Rating:

We're initally provided with a Ghost_Cracker.zip file, and find that its files are encrypted with a password. Running zip2john to extract the files' hashes and then using john with the rockyou wordlist on the hashfile, we find that the zip's password is Password123; extracting it gives us two files, Locked Door.zip and The House.gif.

Trying to do the same set of steps with this new zip file fails, i.e. cracking with john and rockyou. Examing the .gif file with strings shows it has at the very end of the file hidden the string mediumfuzz. Taking this as a hint, we look at the wordlists provided by a default Kali Linux install, and find medium.txt under a wfuzz directory. Again using john but with this new wordlist, we discover the password to this zip, mqseries, and get two new files, The Room.jpg and Bones.zip.

Same steps, running strings on the image gives us the phrase wewillwewillrockyou, so we use rockyou again, and find the password wrrarb88, and get two more files, The Skeleton.png and ghostsighting.zip.

The image contains the string hopethisplacehaswifi, so we use the fern-wifi/common.txt wordlist, which gives us the password xdfk9874t3, and extracting gives us one final file, ghostprotocolgreen.png. Running strings on this gives us the flag, DO{crackingmakesmefeelgood}.