back to home

OGN Challenge #2

This challenge can be found when two employees of the Mass Driver Facility in Hawaii are discussing clicking on a random email.

The Setup

Looks like one of our employees at the Hawaii Mass Driver Facility got tricked into handing over their personal information.

You are also given an email file to analyze.

The Attachment

Running strings on email.eml doesn't yield useful results.

You can open the email with Thunderbird or an online eml reader.

The email contains an attachment: PRIZE_ACCEPTANCE_FORM.docm.

The Macro

Running strings on PRIZE_ACCEPTANCE_FORM.docm also produces no useful output, but the document mentions enabling macros.

In LibreOffice Writer:

  1. Open the document
  2. Go to Tools > Macros > Edit Macros
  3. In the dropdown menu, select [PRIZE_ACCEPTANCE_FORM.docm].Project

The flag appears embedded in a Google search URL within the macro code.

Hacker Mindset

`strings` doesn't always work on file formats like .docm files - sometimes you need to open them up and poke around! This is also why real hackers often use Office macros to pwn their targets.