Matrioshka

Type your comment> @cdt said:

You get some protected zip file after dump the .png … I had to work a bit on this file to be able to crack the password and get matrioshka3.zip

Awesome hint :wink:

Fun challenge !

I’m in the same boat as OP. Anyone available for a PM to get me headed in the right direction?

here is a hint:

1g 0:00:00:00 DONE 2/3 (2019-06-08 11:41) 10.00g/s 411620p/s 411620c/s 411620C/s qwert2…shirley2
Use the “–show” option to display all of the cracked passwords reliably
Session completed

do not use rockyou instead use the default one to get the 3rd zip

I got password to extract 3rd zip. But that zip contains a lot of small other zip files. In addition, the archive itself weighs 25KB and inside there is a 4.5GB file. Any nudge for that?

Type your comment> @Kucharskov said:

I got password to extract 3rd zip. But that zip contains a lot of small other zip files. In addition, the archive itself weighs 25KB and inside there is a 4.5GB file. Any nudge for that?

Have you tried strings on it?

Can someone share/offer a tip for this challenge? I tried all obvious: strings, exiftool, zipinfo, crack pass against rockyou - to name a few.

EDIT: solved now :slight_smile: Happy to offer hints/advice - just PM

I extracted the zip from the png, then the next zip, then the 5 layers of smaller zips, and then… I got a 655Mb string of zeros…

I’m pretty sure I must have overlooked something LOL

Type your comment> @cdt said:

I got a “GPG symmetrically encrypted data (AES cipher)” file from matrioshka4 and I have no idea if it is correct or what to do now. Any hint?

Edit: Got it. It was just a little step.

Care to share a hist to that little step? I’m stuck after matrioshka4, just like you. Run out of ideas.

Type your comment> @M1ndCh41N said:

Type your comment> @cdt said:

I got a “GPG symmetrically encrypted data (AES cipher)” file from matrioshka4 and I have no idea if it is correct or what to do now. Any hint?

Edit: Got it. It was just a little step.

Care to share a hist to that little step? I’m stuck after matrioshka4, just like you. Run out of ideas.

You need to get all strings of matrioshka4. The simplest command to get this is not enough.

For me the last step required moving from Kali to Windows
because in Kali required decryption tool does not work correctly.

You need to get all strings of matrioshka4.
The simplest command to get this is not enough.

Fully agreed)

You need to get all strings of matrioshka4. The simplest command to get this is not enough.

Got it!

Got it! Many new things to do, few new tricks i learned. Amazing!
PM me if you wanna help :slight_smile:

I Got it!!! Thank @Kucharskov

when I do binwalk with switch e to extract for each file and go to new folder after extracted its infinite loop? any help guys ?

Type your comment> @waspy said:

do not use rockyou instead use the default one to get the 3rd zip

What default wordlist to use?

rockyou works as well

Got it, thanks to cdt and Kucharskov for the last part… An hint : don’t overestimate your buffer…

Type your comment> @fuser said:

Type your comment> @waspy said:

do not use rockyou instead use the default one to get the 3rd zip

What default wordlist to use?

the default list from that very famous binary

Some hint for big hex in matr****** 4? I have all str***gs