Tags: warmup bruteforce 

Rating:

# We Will Rock You - Beginner (50 pts)

## Description
> Hey! Here's the code for your free tickets to the rock concert! I just can't remember what I made the password...

### Provided files
we_will_rock_you.zip - a password protected ZIP file \[[download](https://ctfnote.shinmai.wtf:31337/files/downloadFile?id=pZAhUb9CZf3QrUG)\]

## Ideas and observations
1. there's one file inside the ZIP archive `we_will_rock_you/flag.txt`
2. the name heavily suggest a wordlist to try

## Solution
1. use `zip2john` to create a hashfile for John the Ripper (or hashcat if you prefer) - `zip2john we_will_rock_you.zip > johnfile`
2. crack the password using rockyou.txt as the wordlist - `john --wordlist=/usr/share/wordlists/rockyou.txt johnfile`
3. the password is `michigan4ever`
4. get the flag `unzip -P michigan4ever -p we_will_rock_you.zip we_will_rock_you/flag.txt`

`wctf{m1cH1g4n_4_3v3R}`

Original writeup (https://gist.github.com/shinmai/5720d1f0a214d0878cfb530eb975c469#we-will-rock-you---beginner-50-pts).