On nous fournit un fichier .docx corrumpu : 2021-fcsc-reglement_de_participation.docx.
On peut utiliser l’outil binwalk pour voir si il n’y a pas d’autres fichiers lisibles dans le document.
$ binwalk 2021-fcsc-reglement_de_participation.docx
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 Zip archive data, at least v2.0 to extract, uncompressed size: 1417, name: [Content_Types].xml
389 0x185 Zip archive data, at least v2.0 to extract, name: docProps/
460 0x1CC Zip archive data, at least v2.0 to extract, uncompressed size: 517, name: docProps/app.xml
850 0x352 Zip archive data, at least v2.0 to extract, uncompressed size: 652, name: docProps/core.xml
1287 0x507 Zip archive data, at least v2.0 to extract, name: _rels/
1355 0x54B Zip archive data, at least v2.0 to extract, uncompressed size: 573, name: _rels/.rels
1661 0x67D Zip archive data, at least v2.0 to extract, name: word/
1728 0x6C0 Zip archive data, at least v2.0 to extract, name: word/_rels/
1801 0x709 Zip archive data, at least v2.0 to extract, uncompressed size: 981, name: word/_rels/document.xml.rels
2198 0x896 Zip archive data, at least v2.0 to extract, uncompressed size: 5956, name: word/document.xml
4212 0x1074 Zip archive data, at least v2.0 to extract, uncompressed size: 3313, name: word/styles.xml
5084 0x13DC Zip archive data, at least v2.0 to extract, uncompressed size: 5321, name: word/numbering.xml
5776 0x1690 Zip archive data, at least v2.0 to extract, uncompressed size: 208, name: word/settings.xml
6036 0x1794 Zip archive data, at least v2.0 to extract, uncompressed size: 1106, name: word/fontTable.xml
6454 0x1936 Zip archive data, at least v2.0 to extract, name: word/media/
6527 0x197F Zip archive data, at least v2.0 to extract, uncompressed size: 131579, name: word/media/image1.jpeg
93718 0x16E16 End of Zip archive, footer length: 22
On constate que c’est une archive .zip.
On peut ensuite facilement extraire les fichiers, toujours avec binwalk.
$ binwalk -e 2021-fcsc-reglement_de_participation.docx
On peut ensuite simplement effectuer une commande grep dans le dossier extrait : \_2021-fcsc-reglement_de_participation.docx.extracted.
$ grep -Ro "FCSC{.*}" _2021-fcsc-reglement_de_participation.docx.extracted
_2021-fcsc-reglement_de_participation.docx.extracted/word/document.xml:FCSC{***}
Félicitations, le flag a été découvert !