crackers (YBN CTF 2024)

# crackers Excel File (.xlsx) Password Cracking CTF Challenge (YBN CTF 2024) ### Challenge Details > Title: crackers > Description: I managed to hack into this business and I swear there was some important information in here! All i know is that its the end but i dont know what this means????\ > Attachments: https://ctf.ybn.sg/files/c55375e194d788f6ae848cab541ad3a0/BusinessDocuments.xlsx \ > Instance: - This challenge presents us with an Excel document that seems to password protected. 1. Get `office2john.py` from [here](https://github.com/openwall/john/raw/refs/heads/bleeding-jumbo/run/office2john.py) 2. `python3 office2john.py > hash.txt` 3. Edit `hash.txt` to remove the leading filename and colon. It should like this: ``` $office$*2013*100000*256*16*81ba2515e744c74a330c4dc216b76a1f*c186a31266f1cedb5045d81b0180ad3c*d058672755a76f82ff1f1b4945353e514519bcb5f4fc5372c81c704675459bf5 ``` 4. Make sure you have `rockyou.txt` beforehand. Run: ``` hashcat -m 9600 -o cracked.txt hash.txt rockyou.txt ``` 5. The password to the document will be displayed at the end: ``` $office$*2013*100000*256*16*81ba2515e744c74a330c4dc216b76a1f*c186a31266f1cedb5045d81b0180ad3c*d058672755a76f82ff1f1b4945353e514519bcb5f4fc5372c81c704675459bf5:dungeon ``` In this case the password was `dungeon`. You can use `msoffcrypto-tool` from [here](https://github.com/nolze/msoffcrypto-tool) to decrypt the file: ``` msoffcrypto-tool BusinessDocuments.xlsx decrypted.xlsx -p dungeon ``` And then you can open it up in Excel. Now, cause i'm an idiot i didn't pick up the hint in the challenge description for where I should be looking for the flag. > "I managed to hack into this business and I swear there was some important information in here! All i know is that **its the end** but i dont know what this means????" \ The intended solve from here was to go the bottom right corner of the spreadsheet and get the flag. \ This could be achieved with Ctrl + DOWN and Ctrl + RIGHT. So yeah, needless to say I went about things differently. \ Press Ctrl + F and then search for "_", then press "Find All" and scroll to the bottom. You should see this: \ ![image](https://hackmd.io/_uploads/r1EPucs71e.png) Click on any one of the two suspicious entries and you will see the flag. Flag: :::spoiler Flag YBN24{Y0u_cr4ck3d_m3} ::: \ \ \ Main Writeups Page: https://hackmd.io/@ctf-lol/ybnctf2024