Step 1: Click on the green button to Start the Lab
Step 2: Hack the URL or IP of the lab
Step 3: Use your skills and logic to find the flags!
challenge.pdf
from the challenge page to your local machine.file challenge.pdf
to confirm it's a valid PDF file.pdfinfo challenge.pdf
to view basic metadata information. This will show you the document properties, creation date, and other standard metadata fields.strings challenge.pdf | grep -i flag
to search for any obvious references to flags in the file.pdf-parser.py
from the pdf-tools suite: python3 pdf-parser.py challenge.pdf
pdfid.py challenge.pdf
to get a quick overview of PDF elements and potential security issues.python3 pdf-parser.py -a challenge.pdf
to see all objects with their content.exiftool challenge.pdf
to examine all metadata fields, including custom ones that might contain the flag.exiftool -a -u challenge.pdf
to show all tags including unknown ones./CustomFlag
in the PDF metadata.pdf-parser.py
to search for custom fields: python3 pdf-parser.py challenge.pdf | grep -i custom
/CustomFlag (ca36830f\0555bc4\0554cdb\055a0ca\055fde5bb1132bd)
/CustomFlag
field, you'll see the value: ca36830f\0555bc4\0554cdb\055a0ca\055fde5bb1132bd
\055
sequences are escaped hyphens in the PDF format. Each \055
represents a hyphen character.\055
sequences with hyphens: ca36830f-5bc4-4cdb-a0ca-fde5bb1132bd
ca36830f-5bc4-4cdb-a0ca-fde5bb1132bd
echo "ca36830f\0555bc4\0554cdb\055a0ca\055fde5bb1132bd" | sed 's/\\055/-/g'
peepdf challenge.pdf
and use the interactive commands to explore the PDF structure and metadata.pdftk challenge.pdf dump_data
to see all document information including custom fields.qpdf --show-pages challenge.pdf
to see page information and objects.strings challenge.pdf | grep -i customflag
to find the custom field directly.Sign-in to your account to access your hacking courses and cyber security labs.
Access all hacking courses and cyber security labs.