TLDR;
AES-CBC-CTR encryption method lets us determine the length of the plaintext, but not the content. Use the b64 properties to predict the position of the padding characters to get back the key and to decipher the flag.

[https://meashiri.github.io/ctf-writeups/posts/202306-dantectf/#diy-enc](https://meashiri.github.io/ctf-writeups/posts/202306-dantectf/#diy-enc)

Original writeup (https://meashiri.github.io/ctf-writeups/posts/202306-dantectf/#diy-enc).