Category: Misc - Points: 1

Description: Are you alive?

Vm0wd2QyUXlWa2hWV0doVVYwZG9jRlZ0TVZOWFZsbDNXa1JTVjFac2JETlhhMUpUVmpGYWMySkVUbGhoTVVwVVZtcEJlRll5U2tWVQpiR2hvVFZWd1ZWWnFRbUZUTWsxNVUydFdWUXBpU0VKWVZtMTRkMVZXV25GVGFsSmFWakF4TkZaSE5VOVhRWEJwVWpGS1ZWWkdVa2RUCk1WWlhXa1prWVZKR1NsVlVWM040VGtaa2NtRkdaR2hSV0VKVVdXdG9RMWRXWkZobFIzUnBDazFFUm5wV01qVkxXVlpPU1ZGdVRsWmkKVkVaVVZURmFZV1JIVWtsVWJXaGhUVEJLVlZkWGVHdGlNbEp6VjJ0a1dHSlViRk5EYXpGelYyeG9WMDFYYUhaV01HUkxWMVpXYzFacwpWbGNLWWtoQ05sWkhkR0ZaVms1R1RsWmFhMUp0YUZOV01GWkxaREZhV0UxRVJsSk5WMUpZVjJ0b1QxbFdTa1pUYlVaRVlrWnNNMWxyClVsTlhSMFY0WTBoS1YySlVSa2RhVmxwWFl6RmFjd3BqUjJ0TFZXMDFRMkl4V25GUmJVWnFZbFpHTkZZeU5VOVpWa3AwWVVaT1YwMUcKV2t4YVJFWmhWMGRPUm1SSGJFNVdia0paVm1wS05HSXlTa2RUYWxwcFVtczFSVmxzVm5kWFJsbDVDazVZWkZkTlJFWXhWbGMxUzFZdwpNVWhWYTNoWFRWWndXRmw2Um1GamQzQlhZa2RPVEZaR1VrdGlNVkpYVjJ4V1VtSlZXbkZaYkZwSFRrWlplVTVXWkZkV01IQkpWbGQ0CmExWXdNVWNLVjJ0NFlWSXphSEpaZWtaM1VsWldjMk5HWkdsU2JrSktWbXBLTUdJeFVYaGlSbVJVWVRGd1ZWbHJXbUZTVm14WlkwVmsKV0ZKc1ZqVkRiVlpJVDFaa2FWWllRa3BYVmxadlpERlpkd3BOV0VaVFlrZG9hRlZzWkZOWFJsWnhVbXM1YW1RelFtaFZiVEZQVkVaawpXR1ZHV210TmJFWTBWakowVjFVeVNraFZiRnBWVmpOU00xcFhlRmRYUjFaSFdrWldhVkpZUW1GV2EyUXdDazVHU2tkalJGbExWRlZTCmMxSkdjRFpOUkd4RVdub3dPVU5uUFQwSwo=

This was the first challenge of the new TumCTF organized by h4x0rpsch0rr. Even if this was the first time for this group to organize a CTF, the challenges were very interesting.

This was just a sanity check. It is pretty obvious that the text in the description is encoded in base64, so let’s decode it:

$ echo "Vm0wd2QyVkhVWGhUV0docFVtMVNXVll3WkRSV1ZsbDNXa1JTVjFac2JETlhhMUpUVmpBeFYySkVU
bGhoTVVwVVZqQmFTMk15U2tWVQpiSEJYVm14d1VWWnFTalJaVjAxNFZHNU9XQXBpUjFKVVZGUkdT
MVZXWkZkYVJGSlVUV3N4TkZkcmFGZGhRWEJUWWtoQ1dWZFhlR3RpCk1ERnpWMjVLWVZOSVFuTlZi
VEZUVTFaYWRHUklUbWhhTTBKVVdXeGtiMlJzV2tkWGJUbFNDazFzV2xoV01XaHZWMGRLV1ZWc1Zs
VlcKYkhCNlZHdGFZVk5GTlZaa1JtaFNWMFZLZDFaWE1ERlJNV1JYV2toT1lWSkZTbUZEYkZsM1lr
UlNXR0V4Y0hKV2JURkdaVlpXYzFacwpjR2tLVW01Q2IxWnFRbUZqYlZGNFYyNU9ZVkp0YUZOV01G
WkxaREZhV0dORmRHbE5WbkJZVmpKNGIySkdTalppUms1RVlsVndXRll5Ck5YZFdNREYxVlc1S1Yw
MUhVa3hXTVZwWFl6RmFjd3BXYkdOTFZGUktiMVJXV2xWUmJVWnFZbFpHTkZZeU5WZFdWMHBJVld4
a1YwMUcKV2t4YVIzaHJZekZ3UlZWc2NGZGlSbkJKVmpKMGIxUXhiRmRUYTFwVVlrWmFSVmxZY0Vk
WFJsVjVDbVZIT1ZkaVZYQkpXVlZvZDFZdwpNWEZTYkdoaFVsZFNXRlZxUms5amQzQmhVbTFPVEZk
WGVGWmtNbEY0VjJ0V1UySkhVbFpVVjNSM1pXeFdXR1ZHWkZWaVJYQmFWa2QwCk5GSkdjRFlLVFVS
c1JGcDZNRGxEWnowOUNnPT0K" | base64 -D

Vm0wd2VHUXhTWGhpUm1SWVYwZDRWVll3WkRSV1ZsbDNXa1JTVjAxV2JETlhhMUpUVjBaS2MySkVU
bHBXVmxwUVZqSjRZV014VG5OWApiR1JUVFRGS1VWZFdaRFJUTWsxNFdraFdhQXBTYkhCWVdXeGti
MDFzV25KYVNIQnNVbTFTU1ZadGRITmhaM0JUWWxkb2RsWkdXbTlSCk1sWlhWMWhvV0dKWVVsVlVW
bHB6VGtaYVNFNVZkRmhSV0VKd1ZXMDFRMWRXWkhOYVJFSmFDbFl3YkRSWGExcHJWbTFGZVZWc1Zs
cGkKUm5Cb1ZqQmFjbVF4V25OYVJtaFNWMFZLZDFaWGNFdGlNVnBYVjJ4b2JGSjZiRk5EYlVwWFYy
NXdWMDF1VW5KV01HUkxWMVpXYzFacwpWbGNLVFRKb1RWWlVRbUZqYlZGNFYyNVdWV0pIVWxkV01G
WkxaR3hrYzFwRVVscFdiRnBJVjJ0b1QxbFdTa1pUYkZaRVlYcEdXRlV5CmVHOVdiVXBJWVVod1Yw
MXFSbGhhUldSWFVqRk9jd3BhUm1OTFdXeFZkMlF4V2tWU2JHUlZUV3R3ZWxWWGVGZFViRXBaVkd0
NFJGcDYKTURsRFp6MDlDZz09Cg==

Ok, this seems to be the classical challenge were multiple base64 steps were performed on some text (probably the flag). Let’s use the always-good simple python script for these occasions:

with open('data') as f:
    data = f.read()

while True:
    try:
        data = data.decode('base64')
        print data
    except:
        break

When we run it the result is:

$ python sanity.py
Vm0wd2QyVkhVWGhUV0docFVtMVNXVll3WkRSV1ZsbDNXa1JTVjFac2JETlhhMUpUVmpBeFYySkVU
bGhoTVVwVVZqQmFTMk15U2tWVQpiSEJYVm14d1VWWnFTalJaVjAxNFZHNU9XQXBpUjFKVVZGUkdT
MVZXWkZkYVJGSlVUV3N4TkZkcmFGZGhRWEJUWWtoQ1dWZFhlR3RpCk1ERnpWMjVLWVZOSVFuTlZi
VEZUVTFaYWRHUklUbWhhTTBKVVdXeGtiMlJzV2tkWGJUbFNDazFzV2xoV01XaHZWMGRLV1ZWc1Zs
VlcKYkhCNlZHdGFZVk5GTlZaa1JtaFNWMFZLZDFaWE1ERlJNV1JYV2toT1lWSkZTbUZEYkZsM1lr
UlNXR0V4Y0hKV2JURkdaVlpXYzFacwpjR2tLVW01Q2IxWnFRbUZqYlZGNFYyNU9ZVkp0YUZOV01G
WkxaREZhV0dORmRHbE5WbkJZVmpKNGIySkdTalppUms1RVlsVndXRll5Ck5YZFdNREYxVlc1S1Yw
MUhVa3hXTVZwWFl6RmFjd3BXYkdOTFZGUktiMVJXV2xWUmJVWnFZbFpHTkZZeU5WZFdWMHBJVld4
a1YwMUcKV2t4YVIzaHJZekZ3UlZWc2NGZGlSbkJKVmpKMGIxUXhiRmRUYTFwVVlrWmFSVmxZY0Vk
WFJsVjVDbVZIT1ZkaVZYQkpXVlZvZDFZdwpNWEZTYkdoaFVsZFNXRlZxUms5amQzQmhVbTFPVEZk
WGVGWmtNbEY0VjJ0V1UySkhVbFpVVjNSM1pXeFdXR1ZHWkZWaVJYQmFWa2QwCk5GSkdjRFlLVFVS
c1JGcDZNRGxEWnowOUNnPT0K

Vm0wd2VHUXhTWGhpUm1SWVYwZDRWVll3WkRSV1ZsbDNXa1JTVjAxV2JETlhhMUpUVjBaS2MySkVU
bHBXVmxwUVZqSjRZV014VG5OWApiR1JUVFRGS1VWZFdaRFJUTWsxNFdraFdhQXBTYkhCWVdXeGti
MDFzV25KYVNIQnNVbTFTU1ZadGRITmhaM0JUWWxkb2RsWkdXbTlSCk1sWlhWMWhvV0dKWVVsVlVW
bHB6VGtaYVNFNVZkRmhSV0VKd1ZXMDFRMWRXWkhOYVJFSmFDbFl3YkRSWGExcHJWbTFGZVZWc1Zs
cGkKUm5Cb1ZqQmFjbVF4V25OYVJtaFNWMFZLZDFaWGNFdGlNVnBYVjJ4b2JGSjZiRk5EYlVwWFYy
NXdWMDF1VW5KV01HUkxWMVpXYzFacwpWbGNLVFRKb1RWWlVRbUZqYlZGNFYyNVdWV0pIVWxkV01G
WkxaR3hrYzFwRVVscFdiRnBJVjJ0b1QxbFdTa1pUYkZaRVlYcEdXRlV5CmVHOVdiVXBJWVVod1Yw
MXFSbGhhUldSWFVqRk9jd3BhUm1OTFdXeFZkMlF4V2tWU2JHUlZUV3R3ZWxWWGVGZFViRXBaVkd0
NFJGcDYKTURsRFp6MDlDZz09Cg==

Vm0weGQxSXhiRmRYV0d4VVYwZDRWVll3WkRSV01WbDNXa1JTV0ZKc2JETlpWVlpQVjJ4YWMxTnNX
bGRTTTFKUVdWZDRTMk14WkhWaApSbHBYWWxkb01sWnJaSHBsUm1SSVZtdHNhZ3BTYldodlZGWm9R
MlZXV1hoWGJYUlVUVlpzTkZaSE5VdFhRWEJwVW01Q1dWZHNaREJaClYwbDRXa1prVm1FeVVsVlpi
RnBoVjBacmQxWnNaRmhSV0VKd1ZXcEtiMVpXV2xobFJ6bFNDbUpXV25wV01uUnJWMGRLV1ZWc1Zs
VlcKTTJoTVZUQmFjbVF4V25WVWJHUldWMFZLZGxkc1pEUlpWbFpIV2toT1lWSkZTbFZEYXpGWFUy
eG9WbUpIYUhwV01qRlhaRWRXUjFOcwpaRmNLWWxVd2QxWkVSbGRVTWtwelVXeFdUbEpZVGt4RFp6
MDlDZz09Cg==

Vm0xd1IxbFdXWGxUV0d4VVYwZDRWMVl3WkRSWFJsbDNZVVZPV2xac1NsWldSM1JQWVd4S2MxZHVh
RlpXYldoMlZrZHplRmRIVmtsagpSbWhvVFZoQ2VWWXhXbXRUTVZsNFZHNUtXQXBpUm5CWVdsZDBZ
V0l4WkZkVmEyUlVZbFphV0Zrd1ZsZFhRWEJwVWpKb1ZWWlhlRzlSCmJWWnpWMnRrV0dKWVVsVlVW
M2hMVTBacmQxWnVUbGRWV0VKdldsZDRZVlZHWkhOYVJFSlVDazFXU2xoVmJHaHpWMjFXZEdWR1Ns
ZFcKYlUwd1ZERldUMkpzUWxWTlJYTkxDZz09Cg==

Vm1wR1lWWXlTWGxUV0d4V1YwZDRXRll3YUVOWlZsSlZWR3RPYWxKc1duaFZWbWh2VkdzeFdHVklj
RmhoTVhCeVYxWmtTMVl4VG5KWApiRnBYWld0YWIxZFdVa2RUYlZaWFkwVldXQXBpUjJoVVZXeG9R
bVZzV2tkWGJYUlVUV3hLU0Zrd1ZuTldVWEJvWld4YVVGZHNaREJUCk1WSlhVbGhzV21WdGVGSldW
bU0wVDFWT2JsQlVNRXNLCg==

VmpGYVYySXlTWGxWV0d4WFYwaENZVlJVVGtOalJsWnhVVmhvVGsxWGVIcFhhMXByV1ZkS1YxTnJX
bFpXZWtab1dWUkdTbVZXY0VWWApiR2hUVWxoQmVsWkdXbXRUTWxKSFkwVnNWUXBoZWxaUFdsZDBT
MVJXUlhsWmVteFJWVmM0T1VOblBUMEsK

VjFaV2IySXlVWGxXV0hCYVRUTkNjRlZxUVhoTk1XeHpXa1prWVdKV1NrWlZWekZoWVRGSmVWcEVX
bGhTUlhBelZGWmtTMlJHY0VsVQphelZPWld0S1RWRXlZemxRVVc4OUNnPT0K

V1ZWb2IyUXlWWHBaTTNCcFVqQXhNMWxzWkZkYWJWSkZVVzFhYTFJeVpEWlhSRXAzVFZkS2RGcElU
azVOZWtKTVEyYzlQUW89Cg==

WVVob2QyVXpZM3BpUjAxM1lsZFdabVJFUW1aa1IyZDZXREp3TVdKdFpITk5NekJMQ2c9PQo=

YUhod2UzY3piR013YldWZmREQmZkR2d6WDJwMWJtZHNNMzBLCg==

aHhwe3czbGMwbWVfdDBfdGgzX2p1bmdsM30K

hxp{w3lc0me_t0_th3_jungl3}

So the flag is: hxp{w3lc0me_t0_th3_jungl3}