PDF

Prompt

We have captured an encrypted pdf from a hacker's FTP server. Decrypt it and find out what you can.

encrypted.pdf531.9KB

Tutorial Video

Walk-Through

This challenge involves cracking the password of an encrypted PDF. This is accomplished by first extracting the password hash from the PDF and then running a password cracking tool, such as hashcat or john.

John

Hashcat

Extracting the Password Hash

pdf2john can be used to extract the password hash and it comes preinstalled in Kali Linux. 

pdf2john encrypted.pdf > hash.txt
Extracts the password of encrypted.pdf and saves it hash.txt

Cracking the Password Hash

You can then crack the password using hashcat or john.

Option 1: Hashcat

  1. Delete the leading filename from the hash file.

    2. This is necessary because pdf2john includes the filename in front of the hash, which is not valid syntax for hashcat. 

    cat hash.txt | cut -d ":" -f 2- > clean.txt
    Trims out the filename from hash.txt and saves the result into clean.txt
  2. Crack the password using the rockyou wordlist
    3. hashcat clean.txt -m 10700 -a 0 /usr/share/wordlists/rockyou.txt
    Runs a dictionary attack on the hashes in clean.txt. 10700 is the hash mode for this type of PDF password and can be identified using the hashcat documentation.
  1. View the cracked password
    2. hashcat clean.txt -m 10700 --show

Option 2: John

  1. Crack the password using the rockyou wordlist
    2. john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt
  1. View the cracked password
    2. john --show hash.txt

Questions

What is the password used to encrypt the pdf?

Use a password cracking tool to crack the password with the Rockyou wordlist.

What is the flag in the PDF?

Open the PDF using the cracked password to reveal the flag.

©️ 2024 Cyber Skyline. All Rights Reserved. Unauthorized reproduction or distribution of this copyrighted work is illegal.