Rating:

# Malicious 2

## Task

File: mycv.docx

## Solution

```bash
$ file mycv.docx
mycv.docx: CDFV2 Encrypted
```

We can use `office2john` to crack it:

```bash
$ office2john mycv.docx > hash
$ john --wordlist=~/ctf-tools/rockyou.txt hash
$ john --show hash
mycv.docx:princess101

1 password hash cracked, 0 left
```

We can use this python tool to decrypt the file: https://github.com/nolze/msoffcrypto-tool

After that we use `binwalk`:

```bash
$ binwalk -e dec.docx
$ grep -Ro 'JISCTF{[^}]*}' _dec.docx.extracted/
_dec.docx.extracted/word/document.xml:JISCTF{H4PPY_HUNT1NG}
```

Original writeup (https://github.com/klassiker/ctf-writeups/blob/master/2020/jisctf-quals/forensics/malicious-2.md).