Hacking OWASP’s Juice Shop Pt. 42: Nested Easter Egg

Challenge: 

Name:  Nested Easter Egg

Description: Apply some advanced cryptanalysis to find the real easter egg.

Difficulty: 4 star

Category: Cryptographic Issues

Expanded Description: https://pwning.owasp-juice.shop/part2/cryptographic-issues.html

Tools used:

None.

Resources used:

Poison Null Byte && Easter Egg

Base64 Decoder

Caesar Decipher

Methodology:

*To solve this challenge, you must first have solved the Easter Egg challenge listed above in order to access the following text file.

"Congratulations, you found the easter egg! " 
- The incredibly funny developers 
Oh' wait, this isn't an easter egg at all! It's just a boring text file! The real easter egg can be found here: 
Pd1ci9xcmU"L251ci9fllYi9zaGFhbC9ndXJsL3V2cS9uYS9ybmzncmuvcnRøL2p2Z3V2YS9ndX1vcmfiZ3JIL3J0dA— 
Good luck, egg hunter!

Opening the Easter Egg file, there’s an obvious base64 string to decode. Base64 is easy to spot because it contains ‘=’ as padding. While it can also contain ‘+’ and ‘/’ as special characters, ‘=’ is a dead giveaway.

<img src="https://curiositykillscolby.files.wordpress.com/2020/12/image-19.jpeg?w=760&quot; alt="Decode from Base64 format Simply enter pur data then push the decode button. L2d1ci9xcmlmL251ci9mYi9zaGFhbC9ndXJsL3V2cS9uYS9ybmZncmUvcnROL2p2Z3V2YS9ndXlvcm5mZ3JlL3JOdA= O For encoded binaries (like images, documents, etc.) use the file upload form a bit further down on this page. UTF-8 v Source character set. D Decode each line separately (useful for multiple entries). O Live mode OFF

“/gur/qrif/ner/fb/shaal/gurl/uvq/na/rnfgre/rtt/jvguva/gur/rnfgre/rtt” is clearly a URL, but it is also clearly not accurately deciphered. This looks an awful lot like a rotating (or Caesar) cipher. Rather than writing a series of regex strings to sift through until I found the right rotation (even though I suspected ROT13 out of sheer popularity), I opted to use an online Caesar cipher tool to find the most likely URL.

DC 
Search for a tool 
C- 
SEARCH A TOOL ON ocoDE ay KEYWORDS: 
e.g. type random 
Results 
all shifts tæted, text is limited to a 
of To tl-e full ba:k with 
Ehift fw--Z in fm. 
/ th e/ devs / ar e/ so/ funny/th ey/h i d/ an / eas 
+13 
ter/egg/withi n/ the/ easter/egg 
CAESAR CIPHER 
Cryptography Substitution Cipher Caesar Cipher 
CAESAR CIPHER DECODER 
CAESAR SHIFTED CIPHERTEXT 
O KNOWING THE SHIFT: 3 
@TEST ALL POSSIBLE SHIFTS (BRUTE-FORCE ATTACK) 
See also: ROT Cipher 
DECRYPT CAESAR CODE 
Shift Cipher
ROT13 it is.

Copy and paste that URL to the end of the localhost address and get ready for the next challenge.

You successfully solved a challenge: Nested Easter Egg (Apply some advanced cryptanalysis to find the real easter egg.) X

Lessons Learned and Things Worth Mentioning: 

  1. I’ve apparently learned enough to be able to spot simple crypto algorithms at a glance, so that’s cool.
  2. Online tools that duplicate the functionality of OS-based tools like Burp are sometimes much more convenient. In this case I didn’t have Burp open, so rather than going through that process I just googled it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s