Tags: forensics
Rating:
Yay! I really enjoy using these free and open file standards. I love them so much, that I made a file expressing how much I like using them. Let's enjoy open standards together!
(Attachments: files/open.docx)
A lot of things are actually zip files underneath and can be unzipped as such. docx files are one of those things.
$ unzip open.docx
Archive: open.docx
creating: docProps/
inflating: docProps/app.xml
inflating: docProps/core.xml
creating: word/
inflating: word/document2.xml
inflating: word/fontTable.xml
extracting: word/secrets.xml
inflating: word/settings.xml
inflating: word/styles.xml
creating: word/theme/
inflating: word/theme/theme1.xml
inflating: word/webSettings.xml
creating: word/_rels/
inflating: word/_rels/document2.xml.rels
inflating: [Content_Types].xml
creating: _rels/
inflating: _rels/.rels
One can't help but notice a really interesting file: word/secrets.xml. Let's go check it out.
$ cat word/secrets.xml
<?xml version="1.0" encoding="utf-8"?>
PHNlY3JldCBmbGFnPSJiY2FjdGZ7ME94TWxfMXNfNG00ejFOZ30iIC8+
Looks like base64. Let's decode it.
$ echo "PHNlY3JldCBmbGFnPSJiY2FjdGZ7ME94TWxfMXNfNG00ejFOZ30iIC8+" | base64 -d
<secret flag="bcactf{0OxMl_1s_4m4z1Ng}" />
