Tags: bash python bruteforce
Rating: 3.0
## Unzipping over 1800 files (with the help of bash and python!)
This really was a great challenge for me, it taught me alot about bash and bash scripting and was the best challenge I've solved in the whole CTF!
### Writing the bash script.
The bash script I wrote wasn't complicated at all, it was small and got the job done (with the downside of having to delete all the previous zip files when it got to the 999th zip, the 99th zip and the 9th zip as it would then add it at the end of the list which didn't work well for my script because of reasons you will see now, there is sure to be a solution to this but this challenge didn't count a lot of points so i just did it manually :D!)
So first off we start with the bash shebang and a notice to let us know that the script started working:
```
#!/bin/bash
echo "[*] Script is running."
```
Then we want to access our bruteforcing script(which in this case was python and could easily be found online if you search for 7z-Bruteforce with python.)
```
cd 7z-BruteForce # This was the directory my script was in.
```
Now we can start with the exciting stuff, first let's make a while true loop to get all the files and unzip them.
```
while [[ true ]];
do
```
Now we need to get all the zipped files, this could easily be done with egrep as follows:
```
ls | egrep "tar|gz|zip" > output.txt # We are putting it into the files output.txt for later use.
```
What we want to do now is get the first line of the file and read it and only extract it, otherwise our extraction of all the zip files would take hours as it would bruteforce every file in the list over and over again even though it has already been extracted:
```
head -n 1 ouput.txt | while read line;
do
echo "==================================="
echo "### Trying to extract zip file! ###"
echo "==================================="
```
So now comes the main part of the script, we need to extract the files and bruteforce them if they have a password. Luckily this isn't too hard to code as our python script of choice does all the heavy lifting here.
```
if [ $line ];
then
python main.py -f $line -w passwords.txt
else
echo "[-] No lines found in output.txt"
fi
done
done
```
And that is all there was to it, the python script really shouldn't be hard to code and I only posted the bash as this is what extracted all of the files for us(thus solving the challenge.)
It shouldn't be too hard to modify your python script to also delete the old files if it's done extracting the new one!
NOTE: In my script I did use 7z as it can extract all file types without problems, thus making it much smaller and more efficient and yes you can make a bruteforcer with bash and that would be an interesting project but i decided mine would be better made in python to have this script work to its full potential make your python delete all the old zipped flies that it has already extracted...
THANKS FOR READING!
