24th October 2021
hack the box challenge 0ld is g0ld write up by T13nn3s

0ld is g0ld Write-Up

In this post, I’m writing a write-up for the challenge 0ld is g0ld from Hack The Box. Hackthebox is an online platform to train your ethical hacking skills and penetration testing skills.

About 0ld is g0ld

This challenge is worth 10 points and has a (very) easy difficulty. This challenge has a short description:

Old algorithms are not a waste, but are really precious...

If I read this description carefully, can I deduce that it is old encryption? Anyway, I’m on the business windshield… Let’s get to work!

Take the Challenge

I first downloaded the zip file and unzipped it with the password hackthebox. After the extraction of the archive, I have one file 0ld is g0ld.pdf.

~$ unzip 0ld_is_g0ld.zip 
Archive:  0ld_is_g0ld.zip
[keys.zip] 0ld_is_g0ld.pdf password: 
  inflating: 0ld_is_g0ld.pdf  

It seems that this file is password protected. I use the tool pdfcrack to crack the password of this PDF-file. I use the wordlist rockyou.txt. I invoked the command below:

~$ pdfcrack "0ld is g0ld.pdf" --wordlist=/usr/share/wordlists/rockyou.txt
PDF version 1.6
Security Handler: Standard
V: 2
R: 3
P: -1060
Length: 128
Encrypted Metadata: True
FileID: 5c8f37d2a45eb64e9dbbf71ca3e86861
U: 9cba5cfb1c536f1384bba7458aae3f8100000000000000000000000000000000
O: 702cc7ced92b595274b7918dcb6dc74bedef6ef851b4b4b5b8c88732ba4dac0c
Average Speed: 29963.7 w/s. Current Word: 'poopfart1'
Average Speed: 15296.2 w/s. Current Word: 'juana1234'
dAverage Speed: 30442.3 w/s. Current Word: 'may895'
Average Speed: 31020.3 w/s. Current Word: 'HollyB090907'
Average Speed: 30698.2 w/s. Current Word: 'william-jair'
Average Speed: 30652.8 w/s. Current Word: 'tascione'
Average Speed: 30576.7 w/s. Current Word: 'sausainis'
Average Speed: 30687.5 w/s. Current Word: 'pomrakky'
Average Speed: 30994.0 w/s. Current Word: 'naniiboi'
Average Speed: 30155.2 w/s. Current Word: 'marah029'
Average Speed: 28859.2 w/s. Current Word: 'ladanisuper'
found user-password: 'jumanji69'

After a few minutes, the password is cracked jumanji69. It wasn’t very difficult.

I opened the pdf-file and the question ‘Remember Me?’ got revealed with a nice picture of Samuel Morse, the founder of morse code. Morse was founded in the year 1835. So, old is indeed gold…

When I look at the bottom of the page, there is a morse code that needs to be decrypted.

.-. .---- .--. ... .- -- ..- ...-- .-.. -- ----- .-. ... ...--

I did some Googling on decode morse and found the answer to one of my favorite websites: https://www.dcode.fr/morse-code. I pasted the morse code and changed the setting to “USE THE FOLLOWING 2 CHARACTERS FOR SHORT AND LONG”

On the left side, the decrypted message is readable. I placed the answer in the right format and I have the flag for this challenge: HTB{R1PSAMU3LM0RS3}.

Do you have enjoyed this writeup? Please consider spending some respect points: t13nn3s.

Happy hacking!

T13nn3s

I'm a cybersecurity enthusiast! I'm working as an IT Security Engineer for a company in The Netherlands. I love writing scripts and doing research and pentesting. As a big fan of Hack The Box, I share my write-ups on this blog. I'm blogging because I like to summarize my thoughts and share them with you.

View all posts by T13nn3s →

Leave a Reply

Your email address will not be published. Required fields are marked *