Rating:

We're initally provided with a `Ghost_Cracker.zip` file, and find that its files are encrypted with a password. Running `zip2john` to extract the files' hashes and then using `john` with the `rockyou` wordlist on the hashfile, we find that the zip's password is `Password123`; extracting it gives us two files, `Locked Door.zip` and `The House.gif`.

Trying to do the same set of steps with this new zip file fails, i.e. cracking with `john` and `rockyou`. Examing the .gif file with `strings` shows it has at the very end of the file hidden the string `mediumfuzz`. Taking this as a hint, we look at the wordlists provided by a default Kali Linux install, and find `medium.txt` under a `wfuzz` directory. Again using `john` but with this new wordlist, we discover the password to this zip, `mqseries`, and get two new files, `The Room.jpg` and `Bones.zip`.

Same steps, running `strings` on the image gives us the phrase `wewillwewillrockyou`, so we use `rockyou` again, and find the password `wrrarb88`, and get two more files, `The Skeleton.png` and `ghostsighting.zip`.

The image contains the string `hopethisplacehaswifi`, so we use the `fern-wifi/common.txt` wordlist, which gives us the password `xdfk9874t3`, and extracting gives us one final file, `ghostprotocolgreen.png`. Running `strings` on this gives us the flag, `DO{crackingmakesmefeelgood}`.