Discovered

Problem

Description

Bob finds a pdf file. He is sure there is important content in it but the pdf file is locked. Can you help him? (Bracket the flag with FindITCTF{})

Solution

We're given a PDF with password protected. Let's extract the hash and crack the password using John The Ripper

$ pdf2john secret.pdf > hash
$ cat hash

secret.pdf:$pdf$44128*-1060116fce8559bd3fcc84ba72dbad5638fcc2032c71748896b9831a45b01a477b9970c980000000000000000000000000000000032*167b0cd8e21bbd37be65e1df44df6a7043f29c342635c1754fa81bc7fc029f7b

Next, we need to cut out the secret.pdf bit so it would look like this

$pdf$44128*-1060116fce8559bd3fcc84ba72dbad5638fcc2032c71748896b9831a45b01a477b9970c980000000000000000000000000000000032*167b0cd8e21bbd37be65e1df44df6a7043f29c342635c1754fa81bc7fc029f7b

With that done, we can start to crack the hash using john, we'll use the standard rockyou wordlist

$ john --wordlist=/usr/share/wordlists/rockyou.txt hash
$ john --show hash

?:LimitedEdition

1 password hash cracked, 0 left

Now we have retrieved the password, we can take a look of what's inside of the pdf file

pdf contents

Looks like we're presented with a emote cipher. After an intensive look up and bunch of wrong tool on the internet, we eventually stumbled upon this tool https://codepen.io/NostraDavid/pen/JjGBmxd. There we can supply the emotes and it'll do the job for us

in case anyone wants to copy the emotes

😐👴🤔 _ 👽😐 _ 🤯🤑👴🤔_🥶🔠😔🥵🤯🤖 _ 👴😐🤥🥱 _ 😐🤯🤯🤤 _ 🤔👴 _ 🍤🔠😐🤤 _ 🤔🥵🤯_😔👽🤔🤔🤯🤖😐

Flag

FindITCTF{not_an_emot_cipher_only_need_to_find_the_pattern}