26
Feb
2012

CODEGATE 2012 – Misc-3

This challenge contains of a PCAP file with the following assignment:

You spied to find “Secret of Joseon which is previous dynasty of Korea”.
You got all main pages information to manage unrevealed secret of Joseon through network sniffing.
Open the file contained the secret of Joseon.

Answer : strupr(md5(password))

Dumping all the files in the PCAP file yields some HTML files and PDF files. One of them is password protected.

Trying pdfcrack with some random wordlists yielded no results. So we decided to create a custom word list for this challenge. The approach we took was to convert all the readable PDF’s and HTML files to text in a single file and then extracting all the words from that file.

$ (cat *.html ; for x in *.pdf; do pdftotext $x -; done) | grep -o -E '\S+' > words.txt
$ pdfcrack korean_secret.pdf -w words.txt 
PDF version 1.6
Security Handler: Standard
V: 4
R: 4
P: -3904
Length: 128
Encrypted Metadata: True
FileID: 3f96dd275a3a594b9699307df9117b5f
U: 774e894ba5544df616025fe657b3ac4e00000000000000000000000000000000
O: 215c67bf60b941032efc5e200d906082a394cad728608cad8aea351adaaa2718
found user-password: '28-letter'

Now we only need to convert the password to MD5 to get our key:

$ echo -n '28-letter' | md5sum | tr '[:lower:]' '[:upper:]'
23FB0EC48DF3EACABCA9E98E8CA24CD1

Final answer: 23FB0EC48DF3EACABCA9E98E8CA24CD1

Comments are closed.