GNU/Linux


How NOT to solve the IEEE Day Badge Challenge

Recently, we were taking the IEEE Day Badge Challenge in https://ieee-collabratec.ieee.org/. We wanted to give another go on solving the clues, so instead of following the clues to open the encrypted and password-protected PDFs, we got the clue that the password is composed only of numeric digits and we used pdfcrack to open the files!

We installed pdfcrack using the following command:

sudo apt-get install pdfcrack;
$ sudo apt-get install pdfcrack
[sudo] password for bob: 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  pdfcrack
0 upgraded, 1 newly installed, 0 to remove and 28 not upgraded.
Need to get 31,0 kB of archives.
After this operation, 90,1 kB of additional disk space will be used.
Get:1 http://cy.archive.ubuntu.com/ubuntu focal/universe amd64 pdfcrack amd64 0.18-2 [31,0 kB]
Fetched 31,0 kB in 1s (40,1 kB/s)
Selecting previously unselected package pdfcrack.
(Reading database ... 452721 files and directories currently installed.)
Preparing to unpack .../pdfcrack_0.18-2_amd64.deb ...
Unpacking pdfcrack (0.18-2) ...
Setting up pdfcrack (0.18-2) ...
Processing triggers for man-db (2.9.1-1) ...

To crack the files, we used the following commands that limited the input to the numeric digits and got the password back in seconds on a normal CPU:

pdfcrack -f IEEE+Day+2021+Clue++3.pdf -c 0123456789;
[email protected]:~$ pdfcrack -f IEEE+Day+2021+Clue++3.pdf -c 0123456789
PDF version 1.7
Security Handler: Standard
V: 2
R: 3
P: -1060
Length: 128
Encrypted Metadata: True
FileID: 79c15a021438224ba4df58b0e7fa9a20
U: 4990feee0d63f411cf4eba3c1346ff2100000000000000000000000000000000
O: cc5e6a95577573cac6f6683d4c7f02d6605fe42e5622feb6dc36636263ba838e
found user-password: '490000'

[email protected]:~$ pdfcrack -f IEEE+Day+2021+Clue++5.pdf -c 0123456789
PDF version 1.7
Security Handler: Standard
V: 2
R: 3
P: -1060
Length: 128
Encrypted Metadata: True
FileID: cf72bd9b3fb24145a6d2b578fa52c0e4
U: 8cd5ea45b59168ca10674bdd81f06f5800000000000000000000000000000000
O: 70301a6ff93ac7a91c28895180e8ad57a41388d2b7f3a813b83f4b3fd5274945
Average Speed: 49297.7 w/s. Current Word: '348478'
found user-password: '1470000'

Information on the version we used is below:

$ apt info pdfcrack
Package: pdfcrack
Version: 0.18-2
Priority: optional
Section: universe/utils
Origin: Ubuntu
Maintainer: Ubuntu Developers <[email protected]>
Original-Maintainer: Joao Eriberto Mota Filho <[email protected]>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 90,1 kB
Depends: libc6 (>= 2.14)
Suggests: pdf-viewer
Homepage: http://pdfcrack.sf.net
Download-Size: 31,0 kB
APT-Manual-Installed: yes
APT-Sources: http://cy.archive.ubuntu.com/ubuntu focal/universe amd64 Packages
Description: PDF files password cracker
 PDFCrack is a simple tool for recovering passwords from pdf-documents.
 .
 It should be able to handle all pdfs that uses the standard security handler
 but the pdf-parsing routines are a bit of a quick hack so you might stumble
 across some pdfs where the parser needs to be fixed to handle.
 .
 The main PDFCrack features are:
 .
   - Supports the standard security handler (revision 2, 3 and 4) on all known
     PDF-versions.
   - Supports cracking both owner and userpasswords.
   - Both wordlists and bruteforcing the password are supported.
   - Simple permutations (currently only trying first character as Upper Case).
   - Save and load a running job.
   - Simple benchmarking.
   - Optimised search for owner-password when user-password is known.
 .
 This program can be used in forensics investigations or similar activities,
 to legal password crack.

Ubuntu: The file content is encrypted, but currently not supported

While trying to extract a password protected/encrypted 7-Zip archive on a fresh Ubuntu 20.04 LTS, we got the following error:

An error occurred while extracting files. The file content is encrypted, but currently not supported.

To fix the problem, we just installed the p7zip-full package using the apt command.

sudo apt-get install p7zip-full;

After that, we were prompted as expected to input the decryption password and we were able to extract the archive.

Below is the information of the package that was retrieved by apt info.

sudo apt info p7zip-full
[sudo] password for bob: 
Package: p7zip-full
Version: 16.02+dfsg-7build1
Priority: optional
Section: universe/utils
Source: p7zip
Origin: Ubuntu
Maintainer: Ubuntu Developers <[email protected]>
Original-Maintainer: Robert Luberda <[email protected]>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 4887 kB
Depends: p7zip (= 16.02+dfsg-7build1), libc6 (>= 2.14), libgcc-s1 (>= 3.0), libstdc++6 (>= 5)
Suggests: p7zip-rar
Breaks: p7zip (<< 15.09+dfsg-3~)
Replaces: p7zip (<< 15.09+dfsg-3~)
Homepage: http://p7zip.sourceforge.net/
Task: kubuntu-desktop, kubuntu-full, xubuntu-desktop, lubuntu-desktop, ubuntustudio-desktop, ubuntukylin-desktop, ubuntu-mate-core, ubuntu-mate-desktop
Download-Size: 1187 kB
APT-Manual-Installed: yes
APT-Sources: http://cy.archive.ubuntu.com/ubuntu focal/universe amd64 Packages
Description: 7z and 7za file archivers with high compression ratio
 p7zip is the Unix command-line port of 7-Zip, a file archiver that
 handles the 7z format which features very high compression ratios.
 .
 p7zip-full provides utilities to pack and unpack 7z archives within
 a shell or using a GUI (such as Ark, File Roller or Nautilus).
 .
 Installing p7zip-full allows File Roller to use the very efficient 7z
 compression format for packing and unpacking files and directories.
 Additionally, it provides the 7z and 7za commands.
 .
 List of supported formats:
   - Packing / unpacking: 7z, ZIP, GZIP, BZIP2, XZ and TAR
   - Unpacking only: APM, ARJ, CAB, CHM, CPIO, CramFS, DEB, DMG, FAT,
     HFS, ISO, LZH, LZMA, LZMA2, MBR, MSI, MSLZ, NSIS, NTFS, RAR (only
     if non-free p7zip-rar package is installed), RPM, SquashFS, UDF,
     VHD, WIM, XAR and Z.
 .
 The dependent package, p7zip, provides 7zr, a light version of 7za,
 and p7zip, a gzip-like wrapper around 7zr.

Ubuntu – Overwrite dockerd default settings

Trying to create a new bridge on docker, we got the following error

$ docker-compose up -d;
Creating network "docker-compose_new_bridge" with driver "bridge"
ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network

After investigating, we realized that it was due to some default limitations of docker that did not allow more virtual networks to be created. To overcome the problem, we read that we had to give access to more address space using the /etc/docker/daemon.json.

On Ubuntu that file did not exist so we created it and copied the following content to it:

{
  "default-address-pools": [
    {
      "base": "172.80.0.0/16",
      "size": 24
    },
    {
      "base": "172.90.0.0/16",
      "size": 24
    }
  ]
}

Source: https://docs.docker.com/engine/reference/commandline/dockerd/

This configuration allowed Docker to reserve the network address space 172.80.[0-255].0/24 and 172.90.[0-255].0/24, that provided the daemon a total of 512 networks each owning 256 addresses.

To apply the changes to the daemon, we restarted it:

sudo systemctl restart docker.service;

and then we applied our changes to our docker ecosystem:

docker-compose up -d;

Ubuntu how clear journal logs and free up some disk space

On a machine that has Ubuntu 20.04LTS was recently running out of space, while using the Disk Usage Analysis tool we noticed that /var/log/journal was taking a bit more than 4 GB.

We knew that the machine was not hosting any kind of public service nor did it have any hardware problems, so we decided to clear up old logs. To do so, we used the following command that removed all logs that were older than two days.

sudo journalctl --vacuum-time=2d;

The result was great as it saved 3.9 GB of space:

Vacuuming done, freed 3.9G of archived journals from /var/log/journal/ee4a566eacf347dbb47e03b3f33821a1.

More information on journalctl can be found here. You can find more options on removing old logs, for example limiting the total size of logs that you want to keep, using this variation which will keep only 50 MB of data:

sudo journalctl --vacuum-size=50M;

How to retrieve the SSL cert expiration date from a PEM encoded certificate?

We use the following command to get the ending date of PEM encoded certificates that are generated using certbot and Let's Encrypt:

openssl x509 -enddate -noout -in fullchain.pem;

To get a list of all certificates and their expiration dates, we issue the following find command that executes the above snippet on each result while printing the name of the file first.

find ~/certificates/ -name "fullchain.pem" -print -exec openssl x509 -enddate -noout -in '{}' \;

In this example, the certificates are in our home folder under the name ‘certificates’. The results will look like the following sample:

/home/tux/certificates/example.com/fullchain.pem
notAfter=Aug 22 10:12:55 2021 GMT
/home/tux/certificates/site2.example.com/fullchain.pem
notAfter=Nov 22 03:22:44 2021 GMT