MatryoshkaHax

dCTF - Powerpoint Programming

Category - Miscellaneous | Difficulty - Easy

z3r0day504's photo
z3r0day504
·

2 min read

The challenge prompt provided for "Powerpoint Programming" shows the following:

image.png

When you download the file, you can see that it is a .ppsx format:

image.png

A .ppsx file is a Powerpoint slide show file and it opens directly to the presentation, as opposed to your standard .ppt/.pptx file format which opens into Microsoft Powerpoint and allows you to easily edit/view other aspects of the file.

If you simply double-click on the file, it will open in full-screen with an on-screen alphanumeric keyboard:

image.png

If you type in a value that does not equal the flag and click "Submit" you will get the following screen:

image.png

In order to view more about the file in the Powerpoint editor, the best way to do so is by opening Powerpoint itself and clicking "File -> Open " and select the file. This will open the file in a non-presentation/non-full screen way:

image.png

Click "Enable Editing" at the top. If you try clicking on the alphanumeric keys, you'll only be selecting the graphics/shapes of the keys as opposed to "pushing the keys." Seeing these differences, you can speculate that there is an animation aspect to this challenge. If you click on the "Animation" tab at the top, you can see several small "lightning bolt" flags appear next to some of the values on the on-screen keyboard.

image.png

Click on "Animation Pane" at the top to open the animation sidebar within Powerpoint and get a better idea of what's going on:

image.png

We can see the individual rectangle/"key" animations on the side. From here, there are two ways to solve the challenge:

1) Click on the red star under each "Trigger" header in the sidebar and make a note of the lightning bolt that lights up when you do so. For example, if we click "Rectangle 64" we can see the lightning bolt next to the letter "C" lightning up. Make a note of each letter that's highlighted as you go down the list.

image.png

2) Scroll down to the bottom of the Animation Page sidebar and click each red star under the "Trigger Rectangle 128: Z". This will accomplish the same thing as option 1.

image.png

Once that process is done for all of the "red stars" in the animation pane, you're left with the following output:

CBSE{OOS,0RMS,U2QX,R2BTQ2,0R,0S}

The output is shifted by one character on the alphanumeric keyboard. If we shift all of the letters to the right by one, the following flag is revealed:

DCTF{PPT_1SNT_V3RY_S3CUR3_1S_1T}
hackinghackMicrosoft