Cyber Apocalypse 2021

Invitation

Solved By : Starry-Lord

• So we get a docm file.
• I start by unzippping the word document
• We get a docm
• Unzip it again and see folders

PART 1

• First thing I tried to do after looking around was

strings vbaProject.bin

• Which gives back interesting hex lines.

• Then decrypt from hex

• From base64 urlsafe alphabet will show the following

CHTB{maldocs_are

PART 2

• Upload full vbaProject file this time and do the same as before.

• Use base64 urlsafe alphabet
• We get second part of the flag by reversing

_the_new_meta}

CHTB{maldocs_are_the_new_meta}