This was a file obfuscation challenge.
In question it says portable document which is eqivalent to pdf (Portable Document Format).
First try to upload normal pdf file it return yummy and other files as Not Tasty, so pdf is our file of intrest.
On uploading pdf file
On uploading any other extension file
Key points of challenge
- So we need to upload a pdf file which looks as if pdf with eyes but actually is not.
- And a statement inferno overwrite (actual move name is inferno overdrive) is my favourite move. Here over is hint for some overwrite character and hint 1 says about look from right to left.
Also making a file name with .pdf end which not actually ending in .pdf means we need something just to illude/change how it looks to user. Searching obfuscation techniques leads to rtlo which matches with description and hints.
Here comes the concept of right-to-left-overwrite character.
Combining above observation and making file with name as depicted below and uloading file with name like gives you the flag :-
- shell.fdp ----> shell.fdp
Uploading file with name formulated as above
Hints with point values (cost) :-
- Hint 1 :- Everything is just related to name and extension of file not content in file ... (20 pts)
- Hint 2 :- Think from right to left (30 pts)
- Hint 3 :- Give me file with name while when seen from eyes look like abc.pdf but its not actually pdf (50 pts)
- Hint 4 :- Make file name "abc.fdp" look "abc.pdf" (70 pts)