Description of the challenge:
“Just take the Ls. Check out this zip file and I be the flag will remain hidden. https://mega.nz/#!mCgBjZgB!_FtmAm8s_mpsHr7KWv8GYUzhbThNn0I8cHMBi4fJQp8”
So after download the file “The Flag.zip” usually the first thing that I do is a file command:
$ file The\ Flag.zip
The Flag.zip: Zip archive data, at least v1.0 to extract, compression method=store
Nothing suspicious here, so I just unzipped the file which resultern to a “The Flag” directory. A simple ls command showed the following:
$ ls -la
total 40
drwxr-xr-x 3 kali kali 4096 Apr 19 14:28 .
drwxr-xr-x 12 kali kali 4096 Apr 3 19:17 ..
-rw-r--r-- 1 kali kali 6148 Oct 30 2016 .DS_Store
-rw-r--r-- 1 kali kali 16647 Oct 30 2016 'The Flag.pdf'
drwxr-xr-x 2 kali kali 4096 Apr 19 14:28 .ThePassword
By opening the pdf file we can see that a password is required, and thus easily enough by checking the hidden .ThePassword directory we find a the actual password
$ ls -la .ThePassword
total 12
drwxr-xr-x 2 kali kali 4096 Apr 19 14:28 .
drwxr-xr-x 3 kali kali 4096 Apr 19 14:28 ..
-rw-r--r-- 1 kali kali 42 Oct 30 2016 ThePassword.txt
$ cat .ThePassword/ThePassword.txt
Nice Job! The Password is "Im The Flag".
By using the password we get the decrypted pdf that gives as the flag ABCTF{T3Rm1n4l_is_C00l}
