-
Notifications
You must be signed in to change notification settings - Fork 0
/
7z_PPTX_base_5_Compression_stego.ps1
61 lines (55 loc) · 1.72 KB
/
7z_PPTX_base_5_Compression_stego.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
<#
####
CTF Script
This takes a pptx file that has base 5 setgo under the slides to pull out a flag
https://link.springer.com/content/pdf/10.1007%2F978-3-642-23300-5_27.pdf
Option 1 OOXML Stego by Compression
Take Answer to https://www.rapidtables.com/
Base 5 to Hex
CyberChef
From Hex to get flag
####
#>
$zip1 =& 'C:\Program Files\7-Zip\7z.exe' l <File>.pptx -slt | ConvertFrom-String -Delimiter "=" -PropertyNames key,value
$out = @()
$record = @()
foreach ($line in $zip1){
if ($line -match "Path"){
$file = (($line -split "\\")[2] -split ".xml")[0]
}elseif ($line -match "Method"){
if ($file -notmatch "Layout" -and $file -notmatch "Master" -and $file -notmatch "notes"){
if ($line.value -match "Store") {
$method = "4"
}elseif ($line.value -match "Deflate") {
$def = $line.value -split ":"
if ($def[1] -match "Fastest"){
$method = "3"
}elseif ($def[1] -eq "Fast") {
$method = "0"
}elseif ($def[1] -eq "Maximum") {
$method = "2"
}else{
$method = "1"
}
}else{
$method="no match"
}
$record = New-Object PSObject -Property @{
"file_name" = [int]($file -split "ide")[1]
"Method_orig" = $line.value
"method" = [int]$method
}
}
}else{
Continue
}
if($record.file_name -ne "0" -and $line.key -ne "Path"){
$out += $record
}
}
$post = $out | sort file_name -Unique
$answer = ""
foreach ($a in $post.method){
$answer += $a
}
$answer