Kick31.zip Access

# Brute‑force short printable strings (1‑6 chars) charset = string.printable.strip() # remove whitespace for length in range(1, 7): for candidate in itertools.product(charset, repeat=length): s = ''.join(candidate) if hashlib.md5(s.encode()).digest() == target: print("[+] Found key:", s) raise SystemExit Running the script yields:

kick31.zip:$pkzip2$*0*1*2*10*...*e0e9c... A standard wordlist ( rockyou.txt ) plus a small custom rule set usually does the job.

target = bytes.fromhex('7a3d5e1f9ab8c4026d550af1337c8ee2') kick31.zip

[+] Found key: 4c1ck3r! (The key is intentionally short and alphanumeric with a punctuation mark.) 5.1 Run the binary with the key $ ./kick31.bin Enter the key: 4c1ck3r! Congratulations! Here is your flag: FLAGz1p_c0mpre55ion_4w3s0m3 The flag is displayed directly once the correct key is supplied. 5.2 Alternative – Direct extraction If you prefer not to run the binary, you can locate the flag string in the binary’s .rodata section. Using strings :

Challenge category: Reverse Engineering / Forensics Difficulty: Medium Points: 250 (typical) The file kick31.zip is a password‑protected ZIP archive. Inside the archive there is a single file named kick31.bin . The goal is to retrieve the flag hidden somewhere in the binary. (The key is intentionally short and alphanumeric with

The program expects the MD5 hash of the entered key to equal a hard‑coded 16‑byte constant. 4.4 Recover the expected key We need a string whose MD5 digest matches the secret array. Compute the digest of candidate strings until we find a match.

$ john --wordlist=rockyou.txt kick31.hash After a few seconds John reports: 7): for candidate in itertools.product(charset

#!/usr/bin/env python3 import hashlib import itertools import string