Obfuscation Station was a Forensics challenge released on Day #13 of the Huntress Labs Capture the Flag (CTF) competition. We were provided a Zip archive containing a PowerShell script, chal.ps1, and tasked with decoding the script to find the flag.
Opening the file showed a single line of PowerShell with a calls to IO modules which indicate the string is Base64-encoded and compressed:
We then used Python to reverse the encoding and compression to get the flag:
import zlib
import base64
base64_string = "UzF19/UJV7BVUErLSUyvNk5NMTM3TU0zMDYxNjSxNDcyNjexTDY2SUu0NDRITDWpVQIA"
compressed_data = base64.b64decode(base64_string)
# 'wbits=-zlib.MAX_WBITS' needed when a raw deflate stream is used
decompressed_data = zlib.decompress(compressed_data, wbits=-zlib.MAX_WBITS)
original_text = decompressed_data.decode('ascii')
print(original_text)
flag{3ed675ef0343149723749c34fa910ae4}
