Suninatas Game 13

challenges

Game 13

1
2
<!--	Hint : 프로그래머의 잘못된 소스백업 습관 -->
<!-- Hint : The programmer's bad habit of backup source codes -->

how do i know there was file named web13.zip????

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# download

http://suninatas.com/challenge/web13/web13.zip

# unzip
# !!! if you don't set Locale Korean

❯ 7z x web13.zip
ERROR: Wrong password : whitehack1.jpg
ERROR: Wrong password : whitehack2.jpg
ERROR: Wrong password : whitehack3.jpg
ERROR: Wrong password : whitehack4.jpg
ERROR: Wrong password : 4ڸ.txt

# suggest to use unar btw
# auto check Korean
❯ unar web13.zip
압축비번은4자리정수

# translate is -> The compression password is a 4-digit integer

# john the ripper btw, seclist btw(all get from github)
❯ zip2john web13.zip > hash.txt
❯ john hash.txt --wordlist=~/ctf/tool/dic/SecLists/Fuzzing/4-digits-0000-9999.txt
...
7642 (web13.zip)
...

# unar again
# open the 압축비번은4자리정수.txt with Encoding EUC-KR
# i use vscode btw

4개의 이미지를 합하여 key를 구하시오 -> Combine the four images to find the key.

❯ xxd whitehack1.jpg | head -20
...
000000a0: 0016 6669 7273 7420 6b65 7920 3a20 336e ..first key : 3n
000000b0: 6461 3139 326e ffc0 0011 0800 5700 b403 da192n......W...
...

❯ xxd whitehack2.jpg | head -20
...
000000a0: 0017 7365 636f 6e64 206b 6579 203a 2038 ..second key : 8
000000b0: 3465 6431 6361 65ff c000 1108 018d 018d 4ed1cae.........
...

❯ xxd whitehack3.jpg | head -20
...
00000050: 393d 3832 3c2e 3334 32ff fe00 1574 6869 9=82<.342....thi
00000060: 7264 206b 6579 3a20 3861 6267 3932 3935 rd key: 8abg9295
00000070: ffc0 000b 0800 4f00 b401 0111 00ff c400 ......O.........
...

❯ xxd whitehack4.jpg | head -20
...
000000a0: 0017 666f 7572 7468 206b 6579 203a 2063 ..fourth key : c
000000b0: 6639 6564 6134 64ff c000 1108 00b4 00a4 f9eda4d.........
...

# combine the four key
3nda192n84ed1cae8abg9295cf9eda4d