AI-Driven ZIP Password Recovery with HexStrike-AI and Gemini-CLI
- Category: CTI
- Source article: https://medium.com/@1200km/ai-driven-zip-password-recovery-with-hexstrike-ai-and-gemini-cli-b8fc5c475ebc
- Published: 2025-12-25
- Preserved media: 6 image(s), including cover images, screenshots, diagrams, and infographics where present.
- Preserved technical blocks: 8 code/configuration block(s).
Ecosystem Fit
This page mirrors the original Medium article into the 1200km.com Docusaurus ecosystem. The original article flow, images, screenshots, infographics, and technical blocks are preserved from the export.
From Encrypted Archive to Flag Using LLM-Orchestrated Tooling
Overview
> This guide demonstrates how HexStrike-AI , orchestrated through Gemini-CLI , can autonomously solve a common security / CTF task:
> Recover the contents of an encrypted ZIP archive using a known password dictionary.
What makes this workflow different is not the tools themselves — buthow the AI reasons, pivots, and adaptswhen something fails.
This is afully authorized, local lab scenario.
Scenario
Objective
-
Open an encrypted ZIP file
-
Recover the password using a provided wordlist
-
Extract the contents and retrieve the flag
Inputs
-
Encrypted ZIP:
/home/andrey/secret_file.zip -
Password dictionary:
/home/andrey/Documents/passwords_list.txt
Tooling (via HexStrike-AI)
-
zip2john -
john -
unzip -
7z -
Standard Linux utilities
Step-by-Step Execution Flow
1. Task initiation (LLM-driven)
The user provides asingle high-level prompt:
Open
encrypted zip file
and
find the flag
using
the provided password list.
No commands. No tool selection. No manual troubleshooting.
2. Tool discovery & preparation
HexStrike-AI:
-
Determines that ZIP cracking requireshash extraction
-
Locates
zip2johnautomatically -
Verifies tool availability on the system
Key point: The AI doesenvironment discoverybefore acting.
3. ZIP hash extraction
Initial attempts fail due to incorrect paths.
HexStrike-AI:
-
Enumerates
/home -
Identifies the correct user (
andrey) -
Locates:
-
/home/andrey/secret_file.zip
Then successfully extracts the ZIP hash:
zip2john secret_file.
zip
> zip_hash.txt
4. Offline password cracking
HexStrike-AI selects the correct cracking strategy:
-
Offline attack (safe, fast, no lockouts)
-
Uses
johnwith the provided wordlist
john
--wordlist=passwords_list.txt zip_hash.txt
Result
Password found:
Israel123
5. First extraction attempt (failure handling)
The AI attempts:
unzip -
P
Israel123 secret_file
.zip
Failure occurs:
- Unsupported compression method (AES / method 99)
Critical behavior: HexStrike-AI doesnot stopand doesnot guess.
6. Adaptive pivot (tool switching)
HexStrike-AI:
-
Recognizes AES-encrypted ZIP
-
Checks for alternative tooling
-
Detects
7zis available -
Switches extraction method automatically
7z x -pIsrael123 secret_file.
zip
Extraction succeeds.
7. Flag retrieval
Final step:
cat
secret_file.txt
Flag recovered
Your
Flag
Final Result
ItemValueZIP PasswordIsrael123EncryptionZIP AESFlagYour FlagAttack TypeOffline dictionaryInteractionSingle promptManual interventionNone
Why This Matters
This isnotabout cracking ZIP files.
This example demonstrates howAI-driven execution changes security workflows:
What HexStrike-AI did autonomously
-
Identified the correct attack class
-
Located missing files
-
Corrected user errors
-
Selected appropriate tools
-
Pivoted when a tool failed
-
Completed the objective end-to-end
What the user did
-
Defined scope
-
Provided a wordlist
-
Issued one prompt
Key Takeaways
-
AI is not “running tools blindly”
-
It performsreasoned decision-making
-
Failures are treated as signals, not blockers
-
Tool chaining is dynamic, not scripted
-
This mirrors how areal junior pentester / analystworks — at machine speed
Defensive Perspective
From a blue-team standpoint, this highlights why:
-
Weak passwords remain dangerous even with “strong” encryption
-
Offline attacks bypass rate limits entirely
-
Password reuse and leaked wordlists are critical risks
Conclusion
This lab shows howHexStrike-AI + Gemini-CLIcan execute a complete security task:
> From problem definition → tool discovery → exploitation → validation → result
All driven byone prompt.
This is not automation replacing expertise. It isexpertise amplified.