This is going to be a very short and simple right up because there is not much to this one. But if your stuck hopefully it helps.

So, we start the machine and it instantly launches the attack box with a pdf file ready to open.

The object is to scan the QR code but obviously that's not going to happen with that big red thing on top. So we need to figure out what is going on. Is there something hidden in the pdf? Or is there a way to remove the red triangle?

Checking properties doesn't really give us anything. However I did notice this cairo 1.17.4. After researching this proves to be a nothing rabbit hole.

I did notice that something weird does happen when you close out the PDF though. Not sure if it is related to the cairo BoF vuln that I read about to be honest.

But after closing the pdf out I got some weird errors and my attack box desktop looked like this. We can still get to the file so I'm not going to sweat it right now.

I did look around for a while to figure out what was going on this one and didn't find to much. So, I looked at the forensic link on the THM page.

And the only thing they mention about PDF's is pdfinfo. Plus you can't download any other tools on the attack box. So let's give this a whirl and see if it does anything.

So, as you can see, there is really nothing interesting going on here either.

Okay let's see if we can open this up in another program and get it to act weird or do something!

When we right click and open with other application we get a few options. None of them really look interesting and I tried a few with no luck. However one stuck out to me LibreOffice Draw.

So once it opens this is what we get. Nothing impressive really.

But we notice that we can drag that red triangle right off the image! Or simply delete it!

You can then use your phone and scan the qr code to get the flag!

Hope this helped! Happy Hacking!