Created
October 23, 2019 23:15
-
-
Save cetaSYN/d2dfb07845bca84ac332bb4a965b6f97 to your computer and use it in GitHub Desktop.
Use the output of the command `strings` as a wordlist to bruteforce a password-protected zip file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import zipfile | |
| import argparse | |
| import subprocess | |
| parser = argparse.ArgumentParser() | |
| parser.add_argument('target') | |
| parser.add_argument('stringsfile') | |
| parser.add_argument('output') | |
| args = parser.parse_args() | |
| strings = subprocess.check_output(['strings', args.stringsfile]).split() | |
| for check in strings: | |
| try: | |
| with zipfile.ZipFile(args.target, 'r') as zip_ref: | |
| zip_ref.extractall(args.output, pwd=check) | |
| print("WORKED WITH {}".format(check)) | |
| break | |
| except Exception as e: | |
| # print("Failed on {} - {}".format(check, e)) | |
| pass |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Written for Akamai's 2019 Black Hat "Crack The Code" CTF.
It wasn't the solution, but here we are.