1.1 KiB
Difficulty
Medium
Category
Steganography
How To Solve
When you try to open the PDF, you see that it asks for a password. Simply starting to brute force the password won't be a good idea. Instead, use the strings command to find a hint: johns_zipcode. Now, we don't know John's zipcode. We don't even know who John is. In fact, John is a hint to use the brute forcing tool John the Ripper. First, you need to obtain the password hash, by using a tool like pdf2john. Online tools are also available. After you got the hash, you can use john to crack the password. Since the password is a zipcode, you can restrict the brute-force attack to digits only: john --incremental=digits hash.txt (where hash.txt contains you password hash). You should have obtained the password: 29641.
You can now access the PDF file. Make an unlocked copy of the file to open it in an editor tool like Inkscape. After a bit of layer reordering and visibility toggeling, you should be able to see a string appear: SUdDVEZ7U3AwdHQzZF9VRjB9. This one is base64 encoded. Decode it with a tool like CyberChef to get the flag.
Flag
IGCTF{Sp0tt3d_UF0}