2026-04-25 MetaCTF easy 100 pts

MetaCTF - Not So Private Browsing 1

cryptorot13encodingosint

A leaked CyberCorp memo contained a ROT13-encoded password. Recognizing the cipher and decoding it with CyberChef recovered the flag.

Challenge

Platform: MetaCTF Category: Crypto Points: 100

CyberCorp had come under FBI investigation. The DOJ obtained a memo they believed contained the password to a secure website CyberCorp was using to facilitate criminal activity. The challenge asked us to crack the code in the memo.

MetaCTF challenge card for Not So Private Browsing 1 showing 100 points and solved by 912 teams

Challenge card – 100 points, solved by 912 teams

The Memo

Following the link in the challenge brought up an internal CyberCorp memo from the IT Department to the Marketing Department, dated February 1st, 2021. The subject was “Blog Private Viewing Password.”

The memo stated that the blog platform password was encrypted using “a cipher agreed upon at our last meeting” and included the following code:

ZrgnPGS{uvtu_frphevgl_vf_bhe_gbc_cevbevgl}
CyberCorp internal memo containing the ROT13-encoded password code

The leaked memo – password protected with a cipher agreed upon at a prior meeting

Analysis

A few things stood out immediately:

  • The ciphertext starts with ZrgnPGS{ - the structure looks like a flag format with the prefix encoded
  • The curly braces and underscores are untouched, consistent with a simple substitution cipher that skips non-alpha characters
  • The phrase “cipher agreed upon at our last meeting” suggests something well-known and simple rather than a custom algorithm

The { and } wrapper and the underscore-separated words pointed strongly to ROT13 - a Caesar cipher with a shift of 13. ROT13 is self-inverse and was commonly used as a trivial obfuscation method. Applying it to ZrgnPGS gives MetaCTF, confirming the guess immediately.

Decoding

ROT13 was applied to the full ciphertext using CyberChef:

  • Recipe: ROT13 (rotate lowercase, rotate uppercase, shift 13)
  • Input: ZrgnPGS{uvtu_frphevgl_vf_bhe_gbc_cevbevgl}
  • Output: MetaCTF{[redacted]}
CyberChef showing ROT13 applied to the encoded ciphertext with the MetaCTF flag as output

CyberChef ROT13 decode – flag recovered from the memo ciphertext

Result

MetaCTF previous submissions tab showing the flag submission marked as Correct

Flag submitted and marked correct

Takeaways

  • ROT13 and other Caesar ciphers provide no real security - they are trivially reversible without a key.
  • The structure of the ciphertext (flag format, preserved punctuation) gave away the cipher type before any tooling was needed.
  • CyberChef is an effective first tool for quick encoding and cipher identification when the algorithm is unknown.