rtfdump.py bla.rtf
scroll & find largest section that is closest to bottom
e.g. for example id#179 was the one i found
then run
rtfdump.py -s 179 -H bla.rtf
and you get some Hex & readable ascii
if you scroll, somewhere buried in there is the content you want
e.g. for example it might start at 0x970 and end at 0xA10
then run
rtfdump.py --cut 0x970:0xA10 -s 179 -H -d
and it'll display your plain ascii text of the payload you wanted to see!!!!
sweet
No comments:
Post a Comment