18 Pages Hdhub4u -

Our goal is to retrieve the hidden flag hidden somewhere inside the PDF. $ file 18pages.pdf 18pages.pdf: PDF document, version 1.7

To be thorough, we also checked whether any other objects contained additional base‑64 or XOR‑encoded data, but none yielded a flag.

A quick visual check shows a fairly clean document – a title page, a table of contents, and then a series of “chapter‑style” pages full of lorem‑ipsum text. Nothing suspicious at first glance. PDFs are made of a series of objects (streams, dictionaries, etc.). Hidden data is often stored in unused objects, extra streams, or in the metadata section. 18 Pages Hdhub4u

$ pdfinfo 18pages.pdf Title: 18 Pages Creator: LaTeX with hyperref Producer: pdfTeX-1.40.21 CreationDate: D:20260312123456-04'00' ModDate: D:20260312123500-04'00' Tagged: no Pages: 18 Encrypted: no Page size: 595.276 x 841.89 pts (A4) The file looks like an ordinary PDF with (as the title hints).

> echo "The flag is hidden in the zero‑filled stream." Again, a hint directing us toward Object 28. The flag we extracted from Object 28 matches the typical format for the platform (HTB…). Our goal is to retrieve the hidden flag

Category: Steganography / Forensics – PDF 1. Overview The challenge consists of a single file named 18pages.pdf (≈ 1 MB). The description on the challenge page simply says “18 Pages – Hdhub4u” and a point value of 300.

Thus the final flag for the challenge is: Nothing suspicious at first glance

Objects , 37 , and 61 are the most promising candidates for hidden data. 4. Analyzing the suspicious streams 4.1 Object 28 – “mostly zeros” $ pdf-parser -object 28 -raw 18pages.pdf > obj28.bin $ hexdump -C obj28.bin | head 00000000 78 9c 0b 00 00 00 02 00 00 00 00 00 00 00 00 00 |x...............| ... The stream is a Flate‑compressed block that, once decompressed, yields a 2048‑byte buffer full of 0x00 except for a few non‑zero bytes at the very end: