The Wanted problem had the following description:
We recently discovered a suspicious forum post that could be attributed to Captain Crypto. It seems like he wanted to tell some secrets to his hacker companions by hiding it inside a file. You need to help our investigation by extracting the secrets from the document.
Look what I found recently on some filthy image board. I am not very amused. To everyone who supports my case - I packed an important message deep into this shady document. If you are clever enough you will find it!
There was a file to download; WANTED.pdf. Opening it revealed a very orange picture.
I tried opening it in a PDF viewer, Gimp and Open Office, but these tools didn't give me any further clues. I didn't have Adobe Acrobat, so I could not convert the file back for editing. I thought about looking for an open source PDF editor. But, I decided to first inspect the file using the
~/Downloads/ccwanted$ file WANTED.pdf
I thought that the output of the file command looked strange. So, I compared it against another pdf that I had on my computer.
~/Downloads/ccwanted$ file document.pdf
document.pdf: PDF document, version 1.4
This was definitely different. So, I decided to use
binwalk to analyze further. This revealed the following.
~/Downloads/ccwanted$ binwalk WANTED.pdf
DECIMAL HEXADECIMAL DESCRIPTION
27 0x1B Zip archive data, at least v2.0 to extract, compressed size: 146649, uncompressed size: 146649, name: WANTED.pdf
146716 0x23D1C Zip archive data, at least v2.0 to extract, compressed size: 7020, uncompressed size: 13864, name: YOU_NEED_TO_DIG_DEEPER
153912 0x25938 End of Zip archive
Looking at it, it seemed that I was not only dealing with a pdf, but I was also dealing with a zip archive. I tested this by using the
~/Downloads/ccwanted$ unzip WANTED.pdf
error [WANTED.pdf]: missing 67 bytes in zipfile
(attempting to process anyway)
replace WANTED.pdf? [y]es, [n]o, [A]ll, [N]one, [r]ename: r
new name: WANTED2.pdf
This left me with two interesting files: WANTED2.pdf and YOU_NEED_TO_DIG_DEEPER. I opened the second file, and it revealed the following image.
I went to https://passwordsgenerator.net/sha1-hash-generator/ and used the SHA-1 generator to calculate the hash for the flag. In the end, the flag was the following: