Eternal Loop - Hack The Box Challenge

1 minute read

  1 minute read

eternal loop htb


Kali Linux - So we have John The Ripper, Python3 and wordlists like “rockyou” preinstalated. It could be another distribution like Parrot OS.


So, to get started we have to download the zip from the web.


Now we can execute the following script, the script will unzip all the zips one inside another, the first zip will unzipped with the passwd ‘hackthebox’ and for the next we discovered that the name of the file inside the zip is the password of the zip itself.

#!/usr/bin/env python3

from zipfile import ZipFile as zp

##Extracting the first zip
zip_file = ''
passwd = 'hackthebox'

with zp(zip_file,"r") as zf:
    zf.extractall(pwd = bytes(passwd, encoding='utf8'))

##Extracting the rest of files, using the file inside as password for the next zip

internal_zip_file = ''
passwd_internals = '5900'

while True:
    with zp(internal_zip_file,"r") as zf:
        for name in zf.namelist():
            passwd_internals = name.replace(".zip","")
        print(internal_zip_file + " = " + passwd_internals)
        if internal_zip_file == "":
            print("The last file is: " + internal_zip_file + " with file: " + passwd_internals)
        zf.extractall(pwd = bytes(passwd_internals, encoding='utf8'))
        internal_zip_file = passwd_internals + ".zip"


eternal loop htb 1

When the script finish, we’ll see this output:

The last file is: with file: DoNotTouch


Now, after we check that we dont know the password of this zip, we’ll need to crack it, I’ll use John The Ripper:

To get the hash, use zip2john:

zip2john > htb.hash  

And to get the hash cracked i’ll use the wordlist “rockyou”, if you are using kali you’ll find this file in the route used in the command:

john htb.hash --wordlist=/usr/share/wordlists/rockyou.txt 

eternal loop htb 2

It only remains to unzip the file.

The file will be “DoNotTouch”, if we check what type of file it is..

file DoNotTouch


DoNotTouch: SQLite 3.x database, last written using SQLite version 3021000

Reading the database

So, we open the file with a SQLite Reader, we browse the datasheets until we got the flag.

eternal loop htb 3