Official emo Discussion

Official discussion thread for emo. Please do not post any spoilers or big hints.

This is fun, I knew nothing about Word files before looking at this.

  • I learnt a new tool exists, thanks Didier!
  • I see a long (46) ‘Copy*****’ string, but doesn’t seem to be our flag,
  • I find some obfuscated code, but it doesn’t look to do anything fun and reversing would take too long.
  • Theres the ‘frozen towels’ too of course, thats interesting ?

I’m a bit stuck now though…

Got the flag!
Learned a lot, thanks @0xdf
Too much fun in this challenge!.
It was not that easy tho ;D

Any hints you could offer me @CaJiFan ?

A surprisingly difficult challenge for 40 points. I thought I had an idea but nothing I do seems to extract a flag.

I’ve been banging my head against this obfuscation for hours… Feel like I’m thinking about it too hard. Could anyone give a nudge on how to decode?

That was really fun! hint: you don’t have to deobfuscate the whole m****. execute it in a VM and you’ll see another process, with the debofuscated commands !

Wow i though this would be easy, judging by the green bars in the rating…

I find those pretty interesting, well done to the author ! I was a bit puzzled by the little bit which is very specific to HTB and didn’t really know how to interpret that, if you’re wondering about that, you’re close to the end !

I was rather hoping I could complete this challenge without having to buy Microsoft Office, is there another way ?

OK, that was pretty convoluted, I’d love to see how experienced hackers are analysing these!
Some Procmon and manually feeding lines into powershell and seeing what they evaluate to, combined with some judicious cyberchef’ing solved it for me.

2 Likes

Are all of the url’s down which I can find or do I need to connect by VPN ?

It never fails to amaze me how broken powershell can be and still work.

So I found code decoded it and know what it is doing. but still can’t find flag. the urls are not public so code can’t download anything., not sure if this challenge requires connecting to VPN. Any tips would be welcomed.

Done, N!c3 simple easy Challenge. my recommendation to do it on windows. Event viewer is your best friend.

Hint:
its all about run and decode.

Hint: Be on the VPN to finish this.

I feel like I am close, but having an issue accessing URLs. I am using the HTB VPN, but they don’t resolve. I must be missing something. IP of a DNS server buried in an obfuscated variable maybe?

I’m in the same boat as you. Did you resolve this one? > @L0rdG1zm0 said:

I feel like I am close, but having an issue accessing URLs. I am using the HTB VPN, but they don’t resolve. I must be missing something. IP of a DNS server buried in an obfuscated variable maybe?

Same boat as you guys, I have a collection of URLs I am trying to access over the VPN but none of them are working…

None of the urls resolve, even if on the VPN. What am I missing?

Ok, I totally took a long way round for a shortcut on this one. Solved now! (didn’t use the VPN)