10 lines
1.1 KiB
Markdown
10 lines
1.1 KiB
Markdown
|
## Difficulty
|
||
|
|
Medium
|
||
|
|
## Category
|
||
|
|
Steganography
|
||
|
|
## How To Solve
|
||
|
|
When you try to open the PDF, you see that it asks for a password. Simply starting to brute force the password won't be a good idea. Instead, use the `strings` command to find a hint: `johns_zipcode`. Now, we don't know John's zipcode. We don't even know who John is. In fact, John is a hint to use the brute forcing tool John the Ripper. First, you need to obtain the password hash, by using a tool like `pdf2john`. Online tools are also available. After you got the hash, you can use `john` to crack the password. Since the password is a zipcode, you can restrict the brute-force attack to digits only: `john --incremental=digits hash.txt` (where `hash.txt` contains you password hash). You should have obtained the password: 29641.
|
||
|
|
|
||
|
|
You can now access the PDF file. Make an unlocked copy of the file to open it in an editor tool like Inkscape. After a bit of layer reordering and visibility toggeling, you should be able to see a string appear: `SUdDVEZ7U3AwdHQzZF9VRjB9`. This one is base64 encoded. Decode it with a tool like CyberChef to get the flag.
|
||
|
|
## Flag
|
||
|
|
`IGCTF{Sp0tt3d_UF0}`
|