Eternal Loop -Misc - only bruteforce

Hi!

Is there any other way to solve the challenge except for bruteforcing the last zip?

Not that i found. Although i would recommend a dictionary attack instead.

you extracted all zip files ?

@jackshd said:
you extracted all zip files ?

Yes but not by hand…

The last zip can be extracted using a common wordlist.
But what I fould there didn’t lead me to the flag… What sould I do with this datebase?
I already searched for the flag but I can’t find it.

Okay, that was easier than expected. Got the flag :+1:

Very interesting challenge. Wrote an automation script to get to the last zip and then brute forced and found the password in 5 seconds. And then used “browser” to view the data. Enjoy!

Anyone mind PMing me on this? I have been trying to write a bruteforce script for this, but I’m not sure why it’s not working.

UPDATE: Solved. :slight_smile:

So I know how this challenge works, but my scripting knowledge is very limited! Time to learn I suppose.

scripting will help to complete this challenge with in minutes.i dont know how much time it will take to manually unzip few hundred zip.

It was a fun challenge learning to script around the problem. Fun challenge.

Php script is a nice tool to solve challenges like this. Only a recursive function with shell exec need it.
Btw: Very clever challenge :wink:

I could be wrong… but I think bash is even faster than PHP. I did it in about 5 lines to unpack and cd

I created a python script to extract all, bruteforce and exctract the flag… I’m lazy ahaha

@thek

*anything else “is a nice tool to solve challenges like this.” xD /jk

lol, here come the language wars. :open_mouth:

p.s. I did mine in expect.

@dispareo said:
I could be wrong… but I think bash is even faster than PHP. I did it in about 5 lines to unpack and cd

I wrote a python script to loop-unpack but (excluding the helper output lines) it is 15 lines of code. Can you (or others who have short script) post (or personal message me) your code. I would like to know the shortest and fastest way to write scripts like this (in any language).

I’m writing a script, but when I use a dictionary with fcrackzip, it has not brought me the password. I do a test, and the result when it finds a password is:

fcrackzip -D -p rockme.txt teste.zip -u -v
found file ‘teste.txt’, (size cp/uc 17/ 5, flags 1, chk e6b4)

I need to know the password, to implement my script. Someone has the same problem? How to solve?

I don’t remember a teste.zip file in this… but you only need to crack the final zip after looping through … whatever else… is in there beforehand. You can “guess” whatever other passwords you need before that.