CrySyS Sec Challenge 2014 - Hide Your Flags writeup
This task was given during the Security Challenge of 2014 under the “Word Processors FTW” group and was worth 80 points. The CrySys Lab at BME made the CTF possible.
Description: You should have received a document with a flag. The document is here, but where is the flag?
I downloaded the file. The document read:
This file is a zipped, XML based file format (Office Open XML), so we can simply unzip it, using the ‘unzip’ command in the terminal.
This will produce a bunch of folders, one of which called word. Opening that folder we will find some xml files, and if we take a look at the document.xml we will find the following:
So the flag was truly sent to us in a form of a comment.