HackTheBox Challenge Misc Writeup

Hack The Box Writeup: 0ld is g0ld

This is one of those simple challenges which are a lot of fun. This one is a small tribute to Samuel Morse, the inventor of the Morse code. All you need is a PDF-cracker and a Morse code translator to grab the flag.

The first thing that needs to be done is downloading the 0ld is g0ld.zip file and extract the contents with the default password: hackthebox. When the archive is extracted you get a PDF-file which actually is a real PDF-file.

d0p4m1n3@cybertron: file 0ld\ is\ g0ld.pdf 
0ld is g0ld.pdf: PDF document, version 1.6

When trying to open the PDF-file in a basic viewer it will ask for a password to open the document. Since we didn’t get any password for the, the challenge starts.

I downloaded a tool called pdfcrack which kan crack a password on a PDF-file based on a wordlist. It can be easilly installed using apt install.

apt install pdfcrack

After the installation I run the following command to start pdfcrack and do it’s thing on the PDF-file.

dfcrack -w /usr/share/wordlists/rockyou.txt 0ld\ is\ g0ld.pdf 
PDF version 1.6
Security Handler: Standard
V: 2
R: 3
P: -1060
Length: 128
Encrypted Metadata: True
FileID: 5c8f37d2a45eb64e9dbbf71ca3e86861
U: 9cba5cfb1c536f1384bba7458aae3f8100000000000000000000000000000000
O: 702cc7ced92b595274b7918dcb6dc74bedef6ef851b4b4b5b8c88732ba4dac0c
Average Speed: 57791.3 w/s. Current Word: 'xxcarloxx'
Average Speed: 57775.2 w/s. Current Word: '24865123'

found user-password: 'jumanji69'

Well, there we have the password for the file. When entering this password I can now read the contents of the PDF. There is an image of Mr Morse in the document and if you look very closely at the bottom, there is a small Morse code present.

I enlarged the Morse code at the bottom to see it better.

Since I do not know any Morse code I ran it through an online Morse code decoder to get the actual text.

And there we have the value. Just convert it into a regular HTB-flag and we have this challenges succesfully solved.

HTB{R1PSAMU3LM0RS3}


[box type=”warning” align=”” class=”” width=””]All information in this post is for educational use only! Do not use it at others when you do not have explicit approval to do so. I am not responsible for your actions. Using this knowledge for illegal activities could land you in jail![/box]

d0p4m1n3

Ethical Hacker | Cybersecurity enthusiast | Always looking to expand my knowledge | got root?

Add comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Your Header Sidebar area is currently empty. Hurry up and add some widgets.