Note to fellow-HTBers: Only write-ups of retired HTB machines or challenges are allowed.

Challenge info

0ld is g0ld [by subzer0x0]
Old algorithms are not a waste, but are really precious…

The challenge

We start of by downloading the fs0ciety.zip file and verifying it’s sha256sum with the hash displayed on the challenge page.

$ sha256sum 0ld_is_g0ld.zip 
26961d9545f97bdd8effbfd95038dca84281728d2200c5767e8ad9b94989def1  0ld_is_g0ld.zip

We then procedd to unzip this file using the password provided on the challenge page. This will give us a PDF file.

$ unzip 0ld_is_g0ld.zip 
Archive:  0ld_is_g0ld.zip
[0ld_is_g0ld.zip] 0ld is g0ld.pdf password: 
  inflating: 0ld is g0ld.pdf

This PDF is password protected.

‘0ld is g0ld.pdf’ requires a password before it can be opened

Analysing the PDF

If you don’t have experience with analysing PDF files, I recommend you go an visit Didier Stevens’ blog. Didier has built some amazing tools to analyse PDF and OLE documents.
The following blog post might be particularly interesting for this challenge: https://blog.didierstevens.com/2017/12/26/cracking-encrypted-pdfs-part-1/.

We use some of Didier Stevens’ tools to analyse the PDF as to gain some insight on the PDF password protection / encryption technique used here.

$ ~/Documents/Tools/DidierStevens/pdfid.py '0ld is g0ld.pdf'
PDFiD 0.2.5 0ld is g0ld.pdf
 PDF Header: %PDF-1.6
 obj                   15
 endobj                15
 stream                 5
 endstream              5
 xref                   2
 trailer                2
 startxref              2
 /Page                  1
 /Encrypt               2
 /ObjStm                1
 /JS                    0
 /JavaScript            0
 /AA                    0
 /OpenAction            0
 /AcroForm              0
 /JBIG2Decode           0
 /RichMedia             0
 /Launch                0
 /EmbeddedFile          0
 /XFA                   0
 /URI                   0
 /Colors > 2^24         0
$ ~/Documents/Tools/DidierStevens/pdf-parser.py -s Encrypt '0ld is g0ld.pdf' 
trailer
  <<
    /Size 45
    /Root 1 0 R
    /Info 10 0 R
    /ID [<5C8F37D2A45EB64E9DBBF71CA3E86861><5C8F37D2A45EB64E9DBBF71CA3E86861>]
    /Encrypt 43 0 R
  >>

trailer
  <<
    /Size 45
    /Root 1 0 R
    /Info 10 0 R
    /ID [<5C8F37D2A45EB64E9DBBF71CA3E86861><5C8F37D2A45EB64E9DBBF71CA3E86861>]
    /Encrypt 43 0 R
    /Prev 196676
    /XRefStm 196344
  >>

$ ~/Documents/Tools/DidierStevens/pdf-parser.py -o 43 '0ld is g0ld.pdf' 
obj 43 0
 Type: 
 Referencing: 

  <<
    /CF
      <<
        /StdCF
          <<
            /AuthEvent /DocOpen
            /CFM /AESV2
            /Length 16
          >>
      >>
    /Filter /Standard
    /Length 128
    /O <702CC7CED92B595274B7918DCB6DC74BEDEF6EF851B4B4B5B8C88732BA4DAC0C>
    /P -1060
    /R 4
    /StmF /StdCF
    /StrF /StdCF
    /U <9CBA5CFB1C536F1384BBA7458AAE3F8100000000000000000000000000000000>
    /V 4
  >>

Note that the key lenght is 128 bits. As indicated in the file header we’re dealing with a PDF that was created using the PDF-1.6 standard.

Cracking the password

As with the previous challenge, we create a hash file. But since we’ll be using hashcat this time, we’ll need to strip some data from the hash file.

$ /usr/share/john/pdf2john.pl '0ld is g0ld.pdf' > /tmp/encrypted.hash
$ cat /tmp/encrypted.hash 
0ld is g0ld.pdf:$pdf$4*4*128*-1060*1*16*5c8f37d2a45eb64e9dbbf71ca3e86861*32*9cba5cfb1c536f1384bba7458aae3f8100000000000000000000000000000000*32*702cc7ced92b595274b7918dcb6dc74bedef6ef851b4b4b5b8c88732ba4dac0c

$ awk -F: '{ print $2 }' /tmp/encrypted.hash | tee /tmp/encrypted.hashcat
$pdf$4*4*128*-1060*1*16*5c8f37d2a45eb64e9dbbf71ca3e86861*32*9cba5cfb1c536f1384bba7458aae3f8100000000000000000000000000000000*32*702cc7ced92b595274b7918dcb6dc74bedef6ef851b4b4b5b8c88732ba4dac0c

We then run hashcat using the following parameters:
-m 10500 = “PDF 1.4 - 1.6 (Acrobat 5 - 8)” hash mode
-a 0 = “Straight” attack mode

$ sudo hashcat -m 10500 -a 0 --force /tmp/encrypted.hashcat /usr/share/wordlists/rockyou.txt
[...]
Dictionary cache hit:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 14344385

$pdf$4*4*128*-1060*1*16*5c8f37d2a45eb64e9dbbf71ca3e86861*32*9cba5cfb1c536f1384bba7458aae3f8100000000000000000000000000000000*32*702cc7ced92b595274b7918dcb6dc74bedef6ef851b4b4b5b8c88732ba4dac0c:jumanji69
[...]

Getting the flag

We can now open the PDF file using our default PDF viewer, decrypting it using the password we just discovered.

$ xdg-open 0ld\ is\ g0ld.pdf

The PDF contains a picture of Samuel Morse which is a hint as to how we can retrieve the flag.

Samuel Morse, co-developer of Morse code

Scrolling further down the document (and zooming in) reveals a series of dots and dashes, i.e. morse code.

.-. .---- .--. ... .- -- ..- ...-- .-.. -- ----- .-. ... ...--

Converting this code using an online Morse code converter (e.g. https://morsecode.scphillips.com/translator.html) finally gives us the flag.
Note that you’ll need to format this to fit the Hack The Box syntax requirements.

R1PSAMU3LM0RS3
==> HTB{R1PSAMU3LM0RS3}