PicoCTF: Secret of the Polyglot

Challenge: Secret of the Polygot

Difficulty: Easy

Category: Forensics

Goal: Extract the flag from this file.

Oh yes! A suspicious file must be downloaded! Basically, we have this file called "flag2of2-final.pdf" with this string of characters and likely a nice backdoor planted in our computer somewhere. :)

1n_pn9_&_pdf_2a6a1ea8}

Looking at the file properties, it seems like a larger file than what is depicted in the string above. Something must be hidden so I will use F12 to inspect the page.

The web inspector didn't reveal much. Especially not in terms of there being multiple types of code. Here we find a lot of html to look through. But its not telling me anything. There is a tag for the challenge that says "file_format". What does that mean in terms of this?

Lets look at it from a different perspective. Can I "cat" this file in the terminal?

I like this format better. I can't say that I understand what is going on in this file, but it's much easier to study like this. So I quickly scan the code. I see a bunch of encoded characters and then a bunch of objects. Then I notice quite a bit of metadata. But what is it I am missing? I scroll back to the top to start from the beginning. Did you notice it too? That is when I realized I loved this challenge. It is a picture, a PNG, not a PDF.

So lets open this with a picture viewer.

I'm using "Image Magick" as that is what my one option was.

Then I go to submit the flag. As I type it in the "Submit" box, I realize that this flag is incomplete.

picoCTF{f1u3n7_

What else could it be? I figured out it is not a PDF earlier when I discovered that it is a PNG file. But wait! A "polyglot". Perhaps just "multiple" instead of "multiple languages". We had that other clue at the beginning which mentioned "file_type". Multiple file types. Oh yeah! There was a random string of characters in the PDF that ended with the closed bracket I needed.

1n_pn9_&_pdf_2a6a1ea8}

Submitted the full flag and challenge complete! :)

Thanks for reading!