$ file keka keka: 7-zip archive data, version 0.3
Let's try extracting it! :D
7z e keka # .....Takes long Time... # No.
It ended up throwing up a few large files and that's when I started doing it the way it was probably intended to be solved, like most zip/compression bomb challenges.
- List the compressed files in the archive
- Extract the differing file which may lead to the target
Here's the final solution I ended up going with:
$ 7z l keka
7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,4 CPUs)
Listing archive: keka
--
Path = keka
Type = 7z
Method = LZMA
Solid = -
Blocks = 16
Physical Size = 9508910
Headers Size = 210
Date Time Attr Size Compressed Name
------------------- ----- ------------ ------------ ------------------------
2015-04-29 18:46:35 ....A 4194304000 594004 001.7z
2015-04-29 18:46:35 ....A 4194304000 594004 002.7z
2015-04-29 18:46:35 ....A 4194304000 594004 003.7z
2015-04-29 18:46:35 ....A 4194304000 594004 004.7z
2015-04-29 18:46:35 ....A 4194304000 594004 005.7z
2015-04-29 18:46:35 ....A 4194304000 594004 006.7z
2015-04-29 18:46:35 ....A 4194304000 594004 007.7z
2015-04-29 18:46:35 ....A 4194304000 594004 008.7z
2015-04-29 18:46:35 ....A 4194304000 594004 009.7z
2015-04-29 18:46:35 ....A 4194304000 594004 010.7z
2015-04-29 18:46:35 ....A 4194304000 594004 011.7z
2015-04-29 18:46:35 ....A 4194304000 594004 012.7z
2015-04-29 18:46:35 ....A 4194304000 598640 013.7z
2015-04-29 18:46:35 ....A 4194304000 594004 014.7z
2015-04-29 18:46:35 ....A 4194304000 594004 015.7z
2015-04-29 18:46:35 ....A 4194304000 594004 016.7z
------------------- ----- ------------ ------------ ------------------------
67108864000 9508700 16 files, 0 folders
Looks like this file differs:
2015-04-29 18:46:35 ....A 4194304000 598640 013.7z
Continuing by extracting only that one:
$ 7z e keka 013.7z 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18 p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,4 CPUs) Processing archive: keka Extracting 013.7z Everything is Ok Size: 4194304000 Compressed: 9508910And for fun, let's watch our hard=drive fill up as we cry:
watch 'ls -lahlahlahlah'Cool, extracted a 3.9GB 7z file:
$ 7z l 013.7z
7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,4 CPUs)
Listing archive: 013.7z
--
Path = 013.7z
Type = 7z
Method = LZMA
Solid = -
Blocks = 16
Physical Size = 9497888
Headers Size = 209
Date Time Attr Size Compressed Name
------------------- ----- ------------ ------------ ------------------------
2015-04-29 11:32:54 ....A 4194304000 593444 0001.7z
2015-04-29 11:32:54 ....A 4194304000 593444 0002.7z
2015-04-29 11:32:54 ....A 4194304000 593444 0003.7z
2015-04-29 11:32:54 ....A 4194304000 593444 0004.7z
2015-04-29 11:32:54 ....A 4194304000 593444 0005.7z
2015-04-29 11:32:54 ....A 4194304000 593444 0006.7z
2015-04-29 11:32:54 ....A 4194304000 593444 0007.7z
2015-04-29 11:32:54 ....A 4194304000 593444 0008.7z
2015-04-29 11:32:54 ....A 4194304000 596019 0009.7z
2015-04-29 11:32:54 ....A 4194304000 593444 0010.7z
2015-04-29 11:32:54 ....A 4194304000 593444 0011.7z
2015-04-29 11:32:54 ....A 4194304000 593444 0012.7z
2015-04-29 11:32:54 ....A 4194304000 593444 0013.7z
2015-04-29 11:32:54 ....A 4194304000 593444 0014.7z
2015-04-29 11:32:54 ....A 4194304000 593444 0015.7z
2015-04-29 11:32:54 ....A 4194304000 593444 0016.7z
------------------- ----- ------------ ------------ ------------------------
67108864000 9497679 16 files, 0 folders
------------------------------------------------------------
Rinse, and Repeat!
NOTE: Rinsing in this case is defined as deleting left-over 3.9GB files.... don't want too many of those stacking up....
Differs:
2015-04-29 11:32:54 ....A 4194304000 596019 0009.7zExtract:
$ 7z e 013.7z 0009.7zDelete:
$ rm 013.7z
$ 7z l 0009.7z ... 2015-04-29 06:33:53 ....A 4194304000 593928 0000007.7z ... 7z e 0009.7z 0000007.7z
$ 7z l 0000007.7z ... 2015-04-29 01:07:48 ....A 4194304000 592391 0000000008.7z ... 7z e 0000007.7z 0000000008.7zFinally something more interesting! (Was almost ready to write a script)
Listing archive: 0000000008.7z
--
Path = 0000000008.7z
Type = 7z
Method = LZMA
Solid = -
Blocks = 16
Physical Size = 9467826
Headers Size = 212
Date Time Attr Size Compressed Name
------------------- ----- ------------ ------------ ------------------------
2015-04-27 00:20:03 ....A 4194304000 591723 bomb_00
2015-04-27 00:20:03 ....A 4194304000 591723 bomb_01
2015-04-27 00:20:03 ....A 4194304000 591723 bomb_02
2015-04-27 00:20:03 ....A 4194304000 591723 bomb_03
2015-04-27 00:20:03 ....A 4194304000 591723 bomb_04
2015-04-27 00:20:03 ....A 4194304000 591723 bomb_05
2015-04-27 00:20:03 ....A 4194304000 591723 bomb_06
2015-04-27 00:20:03 ....A 4194304000 591723 bomb_07
2015-04-27 00:20:03 ....A 4194304000 591769 bomb_08
2015-04-27 00:20:03 ....A 4194304000 591723 bomb_09
2015-04-27 00:20:03 ....A 4194304000 591723 bomb_10
2015-04-27 00:20:03 ....A 4194304000 591723 bomb_11
2015-04-27 00:20:03 ....A 4194304000 591723 bomb_12
2015-04-27 00:20:03 ....A 4194304000 591723 bomb_13
2015-04-27 00:20:03 ....A 4194304000 591723 bomb_14
2015-04-27 00:20:03 ....A 4194304000 591723 bomb_15
------------------- ----- ------------ ------------ ------------------------
67108864000 9467614 16 files, 0 folders
------------------------------------------------------------
Looks like we have the final bomb! Let's extract it!
2015-04-27 00:20:03 ....A 4194304000 591769 bomb_08 ... $ 7z e 0000000008.7z bomb_08Then after it's extracted, check the filetype again:
$ file bomb_08 bomb_08: dataSweeeeet! We got some data! Let's strings it see what comes up:
$ strings bomb_08
ASIS{f974da3203d155826974f4a66735a20b}
Bomb Defused!
So in retrospect, this was a pretty fun challenge, easy enough to do on the command-line without anything more than standard tools and 7zip. I could've written a script, but it wasn't too deep, and was fun to do some hunting in the 7z realm.
