OverTheWire Bandit: Level 10 to Level 11
The Goal
The password is stored in data.txt as base64 encoded data. Decode it.
What I Did
Checked the man page for base64 to find the decode flag:
1
bandit10@bandit:~$ man base64
Found -d for decode. Applied it directly:
1
2
bandit10@bandit:~$ base64 -d data.txt
The password is pYfOY6HwUsDj5rL9UvyhU7MCmv8vN5Ro
Done.
What is Base64
Base64 is an encoding scheme — not encryption. The distinction matters:
- Encryption scrambles data so it cannot be read without a key
- Encoding converts data into a different format for transmission or storage — no key needed, anyone can decode it
Base64 converts binary data into a string of 64 printable ASCII characters: A-Z, a-z, 0-9, +, and /. The = at the end is padding to make the output a multiple of 4 characters.
It exists because many systems — email protocols, URLs, HTTP headers — were designed to handle text only. If you need to send binary data (an image, a file, raw bytes) through a text-only channel, you encode it as base64 first.
Base64 encoded data is immediately recognisable — it looks like a long string of random-looking letters and numbers, often ending in one or two = signs:
1
SGVsbG8gV29ybGQ=
That decodes to Hello World.
What I Learned
Base64 is encoding, not encryption. Seeing base64 in a real-world context doesn’t mean data is protected — it just means it was formatted for text transmission. It’s trivial to decode.
base64 -d decodes, base64 alone encodes. The default behaviour without flags is to encode. Always check the man page when you’re not sure which direction a tool goes by default.
Recognising encoding schemes matters in security. When you encounter unknown data — in a CTF, in malware analysis, in a network capture — being able to identify that something is base64 encoded is the first step to extracting what’s actually inside.
Commands Used
| Command | What it did |
|---|---|
man base64 | Found the -d flag for decoding |
base64 -d data.txt | Decoded the base64 content and printed the password |