Prompt

We have captured an encrypted pdf from a hacker's FTP server. Decrypt it and find out what you can.

Walk-Through

This challenge involves cracking the password of an encrypted PDF. This is accomplished by first extracting the password hash from the PDF and then running a password cracking tool, such as hashcat or john. Once the password is recovered, enter it when opening the PDF to view the flag.

Guide

pdf2john comes preinstalled on Kali Linux and can be used to extract the password hash as follows:

pdf2john encrypted.pdf > hash.txt

Option 1: Cracking with Hashcat

As shown in the screenshot above, pdf2john includes the filename in front of the hash, which is not valid syntax for hashcat. Perform the following to delete the leading filename from the hash file:

cat hash.txt | cut -d ":" -f 2- > clean.txt

hashcat clean.txt -O -m 10700 -a 0 /usr/share/wordlists/rockyou.txt

hashcat clean.txt -m 10700 --show

Option 2: Cracking with John

john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt

john --show hash.txt

Tutorial Video

Watch our full Tutorial Video to learn more about how PDFs are encrypted and to see a walkthrough of how to solve this challenge:

Cyber Skyline Live: PDF Password Cracking

Are your PDFs secure? Just encrypting a PDF with a password isn’t enough to prevent someone from accessing its sensitive data - you need to use a complex, secure password. Join this episode of Cyber Skyline Live to learn how you can extract password hashes from PDFs and crack them to view their encrypted contents.

www.youtube.com

Questions

1. What is the password used to encrypt the pdf?

Use a password cracking tool to crack the password with the Rockyou wordlist.

2. What is the flag in the PDF?

Open the PDF using the cracked password to reveal the flag.

©️ 2026 Cyber Skyline. All Rights Reserved. Unauthorized reproduction or distribution of this copyrighted work is illegal.