Rating:
# Writeup: The Evil Files
## TL;DR
The PDF is not encrypted and its body text extracts cleanly.
The flag is embedded directly in the visible email header:
```text
CC: CIT{m0j0_eng4g3d}
```
## Recon
The only attachment is `challenge.pdf`.
Basic inspection shows a normal one-page PDF generated by LibreOffice Writer.
Useful checks:
```bash
pdfinfo files/challenge.pdf
exiftool files/challenge.pdf
pdftotext files/challenge.pdf -
```
## Solve
Running `pdftotext` immediately reveals the document contents.
The PDF is formatted as an email and the `CC:` line contains the flag:
```text
FROM: [email protected]
TO: [email protected]
CC: CIT{m0j0_eng4g3d}
Subject: RE: Plan to take over the world
```
I also added a small parser in `scripts/solve.py` that:
1. Verifies the provided SHA1
2. Extracts text from the PDF with `pypdf`
3. Pulls the flag with a regex
## Artifacts
- `scripts/solve.py` extracts the flag locally
- `other/extracted.txt` stores the recovered document text
- `solution/flag.txt` stores the solved flag
## Flag
`CIT{m0j0_eng4g3d}`
