Skip to main content
R4shSec
R4shSec

picoCTF WriteUp | Riddle Registry

·1 min· loading · loading ·
CTF PicoCTF Easy Forensics PicoMini by CMU-Africa WriteUps
R4shSec
Author
R4shSec
I like it when things work how they’re not supposed to.
Table of Contents

Introduction
#

Hey everyone 👋 — In this Capture The Flag (CTF), we’re given a PDF Document that supposedly contains a flag within the metadata.

CTF Capture

PDF File
#

After downloading the PDF file named, confidential.pdf, we can see some contents in that PDF file. However, this is just a distraction. For easier understanding, metadata is essentially what’s hidden inside that PDF file.

PDF Document

Metadata
#

What’s hidden inside that PDF file? — You can use something called an EXIF Viewer to check the file metadata. In this tutorial, I’ll use an online tool called EXIF Tools. Checking the file metadata, we can see something that’s suspiciously encoded in the PDF metadata, Author, section that looks like it’s encoded in Base64.

EXIF
cGljb0NURntwdXp6bDNkX20zdGFkYXRhX2YwdW5kIV9jMjA3MzY2OX0=

Decoding
#

We can use an online Base64 Decoding tool. I personally use Jam Dev Utilities thanks to it’s wide range of tools I can utilize. Decoding the Base64, we got the flag 🎉

Flag

Flag 🚩
#

picoCTF{puzzl3d_m3tadata_f0und!_c2073669}