## https://sploitus.com/exploit?id=37C8C50B-F32B-5CAF-B3D2-742AED8F124F
# RTF CTF Challenge - CVE-2025-21298 (Safe Demo)
This repository contains a **safe** Capture The Flag (CTF) challenge designed to demonstrate the concept of **RTF-based OLE exploits** (similar to CVE-2025-21298) **without any real malicious payload**.
## ๐ Challenge Objective
Your goal is to extract and analyze an **RTF file** to uncover a hidden **flag** inside an embedded OLE object.
๐ How to Solve the Challenge
After players receive safe_exploit.rtf, they can extract the OLE object using:
Python 3 (For running oletools)
1 oletools (for analyzing RTF files)
๐น A Python toolset to inspect OLE objects in RTF and Office documents.
๐น Install it via pip:
bash
pip install oletools
or
2 rtfobj (from oletools)
๐น Extracts and inspects OLE objects embedded inside RTF files.
๐น Usage:
rtfobj ctf_cve_2025_21298.rtf
#
bash
rtfobj safe_exploit.rtf
The extracted data will reveal:
FLAG{SAFE_...}
This simulates how real-world CVE exploits hide payloads in OLE objects inside RTF files.