Hacking Notes by Tamal Web

CTF Community Bangladesh Facebook Group Writeup

Tamal Chowdhury's photo
Tamal Chowdhury
·

3 min read

ctf community bangladesh.png

The entry challenge for the Facebook group was so remarkable that I wished to do a write-up.

So after requesting to join, they will require a few questions to answer:

ctf bd answers.png

After answering these questions, your main hurdle is that CTF challenge:

ctf bangladesh.png

So you have to decode this encoded string of text in order to join. If you can't get the flag, they will not approve your request.

Step 1 - Decoding the string

In this step you will decode this piece of string, but how do you determine the algorithm?

aHR0cHM6Ly9wYXN0ZWJpbi5jb20vcmF3L2RMZWR6MnVXCg==

I'm sure there are some tools out there that will tell you what format this is. But from experience I can tell, it's a base64 encoded text.

A Base64 number format has 64 symbols in it.

  • 10 numbers 0-9
  • 26 lowercase letters a-z
  • 26 uppercase letters A-Z
  • 2 extra symbols + and /

You can see the string has a mix of upper and lower case letters, as well as letters up to Z. So that's the first way to identify that it's a base64 encoded text.

The next obvious feature of base64 is the ending == part.

The character count of a base64 string will always be divisible by 4.

If there are fewer characters, the algorithm will add one, two, or three additional = at the end as padding.

So a base64 encoded string will often come with a =, ==, or === at the end.

Decoding base64 text

To decode the text, you can take help from one of the many online base64 decoders out there. This is what I have done for a long time.

ctf bd base64 decode.png

You can also decode from your Linux computer with the built in base64 package.

Save the string into a text file called ctfbangladesh.txt and run this command:

base64 -d ctfbangladesh.txt

The decoded string is a link to a pastebin site.

Step 2 - Decoding the pastebin text

In this step you will further decode the text found in the pastebin site.

Visit the pastebin URL you found in the last step, and you will see the following text:

ctf bangladesh rotten foods.png

Looks like it's the flag, but the text is mixed up.

The hint says Rotten Food.

Now if you have taken any beginner-level cryptography lessons, you will know that it's some kind of Ceaser cipher.

I have done a few basic Crypto CTFs and came across the ROT13 algorithm. For this reason, I know they are talking about the ROT algorithm. It could be ROT13 because it's the most popular one out there.

The ROT13 website should help you decode the piece of string

ctf bd rot13.png

After decoding, you will see the flag that looks like the flag format they asked for.

Submit this flag and hopefully, you will be granted access to this CTF group in Bangladesh.

ctf bd final flag.png

That's all folks!

CTFhackingBase64#cybersecurity