Hack the Box Challenge: 0ld is G0ld

Hint:  Old algorithms are not a waste, but are really precious... 


0ld is G0ld, hrm. At first glance, I'm thinking I may have to dust off my Basic or COBOL, or some other "older" language. The hint seems a little weird, not sure if it's an ESL (English as a Second Language) thing or something lost in translation, or if that is supposed to mean something to me. I have no idea at this point, so I'm just going to dive in!

Time to use wget to download the zip file and get it extracted.


I use the unzip command to extract 0ld_is_g0ld.zip. I enter the password from the website and proceed.



Using ls, I can see it gave me a PDF file. Let's see if we can open it! I use xdg-open "0ld is g0ld.pdf" and it launches Document Viewer with a password prompt. Nah, can't be this easy, let's try the same password for the zip file. Nope.

As I was still learning Linux and Kali, I decided to use some Google-Fu to find a good PDFcracker. I come across something called "pdfcrack". I bet this is used for cracking PDFs! While this isn't installed by default on Kali, it probably should be. Oh well, back to the terminal!

I already had this installed, so I couldn't exactly get screenshots for you. Nonetheless, here are the commands you'll need to install it.

apt-get update

apt-get install pdfcrack

Now that we have it installed, let's check the man pages for it.

man pdfcrack

That looks pretty straight forward, we'll want to use the -f and -w switches for our file to crack and the wordlist respectively. I cheated a little here - I was already aware of rockyou.txt, which is arguably the largest and best wordlist of leaked passwords. It’s almost 60 MB, so it might take a minute to download if you're on a slower connection like I am. Also, if you are a Windows user, do not try to open rockyou.txt in notepad, you will hate yourself for it. I downloaded it from Skull Security - you can see a lot of other wordlists available to download as well, up to you if you to start a collection. Once you've downloaded your wordlist, make sure you extract it before proceeding.

With our basic understanding of pdfcrack's switches and rockyou.txt in hand, we are off to the races!


This will take some time to run, I mean come on, that wordlist is huge. If you are like me and working on your infosec studies in the evening, you'll want to start this right before you head to bed.


Alright, pdfcrack has worked its magic and we have our password! Now let's take that password and try to open that PDF again.

Success! That password worked! Now let's see what we have here… It's a picture of a guy rocking an ascot, that's pretty cool. I don't recognize him right away, but scrolling down further and I see some periods and hyphens, or in this case, dots and dashes! Samuel Morse, you strapping young lad you, I was hoping you wouldn't be forgotten!! Sure enough, that's a picture of Mr. Samuel Morse, founder of Morse code. Morse code was pretty ingenious, just like braille. It's definitely worth researching this some, while it won't exactly be "important" to the world of infosec, the principles are exactly what we're trying to accomplish. You take a series of seemingly incomprehensible "data", in the case of Morse code, short beeps and long beeps, or short flashes of light and long flashes of light, and you compare it to the code chart to get your message. It's like using a code book to translate a secret message like they do in spy movies. This is really interesting stuff, and I hope that this "ancient" technology will not be lost. I was a little saddened when they removed it from the Technician license test for ham radios, but I was also glad that I wouldn't have to go back and find my old Boy Scout books to study!

Moving on, we've cracked the PDF and found ourselves with some Morse code. As a bonus challenge, you could translate each character using the chart on Wikipedia to get the flag. Or, you could just look for a Morse code translator on the Internet. I found one from Stephen C. Phillips that does the trick. Copy/paste the Morse code in and click Translate. A very honorable and fitting flag for such a fun challenge! You'll have to add HTB{} around the translated message to get a success message.

Congratulations on solving another challenge with me, until next time!

Comments

Post a Comment

Popular posts from this blog

Exporting BitLocker Recovery Keys From AD Using PowerShell

In preparation for migrating our workstations over to Microsoft BitLocker Administration Management (MBAM), I wanted to backup the recovery keys for my team's systems since we're testing and implementing it. In order to do this, I needed to write something that would pull in every computer in an OU in AD, then grab the msFVE-RecoveryInformation class for each object. I know, I know... there's better ways to create the PSObject. I've been mired in writing in PowerShell 2.0 to support the Windows XP systems here at the company. I know, I know... yes, we still have Windows XP. Yes, there are plans on moving to a supported OS. No, I don't know when that will be.
Read more

Hack the Box Challenge - Blackhole

Image
It looks like HTB has added a few new Miscellaneous challenges since my last post, time to get back to work! First on my list is Blackhole, a 20 point challenge with a hint of "A strange file has been discovered in Stephen Hawking's computer. Can you discover what it is?" Let's get started! I use wget to download the zip file, then unzip to extract it. After I enter the password, it looks like there's another archive in here, let's try to extract that one as well. Well, according the file manager, it has the folder icon, but when I run the file hawking command, it appears to be a jpeg - let's rename it and see what happens. Using the rename command, mv hawking hawking.jpg changes the extension to a jpeg. Now I can see a picture of Stephen Hawking with a nice quote, "Life would be tragic if it weren't funny." This is probably going to be a stego challenge, awesome! I'll use steghide like I did in the Milkshake challenge,
Read more

Hack the Box Challenge - You Can Do It!

Hint: The flag is in the format HTB{plaintext} Not much in the way of a hint, but let's get this show started! I download the zip file using wget , then extract it using unzip and the password provided. Just like the last Crypto challenge "Classic, yes complicated!", we're given a txt file that contains a "scrambled" string. I'm going to try to use ROT13 again to see if we have any luck. Nope, of course it wouldn't be THAT easy! I see the last character of this string is a "!". That's probably padding, so let's see what we can find. My research didn't find anything with padding, what else could it be? The first letter is "Y" and the last character is "!", same as the challenge name. I bet this is an anagram, off to find an online anagram solver! Searching online was a bust, but I was able to solve it by writing it out and crossing the letters as I used them. Just like the challenge, you can d
Read more