Rating: 3.0

# Result

## Description

I really want to know my test result, but unfortunately its additionally protected. I attached the [email](Test_Result.eml). Maybe you can help?

## Solution

First of all let's open the email


There is an enctrypted pdf file

The password is your personal zipcode.

This hint about the password can simplify the challenge. On [Wikipedia](https://en.wikipedia.org/wiki/List_of_postal_codes_in_Germany) we found that in Germany there are approximately 100000 zip code, so let's create e list with all these zip code

with open("list.txt", "w") as f:
for i in range(0,100000):
print(i, file=f)

Now we can extract the hash with john and crack it

$ ./pdf2john.pl result.pdf > pdf.hash

$ cat pdf.hash

$ john pdf.hash --wordlist=list.txt
Using default input encoding: UTF-8
Loaded 1 password hash (PDF [MD5 SHA2 RC4/AES 32/64])
Cost 1 (revision) is 6 for all loaded hashes
Will run 8 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
73760 (result.pdf)
1g 0:00:00:12 DONE (2021-11-27 17:36) 0.07782g/s 5757p/s 5757c/s 5757C/s 73728..73983
Use the "--show --format=PDF" options to display all of the cracked passwords reliably
Session completed

All that remains is to use `73760` as a password to open the file


#### **FLAG >>** `CSR{BigBigEntropy}`

Original writeup (https://github.com/K1nd4SUS/CTF-Writeups/tree/main/CyberSecurityRumble_CTF_2021/Result).