feat: added BBCTF 2023

2023-02-05 13:33:43 +07:00 · 2023-02-05 13:33:43 +07:00 · 0defcd144a
parent e510464bfe
commit 0defcd144a
14 changed files with 133 additions and 0 deletions
--- a/pwn/README.md
+++ b/pwn/README.md
@ -0,0 +1,14 @@
+# Easy pwn
+> Easy memory corruption challenge.
+
+## About the Challenge
+We are given a file (You can get the file [here](ez_pwn.zip))
+
+## How to Solve?
+Input `AAAAAAAAsh` to popup a shell, and then go to `.the_flag_is_in_here` directory and read the flag by running `cat flag.txt` command
+
+![readflag](images/readflag.png)
+
+```
+flag{4_Cl45siC_M3mOry_COrrupt1ON}
+```
--- a/pwn/ez_pwn.zip
+++ b/pwn/ez_pwn.zip
--- a/pwn/images/readflag.png
+++ b/pwn/images/readflag.png
--- a/2023/Hi-Score/README.md
+++ b/2023/Hi-Score/README.md
@ -0,0 +1,14 @@
+# Hi-Score
+> Reach 100 clicks per second for a reward.
+
+## About the Challenge
+We are given a [web](http://chal.bbctf.fluxus.co.in:1003/) and we need to get 100 score to get the flag
+
+![preview](images/preview.png)
+
+## How to Solve?
+First open the source code and we will get an obfuscated js file (http://chal.bbctf.fluxus.co.in:1003/static/TheScript.js). And if we deobfuscate the code using [this](https://www.dcode.fr/javascript-unobfuscator) website. We will get path of the flag `/.secretion/flag`
+
+```
+flag{THAtS_15_A_SM4rT_m0ve}
+```
--- a/2023/Hi-Score/images/preview.png
+++ b/2023/Hi-Score/images/preview.png
--- a/Handling/README.md
+++ b/Handling/README.md
@ -0,0 +1,14 @@
+# Improper Error Handling
+> This website is giving errors. Can you figure it out ?
+
+## About the Challenge
+We are given a [web](http://web.bbctf.fluxus.co.in:1001/) where we can enter a `password` in the form. If the string is too short, an error will occur. However, if the string is long enough, the website will produce an encoded string.
+
+![preview](images/preview.png)
+
+## How to Solve?
+We just need to find the character limit so that the website doesn't produce an error. A string with 32 characters will reveal the flag. (For example AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA)
+
+```
+BBCTF{tHis_i5_1t_Y0u_CraCk3D_iT}
+```
--- a/Handling/images/preview.png
+++ b/Handling/images/preview.png
--- a/Life/README.md
+++ b/Life/README.md
@ -0,0 +1,18 @@
+# Meaning of Life
+> Senpai, what is the meaning of life ?
+
+## About the Challenge
+We are given a [web](http://misc.bbctf.fluxus.co.in:2002) where we can input some number in the form and there is a encoded base64 string. And if we decode the encoded msg we will be given a link to Rick Astley song
+
+![preview](images/preview.png)
+
+## How to Solve?
+First we need to search the title of the chall in google and we got the number `42`. Input `42` in the form and we will get a very different encoded msg
+```
+Hash Value : aHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj1GSVViUkprS2psRQ==
+```
+Decoding the msg will reveal a YouTube video with the title 'flag{}'. The song in the video is in Morse code. Use [this website](https://morsecode.world/international/decoder/audio-decoder-adaptive.html) to decode the Morse code and retrieve the flag.
+
+```
+flag{CIC4D4FLI35}
+```
--- a/Life/images/preview.png
+++ b/Life/images/preview.png
--- a/2023/README.md
+++ b/2023/README.md
@ -0,0 +1,13 @@
+# ByteBanditsCTF 2023
+CTF writeup for The ByteBandits CTF 2023. I took part in this CTF competition with the TCP1P team, and got 13th place out of 225 teams
+
+Thanks to the TCP1P team especially @dimasma0305 and @dRe
+
+| Category | Challenge
+| --- | --- |
+| Web | [Improper Error Handling](/KnightCTF%202023/GET%20Me/)
+| Web | [Hi-Score](/KnightCTF%202023/Hello/)
+| Pwn | [Easy pwn](/KnightCTF%202023/Factorie/)
+| Forensics | [Vastness of Space](/KnightCTF%202023/Encode%20Mania/)
+| Misc | [Meaning of Life](/KnightCTF%202023/I%20Love%20Pi/)
+| Misc | [Virus Attack](/KnightCTF%202023/Xorathrust/)
--- a/Space/Empty_Space.jpg
+++ b/Space/Empty_Space.jpg
--- a/Space/README.md
+++ b/Space/README.md
@ -0,0 +1,44 @@
+# Vastness of Space
+> Is space really that empty?
+
+## About the Challenge
+We are given a picture (You can find the file [here](Empty_Space.jpg)) and we need to extract the flag from that picture
+
+## How to Solve?
+First we can use Steganographic decoder, you can use https://futureboy.us/stegano/decinput.html or https://github.com/RickdeJager/stegseek and the password is `BBCTF` (You can get the password by checking the metadata `xp_comment: The password is "BBCTF"`).
+
+And we will get a list of number like this
+```
+11,8
+11,9
+11,10
+11,11
+11,12
+11,13
+11,14
+11,15
+...
+```
+Create a python code using matplotlib package like this
+```python
+import numpy as np
+import matplotlib.pyplot as plt
+
+data = np.genfromtxt("file.txt", delimiter=",")
+
+num = data[:,0]
+data = data[:,1]
+
+plt.plot(num,data, 'ro')
+
+plt.xlabel('x')
+plt.ylabel('y')
+plt.show()
+```
+After we run the code, the QR code will appear
+![qr](images/qr.png)
+
+And we decode the QR code using https://zxing.org/w/decode for example, we will get the flag
+```
+flag{qUiCk_R3sP0nse_c0d3}
+```
--- a/Space/images/qr.png
+++ b/Space/images/qr.png
--- a/Attack/README.md
+++ b/Attack/README.md
@ -0,0 +1,16 @@
+# Virus Attack
+> One day they woke me up, so I could live forever But immortality's a curse, now forever I'll endure
+
+## About the Challenge
+This chall is about pyjail. We need to connect first to `nc misc.bbctf.fluxus.co.in 2001` and then escape from python sandbox
+
+## How to Solve?
+To escape the python sandbox, the payload will looks like this
+```python
+[*().__class__.__base__.__subclasses__()[50+50+37].__init__.__globals__.values()][47]([].__doc__[5+5+7::79])
+```
+Inspired by https://okman.gitbook.io/okman-writeups/miscellaneous-challenges/redpwnctf-albatross writeup, but there are some modification because the program will not run if we input number `1` and `8`.
+
+```
+flag{S0_YoU_KN0W_How_70_m0d1fy_vARi@bl35_1n_Py}
+```