Jannah Theme License is not validated, Go to the theme options page to validate the license, You need a single license for each domain name.
Writeups

Hack The Box Writeup: 0ld is g0ld

This is one of those simple challenges which are a lot of fun. This one is a small tribute to Samuel Morse, the inventor of the Morse code. All you need is a PDF-cracker and a Morse code translator to grab the flag.

The first thing that needs to be done is downloading the 0ld is g0ld.zip file and extract the contents with the default password: hackthebox. When the archive is extracted you get a PDF-file which actually is a real PDF-file.

d0p4m1n3@cybertron: file 0ld\ is\ g0ld.pdf 
0ld is g0ld.pdf: PDF document, version 1.6

When trying to open the PDF-file in a basic viewer it will ask for a password to open the document. Since we didn’t get any password for the, the challenge starts.

I downloaded a tool called pdfcrack which kan crack a password on a PDF-file based on a wordlist. It can be easilly installed using apt install.

apt install pdfcrack

After the installation I run the following command to start pdfcrack and do it’s thing on the PDF-file.

dfcrack -w /usr/share/wordlists/rockyou.txt 0ld\ is\ g0ld.pdf 
PDF version 1.6
Security Handler: Standard
V: 2
R: 3
P: -1060
Length: 128
Encrypted Metadata: True
FileID: 5c8f37d2a45eb64e9dbbf71ca3e86861
U: 9cba5cfb1c536f1384bba7458aae3f8100000000000000000000000000000000
O: 702cc7ced92b595274b7918dcb6dc74bedef6ef851b4b4b5b8c88732ba4dac0c
Average Speed: 57791.3 w/s. Current Word: 'xxcarloxx'
Average Speed: 57775.2 w/s. Current Word: '24865123'

found user-password: 'jumanji69'

Well, there we have the password for the file. When entering this password I can now read the contents of the PDF. There is an image of Mr Morse in the document and if you look very closely at the bottom, there is a small Morse code present.

I enlarged the Morse code at the bottom to see it better.

Since I do not know any Morse code I ran it through an online Morse code decoder to get the actual text.

And there we have the value. Just convert it into a regular HTB-flag and we have this challenges succesfully solved.

HTB{R1PSAMU3LM0RS3}


All information in this post is for educational use only! Do not use it at others when you do not have explicit approval to do so. I am not responsible for your actions. Using this knowledge for illegal activities could land you in jail!


Tags

d0p4m1n3

Ethical Hacker | Cybersecurity enthusiast | Always looking to expand my knowledge | got root?

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
%d bloggers like this: