Eternal Loop -Misc - only bruteforce

13»

Comments

  • @loln00b said:

    @stormy said:
    guys i cant crack with john !!
    "No password hashes left to crack " i cant fix it ,, any help would be great !

    Maybe try an other approach? Forget dictionary attacks etc, look what is in front of your eyes.

    how to approach? I found DoNotTouch file but it needs password when i open. Pls hint

  • edited October 2018

    For some reason I was able to extract the file with a different password which would corrupt the image... interesting

  • @fabreeze said:
    I extracted all the files, I found the password to the last zip.
    I get a corrupted file! It's just blank.
    I tried downloading the challenge again but same issue.
    Is this part of the challenge or is something weird going on?

    Obviously something went wrong, I solved it yesterday. Make sure you have nesessary software to open the file. This is SQL database, you can use SQLite in Linux, e.g.

  • You can just strings | grep HTB once you open the file properly.
    I ended up solving it, I just thought it was interesting how the file could be opened with a wrong password and yielded a corrupted file

  • Yeah I couldn't get the file to open with sqlite, but the flag was easy enough to find with strings DoNotTouch | grep HTB

    Fun challenge, it was fun to write a script again.

    I do have some questions though. If anyone's good at bash scripting, please PM me. Having a little trouble with one part of my script and I'm not sure why.

    --Skunkfoot

  • i dont know how to use script in this challenge, teach me pls :(

  • Pretty cool challenge. I taught how to write simple scripts ))

    OSCP

    Hack The Box

  • How to crack 37366.zip file? I use rockyou.txt and fcrackzip and nothing. How to crack it?

  • @fabreeze said:
    For some reason I was able to extract the file with a different password which would corrupt the image... interesting

    This. Is why it's not wise to just throw rockyou at everything. Well, one of the reasons.

  • Obviously something went wrong, I solved it yesterday. Make sure you have nesessary software to open the file. This is SQL database, you can use SQLite in Linux, e.g.

    A bit late here.Not necessarily true. Notepad++ worked for me. No need for a SQL software.

    Also to the guys/gals that used python scripting: I wrote a simple python script in Python 2.7.9 that used ZipFile. The thing is, that it was a bit slow extracting the files. Not slow like after the 300th zip file in, right from the start. Is it normal and how can I optimize my procedure? Anyone that has any info can send me a message.

    And a last thing, I also found that rockyou had at least half a dozen false positives before I stopped it. I just used my intuition and picked the most plausible one. Good to know that any other attempt would corrupt my file.

    Thanks

  • How many zip files appear before it reaches the end?

  • completed this challenge if need any help feel free to ask.
  • Fuck done next... :+1:

  • Grrr....dat last password lol...
    I did not solve it in the most elegant way, but if you need a tip let me know

  • Very good task

  • crackzip -v -u -D -p /usr/share/wordlists/rockyou.txt 37366.zip
    found file '5900.zip', (size cp/uc 460497/460340, flags 1, chk 04db)
    sh: 1: Syntax error: EOF in backquote substitution
    sh: 1: Syntax error: EOF in backquote substitution
    sh: 1: Syntax error: Unterminated quoted string
    sh: 1: Syntax error: EOF in backquote substitution
    sh: 1: Syntax error: EOF in backquote substitution
    sh: 1: Syntax error: EOF in backquote substitution
    sh: 1: Syntax error: Unterminated quoted string
    Any help!! Would be appericate!! What just happen did!! Cant get through! any clue would be helpful

  • Type your comment> @Frrag said:

    How to crack 37366.zip file? I use rockyou.txt and fcrackzip and nothing. How to crack it?

    Did you solve the the first stage !! With 37366.zip file How did you carack anyhint PM me!!!

  • YEah!! Solve it!! PM me for the help hahahaha..... IT was so easy now i wonder i am this is teaser for noob like me!!

  • edited March 24

    There are more than 500 zips.
    Tfw no basic shell script just using
    internal="`unzip -Z -1 $nome`"

    Hint for the last file: think it as it is just a .txt

    If you appreciate my help, please give me +1 respect :)
    https://www.hackthebox.eu/home/users/profile/113070.

  • Type your comment> @DrV01d said:

    I created a python script to extract all, bruteforce and exctract the flag.. I'm lazy ahaha

    Can you DM me?

  • edited April 19

    Pfff hahaha, what a challenge, it took me hours :expressionless:
    Just to figure out i shouldnt start bruteforcing everything :D

    This helped me with scripting: fcrackzipinfo.
    This returns valuable information, and does not leave your cli hanging waiting for userinput.

    I used php for this one, together with bash commands in system()
    I dont care, it works :P
    If you need help, DM me

    e-nigmaNL

  • ofcourse fcracpzipinfo needs to be fcrackzipinfo

    e-nigmaNL

  • used a simple bash script to make it to 6969 in 5 seconds

  • ok so final "Do******ch file, after quick cat seems to me to be a db file, onwards and upwards to root

Sign In to comment.