https://app.hackthebox.com/challenges/20

Description

We believe that there is an SSH Password inside password protected ‘ZIP’ folder. Can you crack the ‘ZIP’ folder and get the SSH password?

Exploitation

zip2john fsociety.zip > fsociety.hash
john --wordlist=/usr/share/dict/rockyou.txt fsociety.hash
john --show fsociety.hash
unzip fsociety.zip

zip password justdoit

echo 'MDExMDEwMDEgMDExMDAxMTAgMDEwMTExMTEgMDExMTEwMDEgMDAxMTAwMDAgMDExMTAxMDEgMDEwMTExMTEgMDExMDAwMTEgMDEwMDAwMDAgMDExMDExMTAgMDEwMTExMTEgMDAxMDAxMDAgMDExMDExMDEgMDAxMTAwMTEgMDExMDExMDAgMDExMDExMDAgMDEwMTExMTEgMDExMTAxMTEgMDExMDEwMDAgMDEwMDAwMDAgMDExMTAxMDAgMDEwMTExMTEgMDExMTAxMDAgMDExMDEwMDAgMDAxMTAwMTEgMDEwMTExMTEgMDExMTAwMTAgMDAxMTAwMDAgMDExMDAwMTEgMDExMDEwMTEgMDEwMTExMTEgMDExMDEwMDEgMDExMTAwMTEgMDEwMTExMTEgMDExMDAwMTEgMDAxMTAwMDAgMDAxMTAwMDAgMDExMDEwMTEgMDExMDEwMDEgMDExMDExMTAgMDExMDAxMTE=' | base64 -d

binary_data = "01101001 01100110 01011111 01111001 00110000 01110101 01011111 01100011 01000000 01101110 01011111 00100100 01101101 00110011 01101100 01101100 01011111 01110111 01101000 01000000 01110100 01011111 01110100 01101000 00110011 01011111 01110010 00110000 01100011 01101011 01011111 01101001 01110011 01011111 01100011 00110000 00110000 01101011 01101001 01101110 01100111"
binary_values = binary_data.split()
ascii_output = ''.join([chr(int(b, 2)) for b in binary_values])
print('HTB{'+ascii_output+'}')

Summary

fs0ciety: reduce the custom rules to a scriptable check and use the smallest reliable path to the flag.