“Created by: syyntax
A sensitive file from De Monne was exfiltrated by mort1cia. It contains data relating to a new web portal they’re creating for their consumers. Read the contents of the file and return the flag as flag{flag_goes_here}.
Username: bl0ody_mary Password: d34df4c3
bloodbash.deadface.io:22 ”
Another Forensics challenge in this fun CTF. I personally struggled with this one because of a common mistake… overthinking lol
Once connected to the server, I can already tell what file we are talking about here:
The pdf file that talks about the Costumer Portal (tada!!!!). Now, I will skip the “overthinking” part of the struggle, but I will briefly explain the pain I went through. The thing I tried to do was to open it or see if there is any readable strings. Tried to download it with nc, use less to read it (bin not available). Use SSH commands to read it local, use xxd to extract it… and nothing worked…
HOWEVER… there was my mistake on the last one.. xxd .. such a wonderful tool.
By definition:
xxd — make a hexdump or do the reverse.
Interesting right … Yup! I went over the solution for this challenge… and I dug myself in a massive habit hole.
xxd allows us to turn the file into a hexdump… in which we can turn it back to pdf later on… So, we can get the hexdump of the pdf file:
Copy this info into our local computer… and use xxd to revert it:
No we can use xxd -r -p target.pdf (file I saved the hexdump), to recreate the pdf file from the server:
Now, we can open the file and get the flag.
flag{deM0nn3_dat4_4_us}
