Hey lads! Somebody asked me earlier for a screenshot of my setup. I thought it would be a little too easy if I just gave him the link, so I decided to make a dead-simple CTF.
However, a lot of people haven’t actually found the answer? So I present the challenge to you. Can you find the URL?
<html>
<head>
<script src="load.js"></script>
</head>
<body>
</body>
<h1> Hello! </h1>
<p> Can you find <a href="#Nice-try-you-sucker">me?</a> ... </p>
</html>
After falling for the awesome trap, you’ll instantly recognize the loader.js file, which is in fact never executed. The file contains the following code:
function load() {
console.log("V2hhdCB5b3UgYXJlIGxvb2tpbmcgZm9yPw0KDQphSFIwY0hNNkx5OXBiV2QxY2k1amIyMHZZUzlSVlVOa1dRPT0=");
}
With a little sense for obfuscation, it should be clear that we are presented with a Base64 encoded string, which decodes to the following:
What you are looking for?
aHR0cHM6Ly9pbWd1ci5jb20vYS9RVUNkWQ==
Do you think there exists a base64 encoded string that infinitely decodes to another valid base64 encoded string ?
In which case you could turn your ctf into a massive rickrolling
The problem in itself doesn’t seem particularly useful but hey, maybe some crazy mathematician published something about it