jeje-50/ndh2k16_hellofriend.txt

## ndh2k16_hellofriend.txt
# foremost hellofriend.jpg
=> check file structure, we found a zip
# cd output/zip/
# file 00000226.zip
=> try to unzip it
# unzip 00000226.zip
=> it ask a password, but a file named WhoAmI.png can be extracted, and with some guessing find "fsociety"
=> several files extracted :
  inflating: WhoAmI.png
   creating: Hello_friend/
   creating: Hello_friend/0/
[00000226.zip] Hello_friend/0/64.png password:
  inflating: Hello_friend/0/64.png
   creating: Hello_friend/1/
  inflating: Hello_friend/1/61.png
   creating: Hello_friend/2/
  inflating: Hello_friend/2/72.png
   creating: Hello_friend/3/
  inflating: Hello_friend/3/6b.png
   creating: Hello_friend/4/
  inflating: Hello_friend/4/63.png
   creating: Hello_friend/5/
  inflating: Hello_friend/5/30.png
   creating: Hello_friend/6/
  inflating: Hello_friend/6/64.png
   creating: Hello_friend/7/
  inflating: Hello_friend/7/65.png
   creating: Hello_friend/8/
  inflating: Hello_friend/8/IsItReal.jpg  ( => troll)
   creating: Hello_friend/9/
  inflating: Hello_friend/9/3xploits.jpg

=> check "Hello_friend/9/3xploits.jpg"
# cd  Hello_friend/9/
# foremost 3xploits.jpg
=> find another zip but protect with password (again) so check other file
=> we find filename 64 61 72 6b 63 30 64 65 seems to be HEX code and we find "darkc0de"
=> darkc0de it's a famous wordlist, so download it
=> launch a dictionary attack on zip
# fcrackzip -D -p darkc0de.lst -u 00000363.zip


PASSWORD FOUND!!!!: pw == How do you like me now?
# unzip -P 'How do you like me now?' 00000363.zip
Archive:  00000363.zip
  inflating: d3bug.png

=> Open d3bug.png file and get flag
	# foremost hellofriend.jpg
	=> check file structure, we found a zip
	# cd output/zip/
	# file 00000226.zip
	=> try to unzip it
	# unzip 00000226.zip
	=> it ask a password, but a file named WhoAmI.png can be extracted, and with some guessing find "fsociety"
	=> several files extracted :
	inflating: WhoAmI.png
	creating: Hello_friend/
	creating: Hello_friend/0/
	[00000226.zip] Hello_friend/0/64.png password:
	inflating: Hello_friend/0/64.png
	creating: Hello_friend/1/
	inflating: Hello_friend/1/61.png
	creating: Hello_friend/2/
	inflating: Hello_friend/2/72.png
	creating: Hello_friend/3/
	inflating: Hello_friend/3/6b.png
	creating: Hello_friend/4/
	inflating: Hello_friend/4/63.png
	creating: Hello_friend/5/
	inflating: Hello_friend/5/30.png
	creating: Hello_friend/6/
	inflating: Hello_friend/6/64.png
	creating: Hello_friend/7/
	inflating: Hello_friend/7/65.png
	creating: Hello_friend/8/
	inflating: Hello_friend/8/IsItReal.jpg ( => troll)
	creating: Hello_friend/9/
	inflating: Hello_friend/9/3xploits.jpg

	=> check "Hello_friend/9/3xploits.jpg"
	# cd Hello_friend/9/
	# foremost 3xploits.jpg
	=> find another zip but protect with password (again) so check other file
	=> we find filename 64 61 72 6b 63 30 64 65 seems to be HEX code and we find "darkc0de"
	=> darkc0de it's a famous wordlist, so download it
	=> launch a dictionary attack on zip
	# fcrackzip -D -p darkc0de.lst -u 00000363.zip


	PASSWORD FOUND!!!!: pw == How do you like me now?
	# unzip -P 'How do you like me now?' 00000363.zip
	Archive: 00000363.zip
	inflating: d3bug.png

	=> Open d3bug.png file and get flag