K3RN3L CTF 202
Zabomb
You received a suspicious file from the k3rn3l4rmy hacking group, the title says, ‘Not a Zip Bomb, Please Open’, you decide NOT to open it and instead try to reverse it.
It is recommended that you do NOT open this, it will fill your entire disk.
Solving the challenge
Luckily unzip was not able to do the job. Because I´ve downloaded most of the challenge files in the beginning and started to unzip them. Later I saw the warning. But ok.
The unpacked data had a size of 26,206994 Petabytes ^^ - and no my local drive was not big enough 🙂
Thinking about how to handle the zip (got a CRC error during unpacking with unzip), I started with
unzip -l flag.zip > details.txtand got a long list of files. Only the first one was much smaller than the rest.
┌──(chris㉿kali)-[~/ctf/K3RN3L_CTF/Zabomb]
└─$ head details.txt
Archive: flag.zip
Length Date Time Name
--------- ---------- ----- ----
66 1982-10-08 13:37 0DJE
4294967240 1982-10-08 13:37 0
4294967209 1982-10-08 13:37 1
4294967178 1982-10-08 13:37 2
4294967147 1982-10-08 13:37 3
4294967116 1982-10-08 13:37 4
4294967085 1982-10-08 13:37 5
My first try to extract only the 66 bytes small file was not successful, because unzip again told me about a CRC error.
└─# unzip -d . flag.zip 0DJE
Archive: flag.zip
inflating: ./0DJE bad CRC 15d755a9 (should be a2cfa4c7)The next try with 7-zip also had an error but at least it worked and extracted the needed file.
─# 7za e flag.zip 0DJE
7-Zip (a) [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=de_DE.UTF-8,Utf16=on,HugeFiles=on,64 bits,4 CPUs Common KVM processor (F61),ASM)
Scanning the drive for archives:
1 file, 9893687 bytes (9662 KiB)
Extracting archive: flag.zip
--
Path = flag.zip
Type = zip
Physical Size = 9893687
ERROR: CRC Failed : 0DJE
Sub items Errors: 1
Archives with Errors: 1
Sub items Errors: 1
└─# cat 0DJE
flag{w0wc0mpres51on&d3comp53ssi0N!s_s0_c3wl_ju5t_d0n7_gO_b0OM}