Home Hearing Test Audiometer Speech Hearing Test Hearing Loss Simulator Projected Hearing Loss Overall Hearing Loss Score Sound Meter Tinnitus Matching Tinnitus Frequency Finder Tinnitus Treatment Pulsatile Tinnitus & Ear Clicking Hyperacusis Hearing Test Custom White Noise Generator Plot Spectrum Aversive Sound Generator Store
ear logo
Check Hearing: Online Audiometry

www.CheckHearing.org

Audiometry Anywhere for All
Brought to You by Fauquier ENT

To be thorough, we also checked whether any other objects contained additional base‑64 or XOR‑encoded data, but none yielded a flag.

Our goal is to retrieve the hidden flag hidden somewhere inside the PDF. $ file 18pages.pdf 18pages.pdf: PDF document, version 1.7

Category: Steganography / Forensics – PDF 1. Overview The challenge consists of a single file named 18pages.pdf (≈ 1 MB). The description on the challenge page simply says “18 Pages – Hdhub4u” and a point value of 300.

Objects , 37 , and 61 are the most promising candidates for hidden data. 4. Analyzing the suspicious streams 4.1 Object 28 – “mostly zeros” $ pdf-parser -object 28 -raw 18pages.pdf > obj28.bin $ hexdump -C obj28.bin | head 00000000 78 9c 0b 00 00 00 02 00 00 00 00 00 00 00 00 00 |x...............| ... The stream is a Flate‑compressed block that, once decompressed, yields a 2048‑byte buffer full of 0x00 except for a few non‑zero bytes at the very end:

A quick visual check shows a fairly clean document – a title page, a table of contents, and then a series of “chapter‑style” pages full of lorem‑ipsum text. Nothing suspicious at first glance. PDFs are made of a series of objects (streams, dictionaries, etc.). Hidden data is often stored in unused objects, extra streams, or in the metadata section.

> echo "The flag is hidden in the zero‑filled stream." Again, a hint directing us toward Object 28. The flag we extracted from Object 28 matches the typical format for the platform (HTB…).

$ pdf-parser -dump 18pages.pdf > pdf_objects.txt The dump revealed the following interesting points:


18 Pages Hdhub4u 【Best】

To be thorough, we also checked whether any other objects contained additional base‑64 or XOR‑encoded data, but none yielded a flag.

Our goal is to retrieve the hidden flag hidden somewhere inside the PDF. $ file 18pages.pdf 18pages.pdf: PDF document, version 1.7 18 Pages Hdhub4u

Category: Steganography / Forensics – PDF 1. Overview The challenge consists of a single file named 18pages.pdf (≈ 1 MB). The description on the challenge page simply says “18 Pages – Hdhub4u” and a point value of 300. To be thorough, we also checked whether any

Objects , 37 , and 61 are the most promising candidates for hidden data. 4. Analyzing the suspicious streams 4.1 Object 28 – “mostly zeros” $ pdf-parser -object 28 -raw 18pages.pdf > obj28.bin $ hexdump -C obj28.bin | head 00000000 78 9c 0b 00 00 00 02 00 00 00 00 00 00 00 00 00 |x...............| ... The stream is a Flate‑compressed block that, once decompressed, yields a 2048‑byte buffer full of 0x00 except for a few non‑zero bytes at the very end: Overview The challenge consists of a single file

A quick visual check shows a fairly clean document – a title page, a table of contents, and then a series of “chapter‑style” pages full of lorem‑ipsum text. Nothing suspicious at first glance. PDFs are made of a series of objects (streams, dictionaries, etc.). Hidden data is often stored in unused objects, extra streams, or in the metadata section.

> echo "The flag is hidden in the zero‑filled stream." Again, a hint directing us toward Object 28. The flag we extracted from Object 28 matches the typical format for the platform (HTB…).

$ pdf-parser -dump 18pages.pdf > pdf_objects.txt The dump revealed the following interesting points: