HomePlaygroundOSCPBuy Me a Flag 🚩

MetaPDF

Putting the PDF into pdf-parser.py, I found that there was an abnormally long object.

It appeared to have lots of ASCII characters encoded in hex, so I extracted the hex characters.

from Crypto.Util.number import *

stuff = 0xFEFF000000010061006D006F00390066006C00740064004F00320070007100500058007400660058003100380036004B007900740071006100690077006B004A00430051006B004F00690067006800570031003000720049006900490070005700320070007100580053007800660058007900510036004B007900740071006100690077006B0058007900520066004F0069006700680057003100300072004900690049007000570032007000710058005300780066004A004600380036004B007900740071006100690077006B005800790051006B004F006900680037006600530073006900490069006C00620061006D00700064004C00430051006B0058007900510036004B0047007000710057003200700071005800530073006900490069006C00620061006D00700064004C00460038006B004A0044006F0072004B003200700071004C00430051006B004A004600380036004B004300450069004900690073006900490069006C00620061006D00700064004C0043005200660058007A006F0072004B003200700071004C004300520066004A0044006F0072004B003200700071004C00430051006B0058003100380036004B004800740039004B007900490069004B0056007400710061006C00300073004A004300520066004F0069007300720061006D006F0073004A00430051006B004F0069007300720061006D006F0073004A0046003900660058007A006F0072004B003200700071004C0043005200660058007900510036004B0079007400710061006E003000370061006D006F0075004A004600380039004B004700700071004C0069005200660050005700700071004B007900490069004B005600740071006100690034006B0058007900520064004B0079006800710061006900350066004A004400310071006100690034006B005800310074007100610069003500660058007900520064004B00530073006F0061006D006F0075004A004300510039004B004700700071004C00690051007200490069004900700057003200700071004C006C00390066004A004600300070004B00790067006F0049005700700071004B00530073006900490069006C00620061006D006F0075005800790051006B005800530073006F0061006D006F007500580031003800390061006D006F0075004A0046003900620061006D006F0075004A00430052006600580053006B0072004B004700700071004C006900510039004B004300450069004900690073006900490069006C00620061006D006F0075005800310038006B00580053006B0072004B004700700071004C006C00380039004B004300450069004900690073006900490069006C00620061006D006F0075005800790052006600580053006B00720061006D006F0075004A0046003900620061006D006F0075004A00460038006B0058005300740071006100690035006600580079007400710061006900350066004A004300740071006100690034006B004F003200700071004C00690051006B0050005700700071004C006900510072004B004300450069004900690073006900490069006C00620061006D006F0075005800790051006B0058005300740071006100690035006600580079007400710061006900350066004B003200700071004C0069005100720061006D006F0075004A0043005100370061006D006F0075004A00440030006F0061006D006F00750058003100390066004B005600740071006100690034006B00580031003100620061006D006F0075004A004600390064004F003200700071004C00690051006F0061006D006F0075004A004300680071006100690034006B004A0043007300690058004300490069004B0079004A006300580043004900720061006D006F0075005800310038006B004B003200700071004C00690051006B0058007900740071006100690034006B004A0046003800720061006D006F0075004A00460038006B00580079007300690058004600770069004B003200700071004C006C00390066004A004300740071006100690034006B004A0046003800720061006D006F00750058007900520066004B0079004A006300580043004900720061006D006F0075004A004600390066004B003200700071004C006C0039006600580079007300690058004600770069004B003200700071004C006C00390066004A004300740071006100690034006B004A0046003800720061006D006F00750058003100390066004B003200700071004C006900520066004A0046003800720049006C007800630049006900740071006100690035006600580079005100720061006D006F0075004A00430051006B004B003200700071004C006C00390066004A00430073006F0049005600740064004B007900490069004B0056007400710061006900350066004A004600390064004B003200700071004C006C0038006B004B003200700071004C006900520066004A0046003800720061006D006F0075004A004300520066004A0043007300690058004600770069004B003200700071004C0069005200660058007900740071006100690035006600580031003800720049006A0031006300580043004900720061006D006F0075004A004600390066004B003200700071004C006C00390066005800790073006900580046007800630049006C007800630049006900740071006100690035006600580079005100720061006D006F0075004A00430051006B004B003200700071004C006C00390066004A004300740071006100690034006B0058007900520066004B003200700071004C00690051006B00580031003800720061006D006F007500580031003800720061006D006F0075004A00430051006B004A00430073006900650079004900720061006D006F0075004A004600390066004B003200700071004C00690051006B004A0043005100720061006D006F0075004A00460039006600580079007400710061006900350066004A0046003800720061006D006F0075004A00460038006B004A004300740071006100690034006B00580031003800720061006D006F0075004A004300520066004A004300740071006100690034006B0058007900520066004B003200700071004C00690051006B00580031003800720061006D006F0075005800790051006B004B003200700071004C006900520066004A004300740071006100690034006B004A0043005100720061006D006F0075004A00460038006B004A004300740071006100690034006B0058007900520066004B003200700071004C006C0038006B0058007900740071006100690034006B004A0046003800720061006D006F0075004A0046003900660058007900740071006100690034006B004A004300520066004B003200700071004C006C0038006B0058007900740071006100690034006B005800790051006B004B003200700071004C00690051006B004A0046003800720061006D006F0075004A004600390066004B003200700071004C006900520066004A0043005100720061006D006F0075004A00460038006B004B003200700071004C006C00390066004A004300740071006100690034006B004A0046003800720061006D006F0075004A0043005200660058007900740071006100690034006B0058003100390066004B003200700071004C006900520066004A0046003800720061006D006F0075004A0043005200660058007900740071006100690035006600580031003800720061006D006F00750058007900520066004B0079004A003900580046007800630049006A0074006300580043004900720061006D006F0075005800310038006B004B003200700071004C006C0038006B00580079007300690058004600770069004B003200700071004C006C00390066004A004300740071006100690034006B004A0046003800720061006D006F0075004A004300520066004B003200700071004C006900520066004A0046003800720049006C007800630049006900740071006100690035006600580079005100720061006D006F0075004A004300520066004B003200700071004C006C0038006B00580079007300690058004600770069004B003200700071004C0069005200660058007900740071006100690035006600580031003800720049006C007800630049006900740071006100690035006600580079005100720061006D006F0075004A00460038006B004B003200700071004C006C003900660058007900740071006100690034006B004A004300520066004B007900670068005700310030007200490069004900700057003200700071004C006C0038006B0058003100300072004B004300460062005800530073006900490069006C00620061006D006F0075005800790052006600580053007400710061006900350066004A0043007300690058004600770069004B003200700071004C0069005200660058007900740071006100690035006600580031003800720049006A0031006300580043004900720061006D006F0075004A004600390066004B003200700071004C006C0039006600580079007300690058004600770069004B003200700071004C006C00390066004A004300740071006100690034006B004A0046003800720061006D006F00750058003100390066004B003200700071004C006900520066004A0046003800720049006C007800630049006900740071006100690035006600580079005100720061006D006F0075004A00430051006B004B003200700071004C006C00390066004A00430073006F0049005600740064004B007900490069004B0056007400710061006900350066004A004600390064004B003200700071004C006C0038006B004B003200700071004C006900520066004A0046003800720061006D006F0075004A004300520066004A004300730069004C006C007800630049006900740071006100690035006600580079005100720061006D006F0075004A004300520066004B003200700071004C006C0038006B004A0043007400710061006900350066004B003200700071004C006900520066004A0043005100720049006C007800630049006900740071006100690035006600580079005100720061006D006F0075004A004300520066004B003200700071004C006C0038006B004A004300740071006100690035006600580079007300690058004600770069004B003200700071004C006C00390066004A004300740071006100690034006B004A0046003800720061006D006F00750058007900520066004B00790049006F0049006900740071006100690035006600580031003800720049006900770069004B003200700071004C0069005200660058007900730069004B00540074006300580043004900720061006D006F0075004A004600390066004B003200700071004C006C0039006600580079007300690058004600770069004B003200700071004C006C00390066004A0043007400710061006900350066004A0046003800720061006D006F0075004A00460038006B005800790073006F0049005600740064004B007900490069004B0056007400710061006900350066004A004600390064004B003200700071004C00690051006B004A0046003800720049006C007800630049006900740071006100690035006600580079005100720061006D006F0075004A004300520066004B003200700071004C006C0038006B005800790074007100610069003500660058007900730069004B0046007800630049006900740071006100690035006600580079005100720061006D006F0075004A00460038006B004B003200700071004C006C003900660058007900740071006100690034006B004A004300520066004B007900670068005700310030007200490069004900700057003200700071004C006C0038006B0058003100300072004B004300460062005800530073006900490069006C00620061006D006F0075005800790052006600580053007400710061006900350066004A004300730069004B005400730069004B0079004A00630049006900490070004B0043006B0070004B0043006B0037

for char in long_to_bytes(stuff):
    if char:
        print(chr(char), end='')

This gave me a base64 string:

Which decoded to obfuscated JavaScript:

When pasted into the console, this alerts yact. If we remove the final (), the function is shown.

The flag is yactf{4f82b4dac357ba268e2be4b516c8ac02}

PreviousSecretiveNextCrackme

Last updated

Was this helpful?