Tags: warmup bruteforce
Rating:
# We Will Rock You - Beginner (50 pts)
## Description
> Hey! Here's the code for your free tickets to the rock concert! I just can't remember what I made the password...
### Provided files
we_will_rock_you.zip - a password protected ZIP file \[[download](https://ctfnote.shinmai.wtf:31337/files/downloadFile?id=pZAhUb9CZf3QrUG)\]
## Ideas and observations
1. there's one file inside the ZIP archive `we_will_rock_you/flag.txt`
2. the name heavily suggest a wordlist to try
## Solution
1. use `zip2john` to create a hashfile for John the Ripper (or hashcat if you prefer) - `zip2john we_will_rock_you.zip > johnfile`
2. crack the password using rockyou.txt as the wordlist - `john --wordlist=/usr/share/wordlists/rockyou.txt johnfile`
3. the password is `michigan4ever`
4. get the flag `unzip -P michigan4ever -p we_will_rock_you.zip we_will_rock_you/flag.txt`
`wctf{m1cH1g4n_4_3v3R}`
