Posts

dCTF 2021: Strong Password

Cracking a ZIP password with John the Ripper and learning from a command-line nuance.

Original challenge writeup: Strong Password.md

This was a very easy crypto challenge that still took me way too long.

The solve was supposed to be straightforward: use john against the provided ZIP file.

What caused the headache was that John the Ripper seemed to handle the arguments differently depending on how I passed them.

Running this looked like it should work:

john-the-ripper --format=zip ziphash.txt --wordlist rockyou.txt

But it did not crack the password. The only clue was this warning in the output:

Warning: invalid UTF-8 seen reading rockyou.txt Using default input encoding: UTF-8

At first, that looked harmless. The command still ran for several seconds, but it never found the password.

Passing the same options differently fixed it for me:

john-the-ripper --format=zip output.txt --wordlist=rockyou.txt

With the --wordlist=rockyou.txt form, John ran for much longer: around 4 minutes on an i7-10700K instead of about 25 seconds. Eventually, it found the password:

Bo38AkRcE600X8DbK3600

After decrypting the file, I got the flag:

dctf{r0cKyoU_f0r_tHe_w1n}

Notes

Maybe I was just not familiar enough with Linux tooling at the time, and this behavior is expected. Either way, the small command-line difference is what made the challenge take longer than it should have.