HackTheBox M0rsarchive Challenge

https://app.hackthebox.com/challenges/98
Description

Just unzip the archive … several times …
Exploitation

#!/usr/bin/python3
import re
import os
import sys
import zipfile
from PIL import Image
from tqdm import tqdm

def morse_decode(morse_list):
    password = ""
    MORSE_CODE_DICT = {'.-': 'a', '-...': 'b', '-.-.': 'c', '-..': 'd','.': 'e', '..-.': 'f', '--.': 'g', '....': 'h','..': 'i', '.---': 'j', '-.-': 'k', '.-..': 'l','--': 'm', '-.': 'n', '---': 'o', '.--.': 'p','--.-': 'q', '.-.': 'r', '...': 's', '-': 't','..-': 'u', '...-': 'v', '.--': 'w', '-..-': 'x','-.--': 'y', '--..': 'z', '-----': '0', '.----': '1','..---': '2', '...--': '3', '....-': '4', '.....': '5','-....': '6', '--...': '7', '---..': '8', '----.': '9','-..-.': '/', '.-.-.-': '.', '-.--.-': ')', '..--..': '?','-.--.': '(', '-....-': '-', '--..--': ','}
    for morse in morse_list:
        password += MORSE_CODE_DICT.get(morse)
    return password

def morse():
    fp = open('./pwd.png', 'rb')
    image = Image.open(fp)
    pixel = list(image.getdata())
    background = pixel[0]
    chars = []
    for i,v in enumerate(pixel):
        if v == background:
            chars.append(" ")
        else:
            chars.append("*")
    output = "".join(chars)
    output = re.sub(r'^\s*', '', output)
    output = re.sub(r'\s*$', '', output)
    output = re.sub(r'\*{3}', '-', output)
    output = re.sub(r'\*', '.', output)
    output = re.sub(r'\s{2,}', ' | ', output)
    output = re.sub(r'\s', '', output)
    output = output.split('|')
    fp.close()
    return output

def unzip_file(path, number, password):
    zip_path = "flag_" + str(1000-number) + ".zip"
    fp = zipfile.ZipFile(zip_path)
    for file in fp.namelist():
        fp.extract(file,"./",pwd=password.encode("utf-8"))
    fp.close()

def main():
    path = sys.path[0]
    for number in tqdm(range(1,1001), desc="Extracting archives"):
        morse_list = morse()
        password = morse_decode(morse_list)
        try:
            unzip_file(path, number, password)
            path = "./flag"
            os.chdir(path)
            try:
                fp = open('./flag', 'r')
                flag = fp.readlines()
                print(flag)
                fp.close()
                break
            except:
                continue
        except:
            continue

if __name__ == "__main__":
    main()
Summary

M0rsarchive: reduce the custom rules to a scriptable check and use the smallest reliable path to the flag.