If you would like to attempt this challenge for yourself, it can be found on the HackUCF website. It was developed with (and mostly by) Oreomeister for the October 8th HackUCF meeting.


The challenge gives us a long string made up of alphanumerical characters and select symbols. Noticing the trailing equal signs, I identified this as base64 and copied its contents into a file. From here, we can use the base64 command to decode it.

# Create a new file to store the base64 string
nano file.b64
# Convert into a decoded file
cat file.b64 | base64 -d > file.bin

This will output a file, file.bin. Now, we have to figure out what file this is to decode it. We can use the Unix file command for this, which tells us this is an ELF binary. chmod accordinly.

# Get file type
file file.bin
# Let us run the ELF binary.
chmod +x file.bin

Executing this binary yields the folloing output (user input in <angle brackets>):

$ ./file.bin
Welcome to HackUCF's first RE challenge :)
        Please enter the password to receive the flag: <password>
Sorry, wrong password :(

Now, we know we need a password to continue. I first run strings on the binary to see if anything pops out:

$ strings file.bin
/lib64/ld-linux-x86-64.so.2
mgUa
libc.so.6
puts
__stack_chk_fail
stdin
printf
fgets
calloc
strlen
memcpy
__cxa_finalize
strcmp
__libc_start_main
free
GLIBC_2.14
GLIBC_2.4
GLIBC_2.2.5
_ITM_deregisterTMCloneTable
__gmon_start__
_ITM_registerTMCloneTable
u+UH
[]A\A]A^A_
pass{i_d0nt_KnOw}
Welcome to HackUCF's first RE challenge :)
        Please enter the password to receive the flag:
You're getting there!
Sorry, wrong password :(
Congrats! You guessed the password correctly, so here's the flag: %s
:*3$"
GCC: (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0
[...truncated...]

We can see the string pass{i_d0nt_KnOw}. Let’s try that string:

$ ./file.bin
Welcome to HackUCF's first RE challenge :)
        Please enter the password to receive the flag: <pass{i_d0nt_KnOw}>
You're getting there!

We can see we are on the right track, but we’re missing something.