Official emo Discussion

sooperc0w · January 11, 2021, 4:57pm

I think there are number of way to solve it, as someone say there is a VPN needed, but I solved it without VPN.
Its not an EASY challenge.

Harbard · January 14, 2021, 4:51am

Honestly, one of the most fun challenges and rewarding challenges I’ve done. Absolutely destroyed me. Thank you @sooperc0w for pulling me out of the weeds. Also, thank you @0xdf for the challenge!
Dm for nudges!

Artf7 · January 21, 2021, 11:52am

Solved it, but not in a very intelligent way… Would love to see a writeup of this

LPHermanos · January 21, 2021, 10:05pm

Hey I solved with office but want to know without office can someone DM ?

0xdf · January 27, 2021, 7:00pm

Glad to hear so many people enjoyed this one. It’s based off a real phishing document used by a prolific cyber-crime gang.

Some tips I’ll through out:

You don’t need to resolve anything.
You don’t need office. There are tools out there to dump office documents and their pieces from linux. There are also parts where having office will make this somewhat easier.

madgog · February 3, 2021, 4:04pm

It took me 3 days to get the flag. xD
Thank you @0xdf, learned a lot!

Salts · February 17, 2021, 9:24pm

This was harder than most boxes!

When you find what the evil document is doing, you can pare that down to something that is ALMOST readable, but definately works when you run it.

Inspect all of the things, and don’t skip any of them. Assume everything is important.

Ap0k4L1p5 · March 9, 2021, 4:33am

I just finished doing this challenge but without any static analysis, is there any official writeup regarding this challenge? Appreciate if any of you guys that done through static to share writeup. Thanks!

corsicajack · March 11, 2021, 10:05am

Same as many here, I got a bunch of urls and some decimal list with PS yet I don’t get what’s next…

d4rkc0nd0r · March 28, 2021, 10:29am

dm for any nudges

mkt · April 7, 2021, 4:02pm

Finally got it after a couple of days! First time doing malware analysis, so it was quite a learning experience for me Thanks for a cool challenge.

4n6man · April 20, 2021, 8:03pm

Really entertaining challenge! Thanks a lot @0xdf! Finally got the flag but doing dynamic analysis. I’d love to know how to solve it doing static analysis only.
DM me if you need a hint.

Obs3ss3dByT1m3 · April 23, 2021, 7:09pm

Hi, I think I’ve reached the last phase, but I can’t decode the output. I don’t want to spoil anything so I cannot go any deeper. However some hint about that stage?

n0leptr · April 23, 2021, 9:23pm

Solved. Best advice: don’t overthink this one (That’s what I did). You can go pretty far down the rabbit hole. Just remember, it’s an EASY challenge.

kitaanu · June 17, 2021, 1:32am

Hi @R3v4ng3l I am working on this EMO challenge and not able to solve it. Any hint?

apehex · June 24, 2021, 3:31pm

Hey nice seeing ya in my scripts @0xdf
Great challenge, thanks a lot!!
I’m surprised that I actually enjoyed browsing vba / powershell!
My static approach was soooo clunky, I couldn’t help but find out what that next line was doing ^^’

joejoet · September 6, 2021, 4:33pm

Hello, I’m stuck on this challenge. Like others have said I have got a bunch of non working urls. What else am I missing. Would appreciate a nudge.

Thms84 · September 19, 2021, 11:56am

Right. I got to the point where I can read the ps, yet no flags. What th. Spent much more time on this, than it deserves, can anyone give me a nudge?

antmar904 · December 9, 2021, 12:26pm

Why can’t I decode this long base64 powershell command??? i really need to get some training on decoding.

antmar904 · January 5, 2022, 4:34pm

Do I really have to deobv all the marcos found?