This challenge contains of a PCAP file with the following assignment:
You spied to find “Secret of Joseon which is previous dynasty of Korea”.
You got all main pages information to manage unrevealed secret of Joseon through network sniffing.
Open the file contained the secret of Joseon.
Answer : strupr(md5(password))
Dumping all the files in the PCAP file yields some HTML files and PDF files. One of them is password protected.
Trying pdfcrack with some random wordlists yielded no results. So we decided to create a custom word list for this challenge. The approach we took was to convert all the readable PDF’s and HTML files to text in a single file and then extracting all the words from that file.
$ (cat *.html ; for x in *.pdf; do pdftotext $x -; done) | grep -o -E '\S+' > words.txt $ pdfcrack korean_secret.pdf -w words.txt PDF version 1.6 Security Handler: Standard V: 4 R: 4 P: -3904 Length: 128 Encrypted Metadata: True FileID: 3f96dd275a3a594b9699307df9117b5f U: 774e894ba5544df616025fe657b3ac4e00000000000000000000000000000000 O: 215c67bf60b941032efc5e200d906082a394cad728608cad8aea351adaaa2718 found user-password: '28-letter'
Now we only need to convert the password to MD5 to get our key:
$ echo -n '28-letter' | md5sum | tr '[:lower:]' '[:upper:]' 23FB0EC48DF3EACABCA9E98E8CA24CD1
Final answer: 23FB0EC48DF3EACABCA9E98E8CA24CD1