maldoc

DOC 01 DOC 02 DOC 03 DOC 04 DOC 05 <- You are here Again the fifth challenge is a zip file: 01E1B7BCFB39B4A666475991AF11C5762A489F9395C48B4E156526E1C6E4573F But I have to first admit that I solved this one third, not fifth…in fact I got a message when I tried to submit the fifth challenge solution early that I had to do them in order. How did I do them out of order you ask?
Read more →
DOC 01 DOC 02 DOC 03 DOC 04 <- You are here DOC 05 Ok, so the fourth challenge is again a zip file (hash: 1A2570D5CC6E2C3A185E939DC49CB4B908B867E02AC84BF7ABB532B3395FB01A) and it contains a file fun.docm (hash: 4AE794A701D2F28BA7E6292F0463444F6A567CB7C26188A518270544252877FB). Now the first thing you need to know about the newer office file formats is that they are all zip files. So yes a DOCM and a XLSX and a PPTX, etc are all ZIP files with various contents pieces inside (see here for other zip based documents)
Read more →
DOC 01 DOC 02 DOC 03 <- You are here DOC 04 DOC 05 So we get the third zip file which contains file named “gooby.pdf” (hash:3FB332A27A28AF95187F45D79EC8A08ADEF1A4AAD0D4DDD26B832A15CE9DB91A). Well now we need to turn to PDF tools. I admit that I’m not as well versed with the internal structures of PDF’s as I am with Office Documents, but their structure is also simplier. So I first tried PDFStreamDumper by David Zimmer, but it didn’t see the javascript intially.
Read more →
DOC 01 DOC 02 <- You are here DOC 03 DOC 04 DOC 05 So we solved the frist document and then they give us this…Document #2 (hash: ACCDF64EB1E96BE5A7C5F23DB6A74B88869E4F6C3B46D41F80B3063BF79AD05E) So again, run it through FileId tool and get the VBA code out (using the XML or JSON output options). Sub AutoOpen() ' ' crackme Macro ' ' UserForm1.Show End Sub and Private Sub button_Click() x = suchcrypto(key.Text, "General Vidal") If x = "171,184,42,184,88,26,47,154,20,219,203,130,52,19,180,214,156,94,186,74,30,248,119,235,139,130,175,141,179,197,8,204,252," Then MsgBox "Wow.
Read more →
On 2016-07-15 at 5pm EST Palo Alto Networks started a Capture the Flag competition with cash prizes called PAN Labyrenth CTF. When I looked at the challenges I noticed that there was a Documents track, and since there was a cash prize to the frist person to complete a given track I thought I’d give it a go..hey $1000 for a few hours is not bad. It only took me a few hours (actually more than I intended because I got stuck overthinking one of the problems), but I don’t think I was the first one to complete the track.
Read more →