Use a tool like bkcrack to exploit the plaintext vulnerability. :
Check for a "Known Plaintext" candidate: If you have an unencrypted version of one of the files inside the ZIP (even if it's just a small part), you can recover the internal encryption keys.
After decrypting or cracking the password, extract the contents: unzip lucifer.zip .
bkcrack -C lucifer.zip -c [encrypted_file] -p [plaintext_file] Use code with caution. Copied to clipboard
If the archive uses (the legacy encryption), it is vulnerable to Biham-Biham known plaintext attacks.
If rockyou.txt fails, the password may be hidden in the challenge description or metadata (check with exiftool ).