Skip to main content
  1. CTF Writeups/
  2. scriptCTF 2025/

Just Some Avocado

·
For 302pts 353 Solves Rockyou Fcrackzip Audacity Spectogram
subzcuber
Author
subzcuber
i like to imagine i’m funny

Author: Connor Chang

just an innocent little avocado!

given avocado.jpg which contains a password protected zip which contains another password protected justanotherzip.zip and a staticnoise.wav

❯ binwalk -e avocado.jpg

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             JPEG image data, JFIF standard 1.01
100599        0x188F7         Zip archive data, encrypted at least v1.0 to extract, compressed size: 234, uncompressed size: 222, name: justsomezip.zip
100922        0x18A3A         Zip archive data, encrypted at least v2.0 to extract, compressed size: 408140, uncompressed size: 437908, name: staticnoise.wav
509321        0x7C589         End of Zip archive, footer length: 22

we crack the first zip with fcrackzip

❯ fcrackzip -u -v -D -p /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt justsomezip.zip

which gives us the first password as

PASSWORD FOUND!!!!: pw == impassive3428

unzipping gives us

❯ ll
Permissions Size User      Date Modified Name
.rw-r--r--   222 subzcuber 25 Jun 04:46  justsomezip.zip
.rw-r--r--  438k subzcuber 25 Jun 23:08  staticnoise.wav

now justsomezip.zip can not be cracked with rockyou, so we move on to staticnoise.wav. The spectogram gives us the password to justsomezip.zip, unzipping which gives us the flag.

spectogram

scriptCTF{1_l0ve_d41_v3r0n}
Reply by Email

Related

pdf
For 100pts 508 Solves Pdf
encoded pdf stream
Finders Keepers
For 108pt 141 Solves Stego Steghide Binwalk Foremost
aperisolve ftwwww
Bladerunner Type Shi-
For 122pt File
yui’s face looks exactly like ryan gosling