Tags: zip hidden
Rating: 5.0
Looking at the given file, it had the 0x50 0x4B (PK in ascii) magic number, which means it's zip. When extracting it, 7zip gave the warning that *There are some data after the payload data*. The extracted contents seem to look like a *docx* file, but Microsoft Word couldn't open it claiming that it was corrupted.
To check what's after the payload data, I looked at the end of the file and saw that it ends with 0x4B 0x50, which is the zip magic number reversed, so I decided to attempt to reverse it with the following Python:
open("reversed", "wb").write(open("original", "rb").read()[::-1])
The extracted payload from the reversed file also looked like *docx* and also couldn't be opened with Word, but this time in the /word/media payload folder there was an image that displayed the flag.