Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Use the output of the command `strings` as a wordlist to bruteforce a password-protected zip file
#!/usr/bin/env python3
import zipfile
import argparse
import subprocess
parser = argparse.ArgumentParser()
parser.add_argument('target')
parser.add_argument('stringsfile')
parser.add_argument('output')
args = parser.parse_args()
strings = subprocess.check_output(['strings', args.stringsfile]).split()
for check in strings:
try:
with zipfile.ZipFile(args.target, 'r') as zip_ref:
zip_ref.extractall(args.output, pwd=check)
print("WORKED WITH {}".format(check))
break
except Exception as e:
# print("Failed on {} - {}".format(check, e))
pass
@cetaSYN
Copy link
Author

cetaSYN commented Oct 23, 2019

Written for Akamai's 2019 Black Hat "Crack The Code" CTF.
It wasn't the solution, but here we are.

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment