Discovered

Problem

Description

Bob finds a pdf file. He is sure there is important content in it but the pdf file is locked. Can you help him? (Bracket the flag with FindITCTF{})

Solution

We're given a PDF with password protected. Let's extract the hash and crack the password using John The Ripper

$ pdf2john secret.pdf > hash
$ cat hash

secret.pdf:$pdf$44128*-1060116fce8559bd3fcc84ba72dbad5638fcc2032c71748896b9831a45b01a477b9970c980000000000000000000000000000000032*167b0cd8e21bbd37be65e1df44df6a7043f29c342635c1754fa81bc7fc029f7b

Next, we need to cut out the secret.pdf bit so it would look like this

$pdf$44128*-1060116fce8559bd3fcc84ba72dbad5638fcc2032c71748896b9831a45b01a477b9970c980000000000000000000000000000000032*167b0cd8e21bbd37be65e1df44df6a7043f29c342635c1754fa81bc7fc029f7b

With that done, we can start to crack the hash using john, we'll use the standard rockyou wordlist

$ john --wordlist=/usr/share/wordlists/rockyou.txt hash
$ john --show hash

?:LimitedEdition

1 password hash cracked, 0 left

Now we have retrieved the password, we can take a look of what's inside of the pdf file

Looks like we're presented with a emote cipher. After an intensive look up and bunch of wrong tool on the internet, we eventually stumbled upon this tool https://codepen.io/NostraDavid/pen/JjGBmxd. There we can supply the emotes and it'll do the job for us

in case anyone wants to copy the emotes

πŸ˜πŸ‘΄πŸ€” _ πŸ‘½πŸ˜ _ πŸ€―πŸ€‘πŸ‘΄πŸ€”_πŸ₯ΆπŸ” πŸ˜”πŸ₯΅πŸ€―πŸ€– _ πŸ‘΄πŸ˜πŸ€₯πŸ₯± _ 😐🀯🀯🀀 _ πŸ€”πŸ‘΄ _ πŸ€πŸ” πŸ˜πŸ€€ _ πŸ€”πŸ₯΅πŸ€―_πŸ˜”πŸ‘½πŸ€”πŸ€”πŸ€―πŸ€–πŸ˜

Flag

FindITCTF{not_an_emot_cipher_only_need_to_find_the_pattern}

PreviousNCS CipherNextFSOP

Last updated