We are Recruiting!

Yes! We are actively recruiting individuals from the MD/DC/VA area for both online, on-site, and wireless CTFs.

To join our team solve this simple puzzle/captcha to find our New Member Orientation which contains a link to our discord server.

aHR0cHM6Ly9nb28uZ2wvNjJFVmpD


Monday, March 2, 2015

PragyanCTF - Misc - Are you a good ripper?

After downloading and unpacking the original file, we are given a misc.zip file. After running the command 7z x misc.zip,  7zip prompts us for a password.

Using fcrackzip I specified a dictionary type attack using the popular rockyou.txt wordlist in kali. The location is /usr/share/wordlists/rockyou.txt


Commands:
fcrackzip –v –D –u –p /usr/share/wordlist/rockyou.txt misc.zip
(-v = verbose, -D = dictionary attack, -u = use unzip for wrong passwords, -p = path to wordlist)

Capture.PNG

After about 3 seconds we receive word the password == jumanji. Using the cat command to display the flag.txt file we see the flag == 4pesb9b9blkfc08e3z2105b1b6bfif45.
Submitting the flag earned us 5pts.

About Crimson Agents

Formed in 2013, Crimson Agents is a DC based recreational security team that competes in various computer security wargames and hacker jeopardy contests. Our team comprised of various professionals seeking to practice and enhance our skills in penetration testing, vulnerability development, computer network defense, forensics, and reverse engineering. In addition to exploitation based CTFs, we also compete in Wireless CTFs with several members who focus solely in this domain. Our sister team Threat Inc focuses on defensive exercises such as malware analysis, forensics, honeypots, and network captures. We reuse what we learn from our "Blue Team" research to make our "Red Team" operations more effective and vice-versa.