E-CTF-2025 - Forensic

Screenshot

Step 1: Downloading the ZIP File Link to heading

The challenge provides a ZIP file containing a DOCX file.

Screenshot

Hypothesis: A DOCX file is actually a ZIP archive, meaning we can extract its internal content.

Step 2: Extracting the DOCX Content Link to heading

Screenshot

I used unzip to extract the content of the DOCX file.

Result:

  • Several folders and XML files.
  • A folder named word/ containing metadata and content.

Step 3: Analyzing Extracted Files Link to heading

I explored all the files extracted from the DOCX, looking for hidden information.

Screenshot

What I found:

  • The word/ folder contained plain text.
  • The file docProps/core.xml contained metadata.

Step 4: Retrieving the Document Author Link to heading

Opening the file docProps/core.xml, I found key information:

The name of the document’s creator!

Screenshot