# I heard you like files

We're given a PNG file and the hint that the (fictional) person who this PNG file belongs to specializes in PDFs. It sounds like a PDF file is embedded in here. Let's binwalk through it, and extract all files possibly embedded inside.

```
$ binwalk --dd=".*"
```


Yup. Looks like a PDF is indeed embedded in here. Let's go ahead and open it up.


This hint tells us that there may be another layer. Let's go back to the files we extracted and see if any of them seem out of the ordinary.

```
$ file *
```


That's strange. We have a Microsoft Word 2007+ file. Let's unzip it and see what files are embedded inside of it.

```
$ unzip 34591D
```


Well, at least we know the flag isn't there. Haha. Let's look around.

```
$ tree
```


Interesting. We have a PNG. Let's open it up.


Intuition tells me that there's something more here. Let's binwalk through it.

```
$ binwalk image1.png
```


Looks like there's another PDF. Let's extract it and view the PDF.

```
$ binwalk --dd=".*" image1.png
```


Nothing useful in the contents of this PDF. Intuition tells me that there must be something more here. Let's run strings on it and see if there's any data after the EOF (End-Of-File).

```
$ strings 1485 | tail -n 10
```


Interesting. That looks like a Base64 encoded string after the EOF there. Let's decode it

```
$ echo "ZmxhZ3tQMGxZdEByX0QwX3kwdV9HM3RfSXRfTjB3P30K" | base64 -d
```


Original writeup (https://github.com/shawnduong/ctf-writeups/blob/master/2019-TAMU/Misc/I-heard-you-like-files.md).