My cheeky lil' CTF

ctf
web

(Command-Line Ninja) #1

Hey lads! Somebody asked me earlier for a screenshot of my setup. I thought it would be a little too easy if I just gave him the link, so I decided to make a dead-simple CTF.

However, a lot of people haven’t actually found the answer? So I present the challenge to you. Can you find the URL?

https://pry0.cc/web/CanYouFindMe/

Good luck!


(oaktree) #2

That was fun. :smile:!


(Not a N00b, but still learning) #3

LOL. Nice riddle! :sunglasses:

How to get it:

Open the site and take a look at the HTML-Code:

<html>
<head>
	<script src="load.js"></script>
</head>
<body>
</body>
<h1> Hello! </h1>
<p> Can you find <a href="#Nice-try-you-sucker">me?</a> ... </p>
</html>

After falling for the awesome trap, you’ll instantly recognize the loader.js file, which is in fact never executed. The file contains the following code:

function load() {
	console.log("V2hhdCB5b3UgYXJlIGxvb2tpbmcgZm9yPw0KDQphSFIwY0hNNkx5OXBiV2QxY2k1amIyMHZZUzlSVlVOa1dRPT0=");
}

With a little sense for obfuscation, it should be clear that we are presented with a Base64 encoded string, which decodes to the following:

What you are looking for?

aHR0cHM6Ly9pbWd1ci5jb20vYS9RVUNkWQ==

This contains another Base64 string:

aHR0cHM6Ly9pbWd1ci5jb20vYS9RVUNkWQ==

=> Which finally results to the picture:

https://imgur.com/a/QUCdY

https://imgur.com/a/QUCdY


(The C# Dude) #4

Wanted to go to sleep, saw the riddle, had a little fun before bed :smile:.


#5

There it is. The killer setup. As promised! :slight_smile:


(johnt) #6

Couldn’t help but wonder :

Do you think there exists a base64 encoded string that infinitely decodes to another valid base64 encoded string ?
In which case you could turn your ctf into a massive rickrolling :wink:

The problem in itself doesn’t seem particularly useful but hey, maybe some crazy mathematician published something about it


(Valentine) #7

Nice one. Thanks for giving me a laugh. Cheers. :slight_smile:


(Hardware Bias!) #8

What is up with this community and Base64? I really don’t get it why it is so special. Can someone explain?

-Phoenix750


(Command-Line Ninja) #9

Its cool. It maintains everything and is borderline readable. Plus its easily recognisable.


(Valentine) #10

Even google uses it in the email source code. It’s simple but awesome.


(Command-Line Ninja) #11

This topic was automatically closed after 30 days. New replies are no longer allowed.