If the password isn't in a wordlist, check the challenge description for clues (e.g., "Amirah's favorite color") or look for Known Plaintext Attacks using Pkcrack if you have an unencrypted version of one file inside the ZIP. 4. Steganography & Hidden Data
Brute-force/Dictionary attack: john --wordlist=rockyou.txt amirah.hash Download File Amirah.zip
The flag is typically in the format CTF... or FLAG... . Once you find the string, the challenge is complete. Analysis: file , strings , binwalk Cracking: zip2john , john , fcrackzip Extraction: unzip , steghide If the password isn't in a wordlist, check
The first step is to verify the file type and check for basic metadata. file Amirah.zip or FLAG
Check if another file is appended to the end of the extracted files using binwalk -e [filename] . 5. Final Flag Extraction