diff --git a/modules/vulnerabilities/unix/ctf/zip_file/manifests/init.pp b/modules/vulnerabilities/unix/ctf/zip_file/manifests/init.pp
index dda075e30..63e84b05d 100644
--- a/modules/vulnerabilities/unix/ctf/zip_file/manifests/init.pp
+++ b/modules/vulnerabilities/unix/ctf/zip_file/manifests/init.pp
@@ -3,6 +3,7 @@ class zip_file::init {
 
   $leaked_filename = $secgen_parameters['leaked_filename'][0]
   $base64_file = $secgen_parameters['base64_file'][0]
+  $mode = $secgen_parameters['mode'][0] # default is 0600
 
   if $secgen_parameters['account'] and $secgen_parameters['account'] != '' {
     $account = parsejson($secgen_parameters['account'][0])
@@ -19,5 +20,6 @@ class zip_file::init {
     base64_file       => $base64_file,
     owner             => $username,
     group             => $username,
+    mode              => $mode,
   }
-}
\ No newline at end of file
+}
diff --git a/modules/vulnerabilities/unix/ctf/zip_file/secgen_metadata.xml b/modules/vulnerabilities/unix/ctf/zip_file/secgen_metadata.xml
index b0e908645..4671b358a 100644
--- a/modules/vulnerabilities/unix/ctf/zip_file/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/ctf/zip_file/secgen_metadata.xml
@@ -21,6 +21,7 @@
   <read_fact>leaked_filename</read_fact>
   <read_fact>account</read_fact>
   <read_fact>storage_directory</read_fact>
+  <read_fact>mode</read_fact>
 
   <default_input into="base64_file">
     <generator type="zip_file_generator">
@@ -42,6 +43,10 @@
     <value>/var/log</value>
   </default_input>
 
+  <default_input into="mode">
+    <value>0600</value>
+  </default_input>
+
   <hint>A zip file has been leaked with a flag.</hint>
   <hint>If using a password, use the default dictionary from '/usr/share/john/password.lst'.</hint>
   <solution>Use the following command: fcrackzip -u -D -p /usr/share/john/password.lst filename.zip</solution>