RingZer0-20 - Cryptography - Encrypted Zip

Encrypted Zip

We need to find the password for an encrypted file.

We’re given 2 zip file that have a password on it and a weird.txt

The weird.txt is a file that contains Ascii text. Seems to be repeating a bunch of strings. Out of curiosity, i went ahead and look at the words and the frequency of them.

 cat weird.txt | tr ";" "\n" | sort | uniq -c
    838 kl
    836 klsdafsadfaskdfl
      1 sdafsadfaskdfl
    837 skf

I tried all of them and nada. After some google-fu, i found that there’s an attack that allows you to find the password of the file if you already have a file from the encrypted archive, which we do.

The instruction say that weird.zip has the same password that the flag.zip. Also weird.txt is found in weird.zip. The attack is known as a plaintext attack.

Plaintext attack

The instruction of the following attacks can be found here.

http://www.securiteam.com/tools/5NP0C009PU.html

So we basically need to create another zip archive with one the file that is in the encrypted archive. Then we’ll use extract the information needed to be able to find the password. All the technical information can be found here.

http://www.delaat.net/rp/2014-2015/p57/report.pdf

We’ll be using pkcrack which can be found here.

https://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html

So we’ll start by creating a zip with the weird.txt then extract the keys and finish by finding the key.

zip w.zip weird.txt
  adding: weird.txt (deflated 100%)
  
extract w.zip weird.txt plain
extract weird.zip weird.txt encrypted

pkcrack -c encrypted -p plain
Warning! Plaintext is longer than Ciphertext!
Couldn't read ciphertext!

So i got an error. Something is not working correctly. If we use zipinfo to look at both zip we notice some differences.

 zipinfo -Z weird.zip
Archive:  weird.zip
Zip file size: 249 bytes, number of entries: 1
-rw-a--     6.3 fat    20088 Bx defN 14-Feb-21 16:06 weird.txt
1 file, 20088 bytes uncompressed, 85 bytes compressed:  99.6%

 zipinfo -Z w.zip
Archive:  w.zip
Zip file size: 254 bytes, number of entries: 1
-rw-rw-r--  3.0 unx    20088 tx defN 14-Feb-21 16:06 weird.txt
1 file, 20088 bytes uncompressed, 86 bytes compressed:  99.6%

The file don’t have the same uncompressed size. The second and third field say that the original weird.zip was zipped with a version 6.3 of zip on fat(Windows maybe?) unlike mine which is version 3 of zip under unix.

After more google-fu, the unix version that i have installed is using the 3.0 version. I would need find one that uses the version 6.3.

7z allows us to create a zip file using the version 6.3

7z a plain.zip  weird.txt

7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=en_CA.UTF-8,Utf16=on,HugeFiles=on,64 bits,8 CPUs Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz (306A9),ASM,AES-NI)

Scanning the drive:
1 file, 20088 bytes (20 KiB)
Creating archive: plain.zip
Items to compress: 1
Files read from disk: 1
Archive size: 237 bytes (1 KiB)
Everything is Ok

zipinfo -Z plain.zip
Archive:  plain.zip
Zip file size: 237 bytes, number of entries: 1
-rw-rw-r--  6.3 unx    20088 bx defN 14-Feb-21 17:06 weird.txt
1 file, 20088 bytes uncompressed, 85 bytes compressed:  99.6%

We can see that we got the right version and also the right flag (bx) B stands for binary.

We’ll now try to apply the pkcrack

extract weird.zip weird.txt encrypted
extract plain.zip weird.txt plain

pkcrack -c encrypted -p plain

Files read. Starting stage 1 on Fri Oct 27 03:01:52 2017
Generating 1st generation of possible key2_96 values...done.
Found 4194304 possible key2-values.
Now we're trying to reduce these...
Done. Left with 109196 possible Values. bestOffset is 24.
Stage 1 completed. Starting stage 2 on Fri Oct 27 03:01:56 2017
Strange... had a false hit.
Ta-daaaaa! key0=3330b3a9, key1=c403beea, key2=a0b3129d
Probabilistic test succeeded for 77 bytes.
Ta-daaaaa! key0=3330b3a9, key1=c403beea, key2=a0b3129d
Probabilistic test succeeded for 77 bytes.
Ta-daaaaa! key0=3330b3a9, key1=c403beea, key2=a0b3129d
Probabilistic test succeeded for 77 bytes.
Ta-daaaaa! key0=3330b3a9, key1=c403beea, key2=a0b3129d
Probabilistic test succeeded for 77 bytes.
Ta-daaaaa! key0=3330b3a9, key1=c403beea, key2=a0b3129d
Probabilistic test succeeded for 77 bytes.
Strange... had a false hit.
Stage 2 completed. Starting password search on Fri Oct 27 03:41:51 2017
Key: 74 65 73 74 74 65 73 74
Or as a string: 'testtest' (without the enclosing single quotes)
Key: 74 65 73 74 74 65 73 74
Or as a string: 'testtest' (without the enclosing single quotes)
Finished on Fri Oct 27 03:41:51 2017

It took 40 minutes but we got a password: testtest.

unzip flag.zip
[flag.zip] flag.txt password: 
 
cat flag.txt
FLAG-Mk5N1z6PDbcw6alA1G8ixz85

Bruteforce

I decided to try to brute force it for the fun of it. We’ll be using fcrackzip and a wordlist found on the Seclist github. rr is the rockyou.txt wordlist. For some reason the original filename wouldn’t work. So rename rockyou-70.txt to rr.

fcrackzip -b -D -p "/home/p0pp3t/Git/SecLists/Passwords/rr" -u weird.zip


PASSWORD FOUND!!!!: pw == testtest

Well that was underwhelming.

unzip flag.zip
Archive:  flag.zip
[flag.zip] flag.txt password: 
 extracting: flag.txt
 
cat flag.txt
FLAG-Mk5N1z6PDbcw6alA1G8ixz85

The flag is FLAG-Mk5N1z6PDbcw6alA1G8ixz85