Uncle Pry's CTF Warmups - Episode #1

ctf
challenge
base64
decryption

(Leader & Offsec Engineer) #1

Hey 0x00ers!

If you took part in our latest CTF (December 2018), then many of you will remember the CTF challenge that plagued everybody. It was a base62 encoded string with “-” placed randomly in the string to create a flag. This took nearly 18 hours to crack by many people.

In order to help you guys get some practice, I’m going to be releasing some challenges along the way until the next CTF, and hopefully, teach you some new little tricks that CTF developers will use to trip you up.

If you follow me on twitter, you’ll know I shared a link to this https://gchq.github.io/CyberChef/, a valuable tool in solving these sort of challenges. I would recommend playing with it a bit as it can be super useful than trying to mess with multiple online tools. You can also build ‘recipes’ which slot in together which is really nice.

I wish you luck! If you find the answer, please enclose it using the spoiler tags when you reply.


Difficulty: Intermediate

-----BEGIN CERTIFICATE-----
UTI0MWJGcHlTVXRVZGxGRFpIWm1URk5PUm05NlFYazJlamh4WVVaV1NVNTVhblpo
YmpKWVpHdHdjMDF0T0daaVlXNVhVbU5PVUdkUFFXUlhNbVZTVTBRNGNsaENTemRJ
WkdGd1VWbGpRWFpSWjJVMWVrbFhTRk5ZZW1VMFdIUjVTVEp6Y0hkVlZqQkdhMUV4
TTJWd1FWa3hkSEJJWlROemR6WjNWRTFFVGxvNVNXRmhWM2hqYVRZeVNFUXlWVlZS
T1hoYVNFczRhRXBITVdWdGJ6UnNVVVppTTBabVNuUldWVEZXZUc1blZraENWV1oz
TTJ4RE0yTjNPVTQ0Ylc4M2MzWk5kelJpZFZsRmRHOVlNVXRZVlhkUWFHSlZla05C
VVhJMGNEbGpWVXRDYzJsVWVVdDJXa3g2T1doUmMyMW9RMHRIVkRoblIzbEJZbFo2
V1UxWGFVWTRSMVkzVkVkMmRVODFlalp1YkhKdU0wWkJaRTFFWWt0WE9VNURTVEJs
TTBOWFpteFJXVXh0ZG5SQk1tcFlUamRLYW10b1NWZHpVVmhLVkhkWFVuZFlibWxG
ZFVnMlJrdFRNMDl6VjI1dlJFWkNOMUkyY2pWU2JqVkdkbTEyTTBGblUwRTJXVTg0
U1VaNFRXMXFkRWx3T0U1UlozbHRhVloxUWpKdlZHWjRaWFpKZFVaT2JFTjNVWEp3
WVdkelJGWjNaMHhQWkVaNlNYVmlWWFExYTJsTFMwNHhXbmRLWTJoMk5GUlNOVkJw
VEhoR1dUTldUVlp4WVVWek5FaFNValpSVEd0eWJGZHlaak5NVTI1bFJHUjNhV0pP
V2psMFUzUklPR3RZVG1OTFkydFlXR1k1UVVadFpUazNkRFIzVUVoTmRrbHBZWGxR
Y0hwTlpIcElTV04xUW5rM1pYazRVa1J1TmtGMVRUVlVOVWhHZWpCbVpVdENOemMw
ZUVoUGVEWnRaRmR6ZWtOMmNHbEJTMnBUTkZWM2VUZE9hblJuUm1OeGRtdE9SSFl4
U0VaV2J6WmtZMDl5TUVaT1dGWkZTMHQ1YUc1WVdWUmpRMHhPVmxVMVExSkVjVkE1
Y2xSUVYwNDVjbGhqUkhSQmFISkhPRXhrYm5sMlVVaEpTMlprTldGQ05HTk9TV28w
ZG5WNFUwa3dXRlE1WWpWRVRrbEVNMFp4TTFwaVltbExlVVJFYlV4cVNHMVdRVXBv
ZDFWeVZsUXhXVGs9
-----END CERTIFICATE-----

Uncle Pry's CTF Warmups - Episode #2
#2

“Uncle Pry”

On a serious note, i am disappointed you didn’t name yourself “uncle ben” now that you had the chance.


(Presumptuous Commoner) #3

Not sure if this is the flag. Your taunt says base85 but I got this text from base58. I’m also clueless about most things ¯_(ツ)_/¯

Hello my name is pry0cc,

You will never crack my 1337 encryption little man.

I can even turn this into what looks like a certificate, and you’ll never find it out.

I’m so evil. I’m even using base62, base85 and base64.

Some people said that base-encoding isn’t encryption. Well judging by how hard people are gonna take this one, I think it’s safe to call it encryption.


(Leader & Offsec Engineer) #4

Good job dude! Would you be able to export the recipe you used if you used Cyberchef, or the script or even the method you used to decrypt it?


(Presumptuous Commoner) #5

I used CyberChef. It was an amazing time saver.

PEM_to_Hex()
From_Hex(‘Auto’)
From_Base64(‘A-Za-z0-9+/=’,true)
From_Base62(‘0-9A-Za-z’)
From_Base58(‘123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz’,true)


(Leader & Offsec Engineer) #6

Awesome man! I’m so glad somebody else had a good time with it, I thought it was just the coolest, best-hidden secret when I saw it. And nobody seems to know about it.


(← ∨ ↑ = ␀) #7

ProTip™️: The URL keeps state via URL params so you can just link directly to it


(Leader & Offsec Engineer) #8

That awkward moment you can’t click spoiler-tagged links.

EDIT: You can use open in new tab.


(Presumptuous Commoner) #9

Thanks! I did notice that, but for archival sake I feel like seeing them in the exported recipe format looks cleaner. Could always do it both ways in the future, though!


(Leader & Offsec Engineer) #11

This topic was automatically closed after 30 days. New replies are no longer allowed.