Found this nested zip in Morty’s PC. what is it that he is hiding?
Lucian Nitescu, as part of jmp 0xc0ffee team.
150 points / 94 solvers
The challenge started with a
.zip file which contained multiple zipped files within other zipped files as you can see in the following example:
My approach was rather brute: I unzipped one file in a folder and within the newly created folder, I repeated my actions. Here is the single bash command that I executed:
while true; do unzip $(ls \*.zip) -d $(ls \*.zip). && cd $(ls \*.zip).; done
The resulting working directory and the retrieved files:
w.zip is the last zip archive within the chain and requires a password to extract the archived text file.
From the working directory path I decided to strip all the extension names (
.zip) and other unnecessary file names:
After I decoded the above base64 string, I obtained the following link:
I had to add the
p letter to the end of the link in order to access the page:
By clicking on the
User Review link, I was redirected to http://www.birple.com/users.asp?id=Brking1991@gmail.com&sid=175 website and page. At first, I thought that this was a dead end, but after multiple tries and failures I decided to use the leaked email (Brking1991@gmail.com) as the password for my last archive file:
Obtaining the flag: