Preface

I had the pleasure of attending 2022 The competition of the enterprise group of the second network security skills competition in Shanxi Province , This is the first time to participate ctf match , In order to accumulate practical experience , The ranking is a little unexpected .

Tips ： The following is the main body of this article .

One 、 subject

subject ：

Miscellaneous questions , Violent attachment .

The attachment ：

Violent attachment .docx

Two 、 The problem solving steps

1. Their thinking

Open the document and prompt for the password , No other hints were found . The combination title should be the blasting password . adopt office2join Calculating the hash value , Reuse hashcat Hanging dictionary explosion .

2. The problem solving process

stay kali Find office2join The location of , Computing documents hash value .

┌──(kali㉿kali)-[/usr/share/john]
└─$ python3 office2john.py /home/kali/sharedir/ Violent attachment .docx          1 ⨯
 Violent attachment .docx:$office$*2007*20*128*16*51111afe3dcf9f849d17e7d2c2943a11*2452d40ae102d796bd9d4afe2ecc923b*12f7b759047f3ccfc8ac147c08d952ea37557704

Remove the file name , Generate file.hash file

┌──(kali㉿kali)-[~/sharedir]
└─$ cat file.hash
$office$*2007*20*128*16*51111afe3dcf9f849d17e7d2c2943a11*2452d40ae102d796bd9d4afe2ecc923b*12f7b759047f3ccfc8ac147c08d952ea37557704

Use hashcat Hang up the dictionary to crack

┌──(kali㉿kali)-[~/sharedir]
└─$ hashcat -m 9400 -a 0 file.hash rockyou.txt

The result of the explosion

$office$*2007*20*128*16*51111afe3dcf9f849d17e7d2c2943a11*2452d40ae102d796bd9d4afe2ecc923b*12f7b759047f3ccfc8ac147c08d952ea37557704:2345

Session..........: hashcat
Status...........: Cracked
Hash.Name........: MS Office 2007
Hash.Target......: $office$*2007*20*128*16*51111afe3dcf9f849d17e7d2c29...557704
Time.Started.....: Sun Jul 17 23:40:28 2022 (3 mins, 24 secs)
Time.Estimated...: Sun Jul 17 23:43:52 2022 (0 secs)
Guess.Base.......: File (rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:      945 H/s (5.24ms) @ Accel:1024 Loops:64 Thr:1 Vec:8
Recovered........: 1/1 (100.00%) Digests
Progress.........: 192512/14344385 (1.34%)
Rejected.........: 0/192512 (0.00%)
Restore.Point....: 188416/14344385 (1.31%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:49984-50000
Candidates.#1....: becky21 -> 083081

Status Tips Cracked, Indicates that the password has been successfully cracked , Turn up , You can see the following ：

$office$*2007*20*128*16*51111afe3dcf9f849d17e7d2c2943a11*2452d40ae102d796bd9d4afe2ecc923b*12f7b759047f3ccfc8ac147c08d952ea37557704:2345

The red background part is the cracked password .

Input password , open WORD file , There is a hint ：Flag Just below

Remove the blocked picture ,flag Present form ！

flag{9c2965fa13be342b8e70a50410bc76bd}

3、 ... and 、 summary

It was not solved during the game , The idea has been , But the lack of office2join（ Offline competition ）, So I gave up .

When the game is resumed , Find out kali The file itself , File path ：/usr/share/john.