CTF Community Bangladesh Facebook Group Writeup
3 min read
The entry challenge for the Facebook group was so remarkable that I wished to do a write-up.
So after requesting to join, they will require a few questions to answer:
After answering these questions, your main hurdle is that CTF challenge:
So you have to decode this encoded string of text in order to join. If you can't get the flag, they will not approve your request.
Step 1 - Decoding the string
In this step you will decode this piece of string, but how do you determine the algorithm?
I'm sure there are some tools out there that will tell you what format this is. But from experience I can tell, it's a
base64 encoded text.
A Base64 number format has 64 symbols in it.
- 10 numbers 0-9
- 26 lowercase letters a-z
- 26 uppercase letters A-Z
- 2 extra symbols
You can see the string has a mix of upper and lower case letters, as well as letters up to
Z. So that's the first way to identify that it's a
base64 encoded text.
The next obvious feature of base64 is the ending
The character count of a base64 string will always be divisible by 4.
If there are fewer characters, the algorithm will add one, two, or three additional
= at the end as padding.
So a base64 encoded string will often come with a
=== at the end.
Decoding base64 text
To decode the text, you can take help from one of the many online base64 decoders out there. This is what I have done for a long time.
You can also decode from your Linux computer with the built in
Save the string into a text file called
ctfbangladesh.txt and run this command:
base64 -d ctfbangladesh.txt
The decoded string is a link to a pastebin site.
Step 2 - Decoding the pastebin text
In this step you will further decode the text found in the pastebin site.
Visit the pastebin URL you found in the last step, and you will see the following text:
Looks like it's the flag, but the text is mixed up.
The hint says Rotten Food.
Now if you have taken any beginner-level cryptography lessons, you will know that it's some kind of Ceaser cipher.
I have done a few basic Crypto CTFs and came across the ROT13 algorithm. For this reason, I know they are talking about the ROT algorithm. It could be ROT13 because it's the most popular one out there.
The ROT13 website should help you decode the piece of string
After decoding, you will see the flag that looks like the flag format they asked for.
Submit this flag and hopefully, you will be granted access to this CTF group in Bangladesh.
That's all folks!