Every so often, I come across a challenge that has a password encrypted zip file.  And every so often I realize I've switched my working laptop and I no longer have Jumbo John installed.  Recently I encountered that exact scenario and when I attempted to install Jumbo John, something went sideways.  Rather than digging through it, and knowing that I'm about to switch my working laptop in the very near future, I decided to use a script instead.

Honestly, after going this route, I'm not exactly sure why this isn't a better approach.  Perhaps if I weren't using a wordlist?  Multithreading?  Dunno.  Anyway, I think I can count exactly one time I've come across a zip file with a password in my work.  Given that this situation only arises during CTF situations, the script works and I don't have to install anything.

I wrote it up a small script using bWAPP as my DB target to give an example of how to connect to a remote MySQL DB, querying a table for a partial expression.  The bWAPP "secret" column does not have a lot of data to query but if you throw in "a", you'll return two rows:

(1, u'A.I.M.', u'6885858486f31043e5839c735d99457f045affd0', u'bwapp-aim@mailinator.com', u'A.I.M. or Authentication Is Missing', None, 1, None, 1)
(2, u'bee', u'6885858486f31043e5839c735d99457f045affd0', u'bwapp-bee@mailinator.com', u'Any bugs?', None, 1, None, 1)

------

import mysql.connector

mydb = mysql.connector.connect(
host="192.168.0.49",
user="root",
passwd="bug",
database="bWAPP"
)
while True:
    table = 'users'
    print
    string = raw_input("[*] Enter search query: ")

    mycursor = mydb.cursor()

    mycursor.execute("SELECT * FROM "+table + " WHERE secret REGEXP '"+string+"'")
    myresult = mycursor.fetchall()

    for x in myresult:
        print(x)

Super simple web fuzzer with hard coded IP and wordlist using fake_useragent.  This script reads through the wordlist, checks the site with the combined url, and looks for 200 responses.  

#!/usr/bin/python
import requests
import io
from fake_useragent import UserAgent
ua = UserAgent()
user_agent = ua.random
host='http://192.168.90.27/'
filepath = 'wordlist.txt'
with open(filepath) as fp:
    line = fp.readline()
    while line:
        combined = host+line.strip()
        r = requests.get(combined, headers={'User-Agent': user_agent})
        if r.status_code == 200:
            print line.strip(),'\n',r
        line = fp.readline()