Kick Tort Teen (50 pts)¶
Good to Know: The challenge name (Kick Tort Teen) is an anagram on the phrase "Rocket Kitten" (use anagrammer to find out the anagram).
Rocket Kitten is a malware which uses essentially the same method in this challenge to hide itself from an Email Gateway antivirus.
data.xls in Excel.
It gives the following error; click "Yes".
The error is due to the fact that the file is actually not in .xls (Excel) format, but in .xlsm (macro-enabled Excel) format.
Upon openning the file, the following security warning states that it contains macros. Click "Enable Content".
In Excel, press AltF11 to see the macros:
Function FileExists(ByVal FileToTest As String) As Boolean FileExists = (Dir(FileToTest) <> "") End Function Sub DeleteFile(ByVal FileToDelete As String) If FileExists(FileToDelete) Then 'See above SetAttr FileToDelete, vbNormal Kill FileToDelete End If End Sub Sub DoIt() Dim filename As String filename = Environ("USERPROFILE") & "\fileXYZ.data" DeleteFile (filename) Open filename For Binary Lock Read Write As #2 For i = 1 To 14747 For j = 1 To 23 Put #2, , CByte((Cells(i, j).Value - 78) / 3) Next Next Put #2, , CByte(98) Put #2, , CByte(13) Put #2, , CByte(0) Put #2, , CByte(73) Put #2, , CByte(19) Put #2, , CByte(0) Put #2, , CByte(94) Put #2, , CByte(188) Put #2, , CByte(0) Put #2, , CByte(0) Put #2, , CByte(0) Close #2 End Sub
It generates a file called
fileXYZ.data under the
Inspect the file: It's a Linux ELF.
Run it under Linux; it prints the flag: