Walks like a cat, barks like a dog

What makes Zebra, a Zebra? What makes Cow, a Cow? What makes Dog, a Dog? These are some tough questions. What's more tough is what makes a PDF file, a PDF? And what makes a PNG file, a PNG? I suppose only you can answer that.

For this challenge, we were given a file named trickery.pdf. On the surface, it looks like a standard .pdf file.

We ran the file command and it confirms that it is a pdf file.

file trickery.pdf

file trickery.pdf

Opening the file, we did not discover much. Nothing of interest. And so, we were skeptical. 🤔

content of trickery.pdf

The big hint that caught our eye was "Who decides that this is a PDF and some other file is an image?"

We ran a binwalk command on the trickery.pdf file and we found something interesting!!

binwalk trickery.pdf

Look what we have here! TWO Zlibs compressed data and THREE Zip files to extract?! And so we extracted trickery.pdf using this binwalk command. This is a little bit of steganography, eh? 🤫

binwalk -e trickery.pdf

extracted trickery.pdf

Inside the extracted folder, there were TWO files of interest!

• Trickery

• Trickery.class

extracted trickery

Additional Information: Running a .class file in Unix.

https://unix.stackexchange.com/questions/15333/run-java-classfile-from-terminal

We decided to run Trickery.class first by using the java command.

And we got a partial flag!! 🎉

java Trickery

Partial Flag: STANDCON22{f1l3_f0rm4ts_4r3_

Next, we took a look at the other Trickery file, used the file command and found out that it is an ELF file!

file Trickery

file Trickery

We then proceed to run the Trickery file and we managed to get the other partial flag!! 🎉😄

./Trickery

./Trickery

Final Flag: STANDCON22{f1l3_f0rm4ts_4r3_t00_d4mn_c0mpl!c4t3d}

Challenge Files

14KB

trickery.pdf

pdf