yeah i am lost as well. what file are we suppose to use to crack the Notes.zip file?
you used some mutated file to work on Kira earlier, use the same
I used the previously mutated password file but it doesn’t work
hydra -l ‘kira’ -P love.list ssh://ip
hope this command helps
the ‘love.list’ file its mutated already with the custom rule
three issues:
-
download all the files from the ‘resources’
-
ssh into box as ‘kira’ (LoveYou1 is from previous module i believe)
echo 'LoveYou1' | hashcat --force -r custom.rule --stdout | sort -u > mutated-passwords
hydra -l kira -P mutated-passwords xx.xxx.xxx.xx ssh -vv -t32
- crack the zip hash using ‘zip2john’
cat password.list | hashcat --force -r custom.rule --stdout | sort -u > mutated-passwords
john --wordlist=mutated-passwords 2john.hash
3 Likes
Why does HTB like to force the download of strange custom rules and resources? It is a pointless detour.
2 Likes
Did you ever figure this out? I have this same problem.
This is awesome!
Thank you.
L0vey0u1! is the pw for kira
this making me so mad, because I don’t remember kira’s pw and now I have to redo that module all over again
It is a bit frustrating, but this reminds to make notes 
1 Like
hello my friend can you explain please what is the password of the root and how you got it
You dont need the password of the root. The Notes.zip is also on the Documents folder
Thats’s worked guys !
Password for kira is L0vey0u1!
same
Try python upload server
Uff it is hidden behind the “Hint” button of the question?!
Shall this be a lesson on reading everything carefully?
Without this post I would never have found this 
Uh the Notes.zip file comes up as empty when I try to zip2john Notes.zip > notes.hash. Stuck and Can’t find anything on this. Really agitated with this.