 What is going on everybody, my name is John Hammond and welcome back to some more HSCTF. We're still in the miscellaneous category so some simple stuff here. This next challenge is locked up for 145 points. It says my friend gave me a zip file with the flag in it but the zip file is encrypted. Can you help me open the file? So we have this thing we could download here. I'm not able to W get any more from CTFD website so I don't know if I'm just being stupid which is likely the case but if anyone has actually seen that you know what here let me demo that let me show you if I try and copy link location you know let's do a little W get and then pass in the link here and then crank that out arrow 404 and I found and okay I'll go ahead and remove some of like the unnecessary jargon here because it doesn't need all of those extra variables it just needs to get the file name however that gives me a forbidden I've tried to give extra user agent and that still didn't work I tried to pretend to be firefox that didn't help regardless sorry that's just me whining we have a file lock dot zip in here and if we were to open it up we're trying to unzip it poke at it whatever we can explore and see that all of these files in here that have random names are supposedly password protected however they're all zero bytes long you see that lock that lock means okay this is password protected but they're all zero bytes I scrolled through this and okay there's got to be something in here that's not zero bytes long and that was not the case literally every single one of them how it was empty so I thought well the flag has to be here somewhere right so thankfully this is an alphabetical order we can kind of change that if we'd like it to with a column up there but I thought okay I'll just look for H in the H section and I scrolled down a little bit and I saw wow zips aren't that secure and that was the flag so that's it that's it's that simple that's all that it was what I ended up doing or at least another option is just actually running strings on this and you can do that exact same thing right grep for HSTCF and that cranks it out so since strings was all we need to do that means that theoretically Katana could find this so if I actually in my case went to GitHub Katana when I hadn't activated the virtual environment I can remove the results directory and then we'll run Katana we'll put it in auto mode because it'll just run all the units that it knows track down whatever it's applicable and it's that lock.zip file in my current directory we could exclude crypto if we wanted to might make things faster but in our case let's just apply the flag format and see if we can track it down if we need to exclude crypto okay there it just spits it out found it in strings in point one second so that's that it literally the strings command that's that's the whole point of Katana for us and to do those things we wouldn't have to otherwise and it will be available soon I hope I'm not teasing by sprinkling a little bit more as we go through so hey thank you guys for watching I hope you enjoyed this if you did please do like comment and subscribe not a hard challenge not a difficult or long video but I hope these small bites would be good especially when you get things that would trip trip you up right you might not know hey let's just kind of examine this zip file and maybe strings wouldn't be what you normally would run try and crack the password look for those files except they're all zero bites a little bit odd if you did like the video please do like comment and subscribe love to see you guys in discord server there's a link in the description it's an awesome community love to see you on paypal let's you on patreon appreciate any of your support so thank you guys so much bye