Description
Sensitive text in a PDF was only visually redacted. Convert the PDF to text (or copy/paste) to reveal the hidden flag.
Setup
Install `pdftotext` (from poppler-utils or xpdf).
Run `pdftotext Financial_Report_for_ABC_Labs.pdf` to create a .txt version.
Search the text output for `picoCTF` (or simply copy the blacked-out text directly inside a PDF viewer).
pdftotext Financial_Report_for_ABC_Labs.pdf
grep -oE "picoCTF\{.*\}" Financial_Report_for_ABC_Labs.txt
Solution
- Step 1Convert the PDFVisual redactions don’t remove the underlying text. `pdftotext` extracts everything, including the supposedly hidden sections.
- Step 2Search for the flagGrep the generated text file for picoCTF to immediately locate the flag string.
Flag
picoCTF{C4n_Y0u_S33_m3_f...}
Real-world lesson: always remove sensitive text entirely before distributing redacted documents.