Klaun

Forensics · CCS Club · Uzi

Problem

We're given a RAR archive data v5 file.

349KB

Klaun.rar

archive

Open

I tried to extract using this platform by entering any password to see the result. However, it asked me for a password to download Klaun.png. Another file, Wordlist.txt, was available for download.

Bruteforcing Technique

1

Extracting password hashes from RAR files

rar2john ./Klaun.rar > hash

2

Cracking the hash using Hashcat

hashcat -a 0 -m 13000 hash Wordlist.txt

hash-type(13000) can be found from sample hashes.

Output

$rar5$16$66b921062f7fbcf42a7c3bb35e127db3$15$1260ae075dd992e9af0d9db82c2e2741$8$613acf0df906e777:goodiegoodie

After entering the password, you will be able to get Klaun.png file. Use the strings command to get the flag.

strings Klaun.png

FLAG IS : Y2NzQ1RGe1czTExfRDBOM19NWV9GUjEzTkR9

Decode it from base64. CyberChef recipe is here.

ccsCTF{W3LL_D0N3_MY_FR13ND}