# internet-cat Task Description Flag format: ping{.*} I heard that there are is no official nc for windows and I love this OS! Fortunately, my black hat hacker colleague has sent me his forged copy that he intercepted from other hackers which have intercepted it from others and that from others... I don't know how many times it was intercepted but it works! I have tested it on my Windows 10 and it works like a charm! --- File: nc.exe ## Step 1 Discovery I do strings on the file and find a base64 encoded string  ```bash= echo "aHR0cHM6Ly9naXN0LmdpdGh1YnVzZXJjb250ZW50LmNvbS90b21lazc2NjcvOTIzOTNhNTkyMDdk OTEzNzlmOWVlODc4NTg3OGI5OGIvcmF3LzNiNTM1NzJjMzQ0NTY0ZjMyMTE5NjA5MmMzMzg2M2EzO DVjMTM2M2QvZ2lzdGZpbGUxLnR4dA==" | base64 -d https://gist.githubusercontent.com/tomek7667/92393a59207d91379f9ee8785878b98b /raw/3b53572c344564f321196092c33863a385c1363d/gistfile1.txt ``` The base64 encoded message is a link to a website. That has a gistfile1.txt with 24k numbers,that look at first like ascii chars.  <br> ## Step 2 Decoding <br> First i add the gistfile with all the numbers in Cyberchef. I user magic and get  I click on that i a get a big text encoded. Here there are two ways. One decryption leads to a code that recontruct a QR code. The other leads to the road i took, that was to get a new link. So i take the result from the previous bake in cyberchef and do magic one more time.  the link is https://privatebin.io/?1c59a5beffe3a844#FH7GExP62PJVJGd7TBku77R16TsWpGzshD8uLzVaSfUm When i click on this link we get a new encoded text  ```bash= UEsDBBQACQBjABpciVcFV6wiRQAAACcAAAAIAAsAZmxhZy50eHQBmQcAAQBBRQMIAOqNoUX0Z5cij 1J6uViuJOT+jLbo0Tibnbs0x++zz1pfItBmkkebOjEsVMVAxWFcUO8yYdA4CXgjEECKzi+mBqdI+r jACFBLBwgFV6wiRQAAACcAAABQSwECHwAUAAkAYwAaXIlXBVesIkUAAAAnAAAACAAvAAAAAAAAACA IAAAAAAAAZmxhZy50eHQKACAAAAAAAAEAGAATmwIRiyraARObAhGLKtoBNqEVIIcq2gEBmQcAAQBB RQMIAFBLBQYAAAAAAQABAGUAAACGAAAAAAA= ``` <br> I used cyberchef + magic again and the result is quite surprising. Its a zip file that we can reconstruct. <br> ## Step 3 Reconstrucing the ZIP file I reconstructed the file with python ```bash= import base64 encoded_string = "UEsDBBQACQBjABpciVcFV6wiRQAAACcAAAAIAAsAZmxhZy50eHQBmQcAAQBBRQMIAOqNoUX0Z5ci j1J6uViuJOT+jLbo0Tibnbs0x++zz1pfItBmkkebOjEsVMVAxWFcUO8yYdA4CXgjEECKzi+mBqdI+ rjACFBLBwgFV6wiRQAAACcAAABQSwECHwAUAAkAYwAaXIlXBVesIkUAAAAnAAAACAAvAAAAAAAAAC AIAAAAAAAAZmxhZy50eHQKACAAAAAAAAEAGAATmwIRiyraARObAhGLKtoBNqEVIIcq2gEBmQcAAQB BRQMIAFBLBQYAAAAAAQABAGUAAACGAAAAAAA=" decoded_bytes = base64.b64decode(encoded_string) with open("output.zip", "wb") as zip_file: zip_file.write(decoded_bytes) print("ZIP file saved as 'output.zip'") ``` The output.zip is password protected To get the password if the zip file had a legacy encryption we can go with bkcrack 1.5.0 - 2022-07-07 But since out file has an aes encryption we have to use John. First i made file named hash, then i run the command ```bash= zip2john output.zip > hash.txt ``` and run the hash.txt with john ```bash= john --format=zip hash.txt Using default input encoding: UTF-8 Loaded 1 password hash (ZIP, WinZip [PBKDF2-SHA1 256/256 AVX2 8x]) Cost 1 (HMAC size) is 41 for all loaded hashes Will run 8 OpenMP threads Proceeding with single, rules:Single Press 'q' or Ctrl-C to abort, almost any other key for status Almost done: Processing the remaining buffered candidate passwords, if any. Proceeding with wordlist:/usr/share/john/password.lst billabong (output.zip/flag.txt) 1g 0:00:00:00 DONE 2/3 (2023-12-10 12:20) 2.083g/s 109991p/s 109991c/s 109991C/s 123456..faithfaith Use the "--show" option to display all of the cracked passwords reliably Session completed. ``` The password is billabong i open the zip and get the flag ```bash ping{u_w4nt3d_f0r3n51C5_4nD_y0u_g0t_17} ```