Rating:
The challenge provides a `challenge` file of unknown type. I ran `file` against it, but this wasn't helpful.
$ file ./challenge
./challenge: data
I looked at the hex dump with `xxd` and saw a reference to `flag.txt` towards the end, which indicated to me this was some sort of archive format.
00035530: 0102 1e03 0a00 0900 0000 91a1 1e55 cbbe .............U..
00035540: 17b1 2200 0000 1600 0000 0800 1800 0000 ..".............
00035550: 0000 0100 0000 b481 0000 0000 666c 6167 ............flag
00035560: 2e74 7874 5554 0500 0362 990e 6375 780b .txtUT...b..cux.
00035570: 0001 04e8 0300 0004 e803 0000 504b 0506 ............PK..
00035580: 0000 0000 0100 0100 4e00 0000 7400 0000 ........N...t...
00035590: 0000
I tried to `unzip` the `challenge` file, and it printed a warning but continued on to prompt for a password, so this seemed promising.
Archive: challenge
warning [challenge]: 218298 extra bytes at beginning or within zipfile
(attempting to process anyway)
[challenge] flag.txt password:
Naively extracting the hash with `zip2john` didn't work because of the missing metadata in the previous warning. Stackoverflow provided a solution to repair the metadata.
$ zip -FF challenge --out fixed.zip
Now `zip2john` worked as expected.
$ zip2john fixed.zip > challenge.hashes
I tried to crack the hash with `johntheripper` and the classic `rockyou` wordlist but came up empty. Since the CTF is based in Argentina, I downloaded a Spanish language wordlist and produced the password.
vanamente
This allowed `flag.txt` to be extracted, revealing the flag.
flag{_B0rg3S_Th3R43l}
