Mess_Up NEW YEAR CTF CHALLENGE -CyberTalents = # RECON | challenge | Point | Type | | --------- | ----- | --- | | mess_me | 200 | Digital Forensic | First, This was cool and New challenge on my Eyes because whenever i get the zip file with password all i am thinking is to find the password but this one was NO THAT WAY! at recon i had to give a try with john as alway ``` ┌──(malware㉿kali)-[~/Downloads/newyearctf/forensic/mess] └─$ zip2john Challange.zip > hash ver 2.0 Challange.zip/flag.jpg PKZIP Encr: cmplen=6589, decmplen=8184, crc=3FDDC4E2 ver 2.0 Challange.zip/oracle.vdi PKZIP Encr: cmplen=108, decmplen=96, crc=F63E7666 NOTE: It is assumed that all files in each archive have the same password. If that is not the case, the hash may be uncrackable. To avoid this, use option -o to pick a file at a time. ``` then ``` ┌──(malware㉿kali)-[~/Downloads/newyearctf/forensic/mess] └─$ john hash --wordlist=/home/malware/rockyou.txt Using default input encoding: UTF-8 Loaded 1 password hash (PKZIP [32/64]) Will run 4 OpenMP threads Press 'q' or Ctrl-C to abort, almost any other key for status 0g 0:00:00:07 DONE (2020-12-29 18:04) 0g/s 1838Kp/s 1838Kc/s 1838KC/s !jonaluz28!..*7¡Vamos! Session completed ``` ITS WEIRD and Nothing interest!!!!!!!! after a while i got idea why not trying to google the other way to crack `Encrypted zip` file i found something about `Known Plaintext attack` well then i got lead on the tool called [PKCRACK](https://github.com/keyunluo/pkcrack) but i could not get to understand well how to use so i moved on and found new tool called [BKCRACK](https://github.com/kimci86/bkcrack) with help of friend @ByamB4 after cloned and compiled it then was seems to work properly so lets the CRACK BEGIN **USING BKCRACK TOOL** Let us see what is inside. Open a terminal in the our folder and ask `unzip` to give us information about it. ``` ┌──(malware㉿kali)-[~/Downloads/newyearctf/forensic/mess] └─$ unzip -Z Challange.zip ``` We get the following output. ``` ┌──(malware㉿kali)-[~/Downloads/newyearctf/forensic/mess] └─$ unzip -Z Challange.zip Archive: Challange.zip Zip file size: 6979 bytes, number of entries: 2 -rw-a-- 6.3 fat 8184 Bx defN 20-Dec-16 16:46 flag.jpg -rw-a-- 6.3 fat 96 Bx stor 20-Dec-16 16:38 oracle.vdi 2 files, 8280 bytes uncompressed, 6673 bytes compressed: 19.4% ``` The zip file contains two files: `flag.jpg` and `oracle.vdi`. The capital letter in the fifth field shows the files are encrypted. We also see that `flag.jpg` is deflated whereas `oracle.vdi` is stored uncompressed. # Guessing plaintext To run the attack, we must guess at least 12 bytes of plaintext. On average, the more plaintext we guess, the faster the attack will be. ## The easy way: stored file We can guess from its extension that `oracle.vdi` probably starts with the string `<<< Oracle VM VirtualBox Disk Image >>>`. We are so lucky that this file is stored uncompressed in the zip file. So we have 40 bytes of plaintext, which is more than enough. ## The not so easy way: deflated file Let us assume the zip file did not contain the uncompressed `oracle.vdi`. Then, to guess some plaintext, we can guess the first bytes of the original `flag.jpg` file from its extension. The problem is that this file is compressed. To run the attack, one would have to guess how those first bytes are compressed, which is difficult without knowing the entire file. In this example, this approach is not practical. It can be practical if the original file can easily be found online, like a .dll file for example. Then, one would compress it using various compression software and compression levels to try and generate the correct plaintext. ## Free additional byte from CRC In this example, we guessed the first 40 bytes of `oracle.vdi`. and i hope the attack will be more faster In addition, as explained in the ZIP file format specification, a 12-byte encryption header in prepended to the data in the archive. The last byte of the encryption header is the most significant byte of the file's CRC. We can get the CRC with `unzip`. ``` ┌──(malware㉿kali)-[~/Downloads/newyearctf/forensic/mess] └─$ unzip -Z -v Challange.zip oracle.vdi | grep CRC 32-bit CRC value (hex): f63e7666 ``` So we know the byte just before the plaintext (i.e. at offset -1) is 0xF6. # Running the attack Let us write the plaintext we guessed in a file. ``` ┌──(malware㉿kali)-[~/Downloads/newyearctf/forensic/mess] └─$ echo -n -e '\xf6<<< Oracle VM virtualBox Disk Image >>>' > plain.txt ``` We are now ready to run the attack. ``` ┌──(malware㉿kali)-[~/Downloads/newyearctf/forensic/mess] └─$ ./bkcrack -C Challange.zip -c oracle.vdi -p plain.txt -o -1 ``` After a little while, the keys will appear ``` ┌──(malware㉿kali)-[~/Downloads/newyearctf/forensic/mess] └─$ ./bkcrack -C Challange.zip -c oracle.vdi -p plain.txt -o -1 bkcrack 1.0.0 - 2020-12-25 Generated 4194304 Z values. [15:32:22] Z reduction using 32 bytes of known plaintext 100.0 % (32 / 32) 238606 values remaining. [15:32:26] Attack on 238606 Z values at index 6 Keys: be17a2b4 30cbf569 8b83cb3a 36.5 % (87056 / 238606) [15:48:22] Keys be17a2b4 30cbf569 8b83cb3a ``` # Recovering the original files Once we have the keys, we can decipher the files. We assume that the same keys were used for all the files in the zip file. ``` ┌──(malware㉿kali)-[~/Downloads/newyearctf/forensic/mess] └─$ ./bkcrack -C Challange.zip -c oracle.vdi -k be17a2b4 30cbf569 8b83cb3a -d oracle_decrypted.vdi bkcrack 1.0.0 - 2020-12-25 Wrote deciphered text. ``` The file `oracle.vdi` was stored uncompressed so we are done. ``` ┌──(malware㉿kali)-[~/Downloads/newyearctf/forensic/mess] └─$ ./bkcrack -C Challange.zip -c flag.jpg -k be17a2b4 30cbf569 8b83cb3a -d flag_decrypted.deflate bkcrack 1.0.0 - 2020-12-25 Wrote deciphered text. ``` The file `flag.jpg` was compressed with the deflate algorithm in the zip file, so we now have to uncompressed it. A python script is provided for this purpose in the `tools` folder. ``` ┌──(malware㉿kali)-[~/Downloads/newyearctf/forensic/mess] └─$ python3 inflate.py < flag_decrypted.deflate > flag.jpg ``` but i opened it but file corrupted ehh so i had to check it with `file` command to see if its real a`JPG` file or ``` ┌──(malware㉿kali)-[~/Downloads/newyearctf/forensic/mess] └─$ file flag.jpg flag.jpg: PNG image data, 720 x 350, 8-bit/color RGBA, non-interlaced ``` BOOOM ITS NOT so i had to change just a file extension from `.jpg` to `.png` it worked I GOT FLAG  in summary : The attack is a known plaintext attack, which means you have to know part of the encrypted data in order to break the cipher. thats all i could have cracked it in two hours but guess what i spent a day to figuring out where i was missing and reliaze that i was using small letter `v` in `<<< Oracle VM virtualBox Disk Image >>>` instead of capital letter `V` damn this means this plaintext things is Case-Sensitive **HAPPY NEW YEAR CTFiers**