wannasigh
wannasigh
Author: Karol Baryła (aka Lorak_)
wannsigh was a task from WPI CTF 2019. Task description:
Here's link to drive image given in description, I have no idea how long it is going to be available.
File linked to in description is .ova file, a virtual machine with ubuntu installed. In ~ directory there is a encrypted zip file named your-stuff.zip containing most of the files from /home directory. Among other files there is flag.xcf. Task description hinted as that the encrypter was in a calc file. I opened firefox, and in the downloads there indeed is .ods file. It was downloaded from some gitlab repo (link), and in the commit history there is a commit with a bash script (link).
CURRENT_TIME=$(($(date +%s%N)/1000000))
echo $CURRENT_TIME
zip --password $CURRENT_TIME ~/Templates/your-stuff.zip ~/Templates/*
NEXT_TIME=$(($(date +%s%N)/1000000))
echo $NEXT_TIME
It zips ~/Templates directory using current time as key. To get file modification date as timestamp I used command stat -c '%Y' your-stuff.zip
, which yelded 1554920623
. There was one last problem left, $(($(date +%s%N)/1000000))
gives us time stamp with an accuracy of miliseconds and file modification time is saved with accuracy of seconds. So the last thing to do was to bruteforce every milisecond in given second to get true key. Script to do that:
import zipfile
zip = zipfile.ZipFile('./your-stuff.zip', 'r')
for i in range(1000):
try:
zip.setpassword(b'1554920623' + ('%03d' % (i,) ).encode())
zip.extractall('/tmp/unpack')
print('SUCCESS. Key: ' + '1554920623' + ('%03d' % (i,) ))
except:
pass
No Comments