Alien Cradle [Cyber Apocalypse 2023]

As with most challenges, we start by reading the description.

The description mentions a PowerShell script that is supposedly downloading something as part of its execution. However, the more important part here, is that it mentions that the script seems to be obfuscated. Further inspection of the script could show us where to start in reversing the supposed obfuscation.

Upon inspecting the powershell script, we can see some parts of the format of the flag for this CTF (HTB{flag}). We can copy the part that contains the elements of the flag and clean up all the extra characters to give us the flag.

💡 HTB{p0w3rsh3ll_Cr4dl3s_c4n_g3t_th3_j0b_d0n3}