Cryptography and Encoding

More was written about this in the first CTF course, but long story short:

  • Don't try to decrypt HTTPS traffic
  • If the challenge says there is custom crypto, it's probably the thing you are supposed to attack
  • Most things are base64'd in web
  • URL encoding goes in the URL

Basic Access Authentication

Basic access authentication is a method for an HTTP user agent (e.g. a web browser) to provide a user name and password when making a request. In basic HTTP authentication, a request contains a header field in the form of Authorization: Basic , where credentials is the Base64 encoding of ID and password joined by a single colon :

Digest Access Authentication

Applies a hash function to the username and password before sending them over the network. If this is properly setup you won't break it.

Anything else using HTTPS is going to not be breakable.