Rating:
[1] # zip2john flag.zip > ziphash
[2] # john --wordlist=/usr/share/wordlists/rockyou.txt ziphash
Using default input encoding: UTF-8
Loaded 1 password hash (PKZIP [32/64])
Will run 2 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
!!!0mc3t (flag.zip/flag.txt)
1g 0:00:00:01 DONE (2019-02-03 13:55) 0.6134g/s 8798Kp/s 8798Kc/s 8798KC/s !!rebound!!..*7¡Vamos!
Use the "--show" option to display all of the cracked passwords reliably
Session completed
As seen in the output above, !!!0mc3t was the password.
I then unzipped the flag.txt file and that's where I found the following string:
652076206c207a207b207320302075206e2064205f20302066205f206d2075203520692063207d206320742066
I took a lazy approach to this part of the challenge and sent it to cyberchef and used "magic" to decode the string. Magic used from hex to convert the reveal the flag:
e v l z { s 0 u n d _ 0 f _ m u 5 i c } c t f
I manually removed the spaces and submitted the flag.
