force the zip file, -c 1 to specify we only want it to try numbers (the “1” means it will try all numbers, not just the number 1), -l 5-5 to set the min-max password length each to 5, and -u to have it check each password (this eliminates false positives).

$ fcrackzip -b -c 1 -l 5-5 -u zipfileone.zip
PASSWORD FOUND!!!!: pw == 42831

This gives us the password to the zip file, allowing us to open it and read the flag. The flag for this challenge is flag{d6f56ae046bb241cc61f9d26f8e525d9}

Review & Lessons Learned

If you are given a password-protected archive (zip, rar, 7z, etc), there are a variety of tools available to crack these either over a dictionary or brute forcing over an entire characterset. This can take a long time, so it helps if you have some information to limit the scope. If you didn’t get any clues at all, try looking through the file’s strings or metadata, or looking elsewhere in the challenge for clues as to what the key may be.