I’m in the same boat as you. Did you resolve this one? > @L0rdG1zm0 said:
I feel like I am close, but having an issue accessing URLs. I am using the HTB VPN, but they don’t resolve. I must be missing something. IP of a DNS server buried in an obfuscated variable maybe?
Honestly, one of the most fun challenges and rewarding challenges I’ve done. Absolutely destroyed me. Thank you @sooperc0w for pulling me out of the weeds. Also, thank you @0xdf for the challenge!
Dm for nudges!
Glad to hear so many people enjoyed this one. It’s based off a real phishing document used by a prolific cyber-crime gang.
Some tips I’ll through out:
You don’t need to resolve anything.
You don’t need office. There are tools out there to dump office documents and their pieces from linux. There are also parts where having office will make this somewhat easier.
I just finished doing this challenge but without any static analysis, is there any official writeup regarding this challenge? Appreciate if any of you guys that done through static to share writeup. Thanks!
Really entertaining challenge! Thanks a lot @0xdf! Finally got the flag but doing dynamic analysis. I’d love to know how to solve it doing static analysis only.
DM me if you need a hint.
Hi, I think I’ve reached the last phase, but I can’t decode the output. I don’t want to spoil anything so I cannot go any deeper. However some hint about that stage?
Hey nice seeing ya in my scripts @0xdf
Great challenge, thanks a lot!!
I’m surprised that I actually enjoyed browsing vba / powershell!
My static approach was soooo clunky, I couldn’t help but find out what that next line was doing ^^’