Prompt

We have captured an encrypted pdf from a hacker's FTP server. Decrypt it and find out what you can.

encrypted.pdf531.9KB

Walk-Through

This challenge involves cracking the password of an encrypted PDF. This is accomplished by first extracting the password hash from the PDF and then running a password cracking tool, such as hashcat or john. Once the password is recovered, enter it when opening the PDF to view the flag.

Guide

pdf2john comes preinstalled on Kali Linux and can be used to extract the password hash as follows:

pdf2john encrypted.pdf > hash.txt

Extracts the password of encrypted.pdf and saves it hash.txt

The hash should look like this

Solution

Option 1: Cracking with Hashcat

As shown in the screenshot above, pdf2john includes the filename in front of the hash, which is not valid syntax for hashcat. Perform the following to delete the leading filename from the hash file:

cat hash.txt | cut -d ":" -f 2- > clean.txt

Trims out the filename from hash.txt and saves the result into clean.txt Alternatively, you could edit the text file and delete this from the hash.

Determine what hash mode is needed for PDF passwords using hashcat documentation, then crack the password using the Rockyou wordlist:

hashcat clean.txt -O -m 10700 -a 0 /usr/share/wordlists/rockyou.txt

Runs a dictionary attack on the hashes in clean.txt. Adding -O will help speed up the cracking process.

View the cracked password with the following command:

hashcat clean.txt -m 10700 --show

🚧

If you find that this is taking a long time to crack that may be because the solution is almost half-way through the Rockyou wordlist.

Option 2: Cracking with John

Crack the password using the Rockyou wordlist:

john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt

View the cracked password with the following command:

john --show hash.txt

Useful resources for this challenge:

John the Ripper: https://github.com/openwall/john
Hashcat example documentation: https://hashcat.net/wiki/doku.php?id=example_hashes
Use the Tutorial Video below

Tutorial Video

Watch our full Tutorial Video to learn more about how PDFs are encrypted and to see a walkthrough of how to solve this challenge:

Cyber Skyline Live: PDF Password Cracking

Are your PDFs secure? Just encrypting a PDF with a password isn’t enough to prevent someone from accessing its sensitive data - you need to use a complex, secure password. Join this episode of Cyber Skyline Live to learn how you can extract password hashes from PDFs and crack them to view their encrypted contents.

www.youtube.com

Cyber Skyline Live: PDF Password Cracking

Questions

1. What is the password used to encrypt the pdf?

Use a password cracking tool to crack the password with the Rockyou wordlist.

2. What is the flag in the PDF?

Open the PDF using the cracked password to reveal the flag.

Prompt

We have captured an encrypted pdf from a hacker's FTP server. Decrypt it and find out what you can.

encrypted.pdf531.9KB

Walk-Through

Guide

pdf2john comes preinstalled on Kali Linux and can be used to extract the password hash as follows:

pdf2john encrypted.pdf > hash.txt

Extracts the password of encrypted.pdf and saves it hash.txt

The hash should look like this

Solution

Option 1: Cracking with Hashcat

cat hash.txt | cut -d ":" -f 2- > clean.txt

Trims out the filename from hash.txt and saves the result into clean.txt Alternatively, you could edit the text file and delete this from the hash.

Determine what hash mode is needed for PDF passwords using hashcat documentation, then crack the password using the Rockyou wordlist:

hashcat clean.txt -O -m 10700 -a 0 /usr/share/wordlists/rockyou.txt

Runs a dictionary attack on the hashes in clean.txt. Adding -O will help speed up the cracking process.

View the cracked password with the following command:

hashcat clean.txt -m 10700 --show

🚧

If you find that this is taking a long time to crack that may be because the solution is almost half-way through the Rockyou wordlist.

Option 2: Cracking with John

Crack the password using the Rockyou wordlist:

john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt

View the cracked password with the following command:

john --show hash.txt

Useful resources for this challenge:

John the Ripper: https://github.com/openwall/john
Hashcat example documentation: https://hashcat.net/wiki/doku.php?id=example_hashes
Use the Tutorial Video below

Tutorial Video

Watch our full Tutorial Video to learn more about how PDFs are encrypted and to see a walkthrough of how to solve this challenge:

Cyber Skyline Live: PDF Password Cracking

www.youtube.com

PDF Cracking

Prompt

Walk-Through

Guide

Solution

Option 1: Cracking with Hashcat

Option 2: Cracking with John

Tutorial Video

Cyber Skyline Live: PDF Password Cracking

Questions

1. What is the password used to encrypt the pdf?

2. What is the flag in the PDF?

PDF Cracking

Prompt

Walk-Through

Guide

Solution

Option 1: Cracking with Hashcat

Option 2: Cracking with John

Tutorial Video

Cyber Skyline Live: PDF Password Cracking

Questions

1. What is the password used to encrypt the pdf?

2. What is the flag in the PDF?