Eternal Loop - Hack The Box Challenge
Environment
Kali Linux - So we have John The Ripper, Python3 and wordlists like “rockyou” preinstalated. It could be another distribution like Parrot OS.
Pre-start
So, to get started we have to download the zip from the web.
Automate
Now we can execute the following script, the script will unzip all the zips one inside another, the first zip will unzipped with the passwd ‘hackthebox’ and for the next we discovered that the name of the file inside the zip is the password of the zip itself.
#!/usr/bin/env python3
from zipfile import ZipFile as zp
##Extracting the first zip
zip_file = 'Eternal_Loop.zip'
passwd = 'hackthebox'
with zp(zip_file,"r") as zf:
zf.extractall(pwd = bytes(passwd, encoding='utf8'))
zf.close()
##Extracting the rest of files, using the file inside as password for the next zip
internal_zip_file = '37366.zip'
passwd_internals = '5900'
while True:
with zp(internal_zip_file,"r") as zf:
for name in zf.namelist():
passwd_internals = name.replace(".zip","")
print(internal_zip_file + " = " + passwd_internals)
if internal_zip_file == "6969.zip":
print("The last file is: " + internal_zip_file + " with file: " + passwd_internals)
break
zf.extractall(pwd = bytes(passwd_internals, encoding='utf8'))
internal_zip_file = passwd_internals + ".zip"
zf.close()
Running..
When the script finish, we’ll see this output:
The last file is: 6969.zip with file: DoNotTouch
Cracking
Now, after we check that we dont know the password of this zip, we’ll need to crack it, I’ll use John The Ripper:
To get the hash, use zip2john:
zip2john 6969.zip > htb.hash
And to get the hash cracked i’ll use the wordlist “rockyou”, if you are using kali you’ll find this file in the route used in the command:
john htb.hash --wordlist=/usr/share/wordlists/rockyou.txt
It only remains to unzip the file.
The file will be “DoNotTouch”, if we check what type of file it is..
file DoNotTouch
Output:
DoNotTouch: SQLite 3.x database, last written using SQLite version 3021000
Reading the database
So, we open the file with a SQLite Reader, we browse the datasheets until we got the flag.