Redacted, but Not Gone
🔍 Details
| Attribute | Details |
|---|---|
| Challenge Name | Redacted, but Not Gone |
| Category | Forensics |
| Difficulty | 🟢 Easy |
| Flag | F4H{qxOTG5RXKY**********} |
📝 Description
This confidential financial report contains sensitive information that has been blacked out—or has it?
📥 Download financial_report_confidential.pdf
🧩 Hints
_
💡 Solution
Although some portions of the PDF appear blacked out, the redaction was done incorrectly — the text is still selectable and extractable.
There are two simple ways to access the hidden content:
-
Manual method:
Open the PDF in any reader, hover over the redacted (blacked-out) area, select the text, and copy-paste it into a text editor. -
Command-line method:
Usepdftotextto extract the raw content:
📚 Insights
Redacting sensitive information in PDFs by simply placing a black rectangle over text is a critical human error. This doesn't remove the actual content — it only obscures it visually.
Proper redaction requires:
- Removing the text content from the document structure (not just overlaying),
- Using dedicated redaction tools that sanitize metadata and embedded content.