Invitation Writeup
Cyber Apocalypse 2021
Solved By : Starry-Lord
- So we get a docm file.
- I start by unzippping the word document
- We get a docm
- Unzip it again and see folders
PART 1
- First thing I tried to do after looking around was
strings vbaProject.bin
- Which gives back interesting hex lines.
- Then decrypt from hex
- From base64 urlsafe alphabet will show the following
CHTB{maldocs_are
PART 2
- Upload full vbaProject file this time and do the same as before.
- Use base64 urlsafe alphabet
- We get second part of the flag by reversing
_the_new_meta}
CHTB{maldocs_are_the_new_meta}