Oleg

duckerz

Task: recover the password for a protected GovSec ZIP using a VMware memory dump and the encrypted archive contents. Solution: treat the UTF-16LE flag-like string in memory as a stale decoy, recover ZipCrypto keys with bkcrack known plaintext, then brute-force only the changed suffix behind the stable prefix.

known_plaintext zip_archive vmware memory_dump zipcrypto

zipcrypto_known_plaintext_attackutf16le_string_searchmask_bruteforce

$ ls tags/ techniques/

known_plaintext zip_archive vmware memory_dump zipcrypto

zipcrypto_known_plaintext_attackutf16le_string_searchmask_bruteforce

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[reverse][Pro]Защищенный банк (Protected Bank)— duckerz
[forensics][Pro]Блокнот (Notepad)— hackerlab
[reverse][Pro]Очень защищенный банк (Super Protected Bank)— duckerz
[forensics][Pro]Какой-то DMP...— hackerlab
[forensics][Pro]awk...wardddd ✂️— bluehensctf