This is one of those simple challenges which are a lot of fun. This one is a small tribute to Samuel Morse, the inventor of the Morse code. All you need is a PDF-cracker and a Morse code translator to grab the flag.
The first thing that needs to be done is downloading the 0ld is g0ld.zip file and extract the contents with the default password: hackthebox. When the archive is extracted you get a PDF-file which actually is a real PDF-file.
d0p4m1n3@cybertron: file 0ld\ is\ g0ld.pdf 0ld is g0ld.pdf: PDF document, version 1.6
When trying to open the PDF-file in a basic viewer it will ask for a password to open the document. Since we didn’t get any password for the, the challenge starts.
I downloaded a tool called pdfcrack which kan crack a password on a PDF-file based on a wordlist. It can be easilly installed using apt install.
apt install pdfcrack
After the installation I run the following command to start pdfcrack and do it’s thing on the PDF-file.
dfcrack -w /usr/share/wordlists/rockyou.txt 0ld\ is\ g0ld.pdf PDF version 1.6 Security Handler: Standard V: 2 R: 3 P: -1060 Length: 128 Encrypted Metadata: True FileID: 5c8f37d2a45eb64e9dbbf71ca3e86861 U: 9cba5cfb1c536f1384bba7458aae3f8100000000000000000000000000000000 O: 702cc7ced92b595274b7918dcb6dc74bedef6ef851b4b4b5b8c88732ba4dac0c Average Speed: 57791.3 w/s. Current Word: 'xxcarloxx' Average Speed: 57775.2 w/s. Current Word: '24865123' found user-password: 'jumanji69'
Well, there we have the password for the file. When entering this password I can now read the contents of the PDF. There is an image of Mr Morse in the document and if you look very closely at the bottom, there is a small Morse code present.
I enlarged the Morse code at the bottom to see it better.
Since I do not know any Morse code I ran it through an online Morse code decoder to get the actual text.
And there we have the value. Just convert it into a regular HTB-flag and we have this challenges succesfully solved.
[box type=”warning” align=”” class=”” width=””]All information in this post is for educational use only! Do not use it at others when you do not have explicit approval to do so. I am not responsible for your actions. Using this knowledge for illegal activities could land you in jail![/box]