Task 1:Mr. Phisher

I received a suspicious email with a very weird-looking attachment. It keeps on asking me to "enable macros". What are those?

Inspect macro Opening the word document(MrPhisher.docm) in Libre office reveals it is a macros document (as docm in file extension suggested ).

Editing Macro To view the source code of macro following steps need to be followed.

...Tools menu ---> Macros ---> Edit Macros

Source Code

Option VBASupport 1
Sub Format()
Dim a()
Dim b As String
a = Array(102, 109, 99, 100, 127, 100, 53, 62, 105, 57, 61, 106, 62, 62, 55, 110, 113, 114, 118, 39, 36, 118, 47, 35, 32, 125, 34, 46, 46, 124, 43, 124, 25, 71, 26, 71, 21, 88)
For i = 0 To UBound(a)
b = b & Chr(a(i) Xor i)
Next
End Sub

Source Code Important Part explained

Dim a()---> Array Variable  a
Dim b As String ---> String Variable b
a = Array(102, 109, 99, 100, 127, 100, 53, 62, 105, 57, 61, 106, 62, 62, 55, 110, 113, 114, 118, 39, 36, 118, 47, 35, 32, 125, 34, 46, 46, 124, 43, 124, 25, 71, 26, 71, 21, 88)  ---> value of a()
For i = 0 To UBound(a) --> for loop with size of an array a as last value
b = b & Chr(a(i) Xor i)  ---->concatenation of character Xor value of a to b

Writing Python code for getting the flag

a = [102, 109, 99, 100, 127, 100, 53, 62, 105, 57, 61, 106, 62, 62, 55, 110, 113, 114, 118, 39, 36, 118, 47, 35, 32, 125, 34, 46, 46, 124, 43, 124, 25, 71, 26, 71, 21, 88]
b=""
b=([b+chr(a[i] ^ i)for i in range (len(a))])
print("".join(b))