dCTF 2021: Strong Password
Cracking a ZIP password with John the Ripper and learning from a command-line nuance.
Original challenge writeup: Strong Password.md
This was a very easy crypto challenge that still took me way too long.
The solve was supposed to be straightforward: use john against the provided ZIP file.
What caused the headache was that John the Ripper seemed to handle the arguments differently depending on how I passed them.
Running this looked like it should work:
john-the-ripper --format=zip ziphash.txt --wordlist rockyou.txt
But it did not crack the password. The only clue was this warning in the output:
Warning: invalid UTF-8 seen reading rockyou.txt Using default input encoding: UTF-8
At first, that looked harmless. The command still ran for several seconds, but it never found the password.
Passing the same options differently fixed it for me:
john-the-ripper --format=zip output.txt --wordlist=rockyou.txt
With the --wordlist=rockyou.txt form, John ran for much longer: around 4 minutes on an i7-10700K instead of about 25 seconds. Eventually, it found the password:
Bo38AkRcE600X8DbK3600
After decrypting the file, I got the flag:
dctf{r0cKyoU_f0r_tHe_w1n}
Notes
Maybe I was just not familiar enough with Linux tooling at the time, and this behavior is expected. Either way, the small command-line difference is what made the challenge take longer than it should have.