Suninatas Game 13

Posted on 2026-02-09 Edited on 2026-03-02 In ctf Views: Disqus: Word count in article: 277 Reading time ≈ 1 mins.

challenges

Game 13

1 2	<!-- Hint : 프로그래머의 잘못된 소스백업 습관 --> <!-- Hint : The programmer's bad habit of backup source codes -->

how do i know there was file named web13.zip????

# download

http://suninatas.com/challenge/web13/web13.zip

# unzip
# !!! if you don't set Locale Korean

❯ 7z x web13.zip
ERROR: Wrong password : whitehack1.jpg
ERROR: Wrong password : whitehack2.jpg
ERROR: Wrong password : whitehack3.jpg
ERROR: Wrong password : whitehack4.jpg
ERROR: Wrong password : 4ڸ.txt

# suggest to use unar btw
# auto check Korean
❯ unar web13.zip
압축비번은4자리정수

# translate is -> The compression password is a 4-digit integer

# john the ripper btw, seclist btw(all get from github)
❯ zip2john web13.zip > hash.txt
❯ john hash.txt --wordlist=~/ctf/tool/dic/SecLists/Fuzzing/4-digits-0000-9999.txt
...
7642             (web13.zip)
...

# unar again
# open the 압축비번은4자리정수.txt with Encoding EUC-KR
# i use vscode btw

4개의 이미지를 합하여 key를 구하시오 -> Combine the four images to find the key.

❯ xxd whitehack1.jpg | head -20
...
000000a0: 0016 6669 7273 7420 6b65 7920 3a20 336e  ..first key : 3n
000000b0: 6461 3139 326e ffc0 0011 0800 5700 b403  da192n......W...
...

❯ xxd whitehack2.jpg | head -20
...
000000a0: 0017 7365 636f 6e64 206b 6579 203a 2038  ..second key : 8
000000b0: 3465 6431 6361 65ff c000 1108 018d 018d  4ed1cae.........
...

❯ xxd whitehack3.jpg | head -20
...
00000050: 393d 3832 3c2e 3334 32ff fe00 1574 6869  9=82<.342....thi
00000060: 7264 206b 6579 3a20 3861 6267 3932 3935  rd key: 8abg9295
00000070: ffc0 000b 0800 4f00 b401 0111 00ff c400  ......O.........
...

❯ xxd whitehack4.jpg | head -20
...
000000a0: 0017 666f 7572 7468 206b 6579 203a 2063  ..fourth key : c
000000b0: 6639 6564 6134 64ff c000 1108 00b4 00a4  f9eda4d.........
...

# combine the four key

3nda192n84ed1cae8abg9295cf9eda4d