Previous Level Guide: Weak Passwords
Basic Authentication
Name: Basic Authentication Description: 📌 You capture a web request with the following Basic Auth string: cm9vdDphZG1pbg== What is the revealed username and password? Type: General Skills Challenge from: RSAC picoCTF 2025 Hints: 1. Do you know how basic authentication encodes credentials? 2. The right online tool makes this easy, chef
Theory
According to the description, to get the flag we have to reveal a username and password with a weird looking string. If you don't know what Base64 is, then you should check out other levels I've done on this, but yeah judging by how there's two equal signs at the end, which Base64 usually has either one or two, sometimes none, but not that common. And also that it has uppercase and lowercase letters and numbers which is another indicator of Base64. So, let's go to that website I always use for Base64 that I definitely recommend using no promo, and enter the string, decode it, and send it as challenge flag to check if it's correct.
Solution
So, if we go to the base64 decoding website and input that, we get:
BASE64 DECODE (Base64Decode.com) INPUT: cm9vdDphZG1pbg== OUTPUT: root:admin
And if we check it:
ENTER: root:admin Correct!
There we go! That's the flag.
Next Level Guide: Getting Help
https://rsac.picoctf.org/level/1/16