root@kali:~/ndh# file Cooper.exe
Cooper.exe: PE32 executable (GUI) Intel 80386, for MS Windows
root@kali:~/ndh#
Start Cooper.exe in msdos terminal :
check cooper.exe using foremost:
root@kali:~/ndh# foremost Cooper.exe
Configuration file: /etc/foremost.conf
------------------------------------------------------------------
File: Cooper.exe
Length: 760 KB (778413 bytes)
Num Name (bs=512) Size File Offset Comment
0: 00000969.zip 224 KB 496128
1: 00000000.exe 760 KB 0 03/09/2015 14:41:07
2: 00000000.pdf 756 KB 111
3 FILES EXTRACTED
zip:= 1
exe:= 1
pdf:= 1
------------------------------------------------------------------
Opening pdf file , its a protected file and corrupted .
root@kali:~/ndh/output/pdf# pdfcrack -w /usr/share/wordlists/rockyou.txt 00000000.pdf
PDF version 1.5
Security Handler: Standard
V: 2
R: 3
P: -1028
Length: 128
Encrypted Metadata: True
FileID: 001b62552dee6ce9fdc2b442e9f0cc0b
U: fdaee14bbe641f80b7e43e2b1b29358700000000000000000000000000000000
O: d03d46c7c843771542245350273096ebf319e82bbeb82a3326e43a2ccfeaf2ff
found user-password: 'sheldon'
root@kali:~/ndh/output/pdf#
Lets remove corruption :
root@kali:~/ndh/output/pdf# pdftocairo -pdf -upw sheldon 00000000.pdf flag.pdf
Error: PDF file is damaged - attempting to reconstruct xref table...
root@kali:~/ndh/output/pdf#
Opening flag.pdf :
Flag is : StephenHawkingSpenttimeOnSteganoTrolling
NB: we resolve this after the challenge was finished we spent time to analyse the zip file :(.
No comments:
Post a Comment