CrySyS Sec Challenge 2014 - Hide Your Flags writeup

This task was given during the Security Challenge of 2014 under the “Word Processors FTW” group and was worth 80 points. The CrySys Lab at BME made the CTF possible.

Description: You should have received a document with a flag. The document is here, but where is the flag?

I downloaded the file. The document read:

I’m sending you the flag:  

This file is a zipped, XML based file format (Office Open XML), so we can simply unzip it, using the ‘unzip’ command in the terminal.

unzip flag.doc

This will produce a bunch of folders, one of which called word. Opening that folder we will find some xml files, and if we take a look at the document.xml we will find the following:

<w:p w:rsidR="00C21BD3" w:rsidRDefault="00F276A0">
    <w:r>
    <w:t xml:space="preserve">I’m sending you the flag:</w:t>
    </w:r>
    <!--  f9fd7ff0c20c90277ed467b6780c7439  -->
    <w:bookmarkStart w:id="0" w:name="_GoBack"/>
    <w:bookmarkEnd w:id="0"/>
</w:p>

So the flag was truly sent to us in a form of a comment.

If you liked this post, you can share it with your followers or follow me on Twitter!
comments powered by Disqus