Forensics
8/17/2025
by yeknom
scriptCTF
WriteUp
📋 Description
so sad cause no flag in pdf :(
🔗 Given Files
- challenge.pdf
💡 Walkthough
Initial Analysis First, let's examine the file structure:
file challenge.pdf
# PDF document, version 1.4, 1 pages
exiftool challenge.pdf
# Basic PDF metadata, nothing suspicious
Finding the Decoy
Using basic string extraction reveals a potential flag:
strings challenge.pdf | grep -i flag
# but no flag here :\)
# scriptCTF{this_is_def_the_flag_trust}
# i told u there's not flag here
However, this appears to be a decoy flag as the text suggests "no flag here" and "this is def the flag trust" seems suspicious.
Discovering the Hidden Content
The strings output also reveals an important annotation:
/Contents (maybe look between stream and endstream)
This hint suggests we need to examine the compressed streams within the PDF structure.