To sum up the challenge: we have three zip files — two are encrypted, and the third is an unencrypted version of one of them. Each zip contains several text files.

Let's try to do a known-plaintext attack (KPA) using bkcrack :

We retrieve the 3 secret keys, we try to use them to decrypt the second encrypted zip and redefine the password to "password" :

We obtain the flag in the data from the unencrypted "package2_" zip file.