Sorry, We are not Recruiting!

We are not actively recruiting at this time. We may have spots open after CSAW.

(updated: 3/22/2018)


Monday, March 2, 2015

PragyanCTF - Misc - Are you a good ripper?

After downloading and unpacking the original file, we are given a misc.zip file. After running the command 7z x misc.zip,  7zip prompts us for a password.

Using fcrackzip I specified a dictionary type attack using the popular rockyou.txt wordlist in kali. The location is /usr/share/wordlists/rockyou.txt


Commands:
fcrackzip –v –D –u –p /usr/share/wordlist/rockyou.txt misc.zip
(-v = verbose, -D = dictionary attack, -u = use unzip for wrong passwords, -p = path to wordlist)

Capture.PNG

After about 3 seconds we receive word the password == jumanji. Using the cat command to display the flag.txt file we see the flag == 4pesb9b9blkfc08e3z2105b1b6bfif45.
Submitting the flag earned us 5pts.

About Crimson Agents

Formed in 2013, Crimson Agents is a DC based recreational security team that competes in various computer security wargames and hacker jeopardy contests. Our team comprised of various professionals seeking to practice and enhance our skills in penetration testing, vulnerability development, computer network defense, forensics, and reverse engineering. In addition to exploitation based CTFs, we also compete in Wireless CTFs with several members who focus solely in this domain. Our sister team Threat Inc focuses on defensive exercises such as malware analysis, forensics, honeypots, and network captures. We reuse what we learn from our "Blue Team" research to make our "Red Team" operations more effective and vice-versa.