feat: added VU CYBERTHON 2023

VU CYBERTHON 2023/Based on the analysis of the video file 20221015_173902.mp4, please provide the GPS coordinates of the possible place, where video was recorded/README.md

@@ -0,0 +1,18 @@
+# Based on the analysis of the video file 20221015_173902.mp4, please provide the GPS coordinates of the possible place, where video was recorded
+> Based on the analysis of the video file 20221015_173902.mp4, please provide the GPS coordinates of the possible place, where video was recorded
+
+## About the Challenge
+We need to find the location of the video
+
+## How to Solve?
+First i export the file from FTK Imager (You can find the file on `/root/media/0/Download` folder)
+
+![preview](images/extract.png)
+
+After that, check the metadata using `exiftool`. There is GPS location in the metadata
+
+![metadata](images/metadata.png)
+
+```
+54.8263, 25.4083
+```

VU CYBERTHON 2023/Based on the review of the media files, please provide the GPS coordinates of the possible meeting point/README.md

@@ -0,0 +1,14 @@
+# Based on the review of the media files, please provide the GPS coordinates of the possible meeting point
+> Based on the review of the media files, please provide the GPS coordinates of the possible meeting point
+
+## About the Challenge
+We need to know the meeting point coordinates
+
+## How to Solve?
+There is a picture that leaked the meeting point latitude and longitude (You can find the file on `/root/media/0/Screenshots` folder)
+
+![location](images/location.png)
+
+```
+54.537718, 25.680509
+```

VU CYBERTHON 2023/Blue Baby Shark/README.md

@@ -0,0 +1,18 @@
+# Blue Baby Shark
+> I got recomendation from one of our common acquaintance. I’m a new into all of this CTF stuff. I g...
+
+## About the Challenge
+We have been given a pcapng file and we need to find the flag there (You can find the file [here](Blue%20Baby%20Shark.pcapng))
+
+## How to Solve?
+I open the file using `Wireshark` and using `frame contains "vu"` filters to find the packet that contains `vu` string. And then there are 4 packets that contains `vu` string.
+
+![filters](images/filters.png)
+
+I press the `Follow TCP` on packet 32835 and we will find the flag on `vu` user
+
+![flag](images/flag.png)
+
+```
+VU{b4by_5h4rk_fly_4w4y}
+```

VU CYBERTHON 2023/Docker Web/README.md

@@ -0,0 +1,18 @@
+# Docker Web
+`-`
+
+## About the Challenge
+We are given a zip code that contain linux directories
+
+![preview](images/preview.png)
+
+## How to Solve?
+Open the index.html file on `/var/www/html` directories and you will notice there is a base64 encoded msg in line `21`
+
+![base64](images/base64.png)
+
+And if you decode it, you will get the flag
+
+```
+vu-cyberthon-23
+```

VU CYBERTHON 2023/Find ICCID Number/README.md

@@ -0,0 +1,14 @@
+# Find ICCID Number
+`-`
+
+## About the Challenge
+We need to find the ICCID Number
+
+## How to Solve?
+We can get the ICCID Number in the `root/media/0/Download` directory and find `20221017_141522.jpg` file
+
+![iccid](images/iccid.png)
+
+```
+89370038009021791031
+```

VU CYBERTHON 2023/Find MSISDN Number/README.md

@@ -0,0 +1,14 @@
+# Find MSISDN Number
+`-`
+
+## About the Challenge
+We need to find the MSISDN Number
+
+## How to Solve?
+We can get the MSISDN Number in the `root/media/0/Download` directory and find `20221017_145325.jpg` file
+
+![msisdn](images/msisdn.png)
+
+```
+89370038009021791031
+```

VU CYBERTHON 2023/Find location/README.md

@@ -0,0 +1,14 @@
+# Find location
+> Find the flag in the photo location
+
+## About the Challenge
+We have been a given a photo and we need to find the flag there (You can get the picture [here](Location.jpeg))
+
+## How to Solve?
+Check the metadata to get the flag
+
+![flag](images/flag.png)
+
+```
+VU{d5bc0961009b25633293206cde4ca1e0}
+```

VU CYBERTHON 2023/How much dollars the seized weapons (stuff) may have cost/README.md

@@ -0,0 +1,14 @@
+# How much dollars the seized weapons (stuff) may have cost
+> How much dollars the seized weapons (stuff) may have cost?
+
+## About the Challenge
+We need to find how much dollars the seized weapons (stuff) may have cost
+
+## How to Solve?
+There is a picture that leaked the cost (You can find the file on `/root/media/0/Screenshots` folder)
+
+![picture](images/picture.png)
+
+```
+95000
+```

VU CYBERTHON 2023/README.md

@@ -0,0 +1,22 @@
+# VU CYBERTHON 2023
+CTF writeup for VU CYBERTHON 2023. I took part in this CTF competition with the TCP1P team, and got 15th place out of 895 teams
+
+Thanks to the TCP1P team especially @dimasma0305, @godmadoka, and @dRe
+
+| Category | Challenge
+| --- | --- |
+| Cryptography, Web Exploitation | [Simple Web](/VU%20CYBERTHON%202023/Simple%20Web/)
+| Network Security | [Blue Baby Shark](/VU%20CYBERTHON%202023/Blue%20Baby%20Shark/)
+| OSINT | [RFC standard for security policy information](/VU%20CYBERTHON%202023/RFC%20standard%20for%20security%20policy%20information/)
+| OSINT | [Find location](/VU%20CYBERTHON%202023/Find%20location/)
+| Digital Forensics | [What is SHA1 checksum of image file blk0_mmcblk0.bin ?](/VU%20CYBERTHON%202023/What%20is%20SHA1%20checksum%20of%20image%20file%20blk0_mmcblk0.bin/)
+| Digital Forensics | [What is the name of the largest partition?](/VU%20CYBERTHON%202023/What%20is%20the%20name%20of%20the%20largest%20partition/)
+| Digital Forensics | [What email address is setup on com.android.email service?](/VU%20CYBERTHON%202023/What%20email%20address%20is%20setup%20on%20com.android.email%20service/)
+| Digital Forensics | [What is the brand (vendor) of phone?](/VU%20CYBERTHON%202023/What%20is%20the%20brand%20(vendor)%20of%20phone/)
+| Digital Forensics | [What is the name of WhatsApp user which has phone number +37062166565?](/VU%20CYBERTHON%202023/What%20is%20the%20name%20of%20WhatsApp%20user%20which%20has%20phone%20number%20%2B37062166565/)
+| Digital Forensics | [How much dollars the seized weapons (stuff) may have cost?](/VU%20CYBERTHON%202023/How%20much%20dollars%20the%20seized%20weapons%20(stuff)%20may%20have%20cost/)
+| Digital Forensics | [What tank specs the user was looking for?](/VU%20CYBERTHON%202023/What%20tank%20specs%20the%20user%20was%20looking%20for/)
+| Digital Forensics | [What web address was provided for a company that can rent cargo planes?](/VU%20CYBERTHON%202023/What%20web%20address%20was%20provided%20for%20a%20company%20that%20can%20rent%20cargo%20planes/)
+| Digital Forensics | [What is a name of video file which is related with tanks?](/VU%20CYBERTHON%202023/What%20is%20a%20name%20of%20video%20file%20which%20is%20related%20with%20tanks/)
+| Digital Forensics | [Based on the analysis of the video file 20221015_173902.mp4, please provide the GPS coordinates of the possible place, where video was recorded?](/VU%20CYBERTHON%202023/Based%20on%20the%20analysis%20of%20the%20video%20file%2020221015_173902.mp4%2C%20please%20provide%20the%20GPS%20coordinates%20of%20the%20possible%20place%2C%20where%20video%20was%20recorded/)
+| Digital Forensics | [Based on the review of the media files, please provide the GPS coordinates of the possible meeting point.](/VU%20CYBERTHON%202023/Based%20on%20the%20review%20of%20the%20media%20files%2C%20please%20provide%20the%20GPS%20coordinates%20of%20the%20possible%20meeting%20point/)

VU CYBERTHON 2023/RFC standard for security policy information/README.md

@@ -0,0 +1,14 @@
+# RFC standard for security policy information
+> The Lithuanian company Altacom uses one of the latest RFC standard formats for presenting security p...
+
+## About the Challenge
+We need to know the email that company use to receive vulnerability report
+
+## How to Solve?
+After finding about Altacom company on google, I found the official website (https://www.altacom.eu/). And if we want to know the email that company use to receive vulnerability report, you can access `/.well-known/security.txt` endpoint
+
+![email](images/email.png)
+
+```
+report@altacom.eu
+```

VU CYBERTHON 2023/Simple Web/README.md

@@ -0,0 +1,18 @@
+# Simple Web
+`-`
+
+## About the Challenge
+We are given a zip code that contain HTML file inside of it
+
+![preview](images/preview.png)
+
+## How to Solve?
+If we open the HTML file and check the source code, you will found brainfuck language
+
+![brainfuck](images/brainfuck.png)
+
+And if you decode it, you will get the flag
+
+```
+cyberthon
+```

VU CYBERTHON 2023/What email address is setup on com.android.email service/README.md

@@ -0,0 +1,18 @@
+# What email address is setup on com.android.email service
+> What email address is setup on com.android.email service?
+
+## About the Challenge
+We need to find the email address that set up on com.android.email
+
+## How to Solve?
+We need to find the email by get the SQLite Database first from `/root/data/com.android.email/databases/Emailprovider.db`
+
+![exports](images/exports.png)
+
+Open the SQLite database using `DB Browser for SQlite` and import the database. In the `Account` table, we can see the email
+
+![email](images/email.png)
+
+```
+Joohnnycash7@gmail.com
+```

VU CYBERTHON 2023/What is SHA1 checksum of image file blk0_mmcblk0.bin/README.md

@@ -0,0 +1,14 @@
+# What is SHA1 checksum of image file blk0_mmcblk0.bin
+> What is SHA1 checksum of image file blk0_mmcblk0.bin?
+
+## About the Challenge
+We need to get the SHA1 checksum of the image file
+
+## How to Solve?
+Im using FTK Imager to get the SHA1 checksum by using `Verify Drive / Image` function
+
+![verify](images/verify.png)
+
+```
+5377521a476be72837053390b24bc167d8f9182c
+```

VU CYBERTHON 2023/What is a name of audio file which is related with rifles/README.md

@@ -0,0 +1,14 @@
+# What is a name of audio file which is related with rifles
+> What is a name of audio file which is related with rifles?
+
+## About the Challenge
+We need to find the name and the extensions of file which is talking about rifles
+
+## How to Solve?
+There is a picture that related to rifles (You can find the file on `/root/media/0/Telegram/Telegram Audio` folder)
+
+![rifle](images/rifle.png)
+
+```
+4_5956573053423979339.ogg
+```

VU CYBERTHON 2023/What is a name of video file which is related with tanks/README.md

@@ -0,0 +1,14 @@
+# What is a name of video file which is related with tanks
+> What is a name of video file which is related with tanks?
+
+## About the Challenge
+We need to find the name and the extensions of file which is related with tanks
+
+## How to Solve?
+There is a picture that related to tanks (You can find the file on `/root/media/0/Downloads` folder)
+
+![tanks](images/tanks.png)
+
+```
+tanks.mp4
+```

VU CYBERTHON 2023/What is the brand (vendor) of phone/README.md

@@ -0,0 +1,14 @@
+# What is the brand (vendor) of phone
+> What is the brand (vendor) of phone?
+
+## About the Challenge
+We need to find the brand of the phone
+
+## How to Solve?
+I can get the vendor of the phone because I found the package name on `/root/data/` directory
+
+![vendor](images/samsung.png)
+
+```
+Samsung
+```

VU CYBERTHON 2023/What is the model of the phone/README.md

@@ -0,0 +1,14 @@
+# What is the model of the phone
+> What is the model of the phone?
+
+## About the Challenge
+We need to find the the model of the phone
+
+## How to Solve?
+There is a picture that related to rifles (You can find the file on `system/root/SW_Configuration.xml`)
+
+![model](images/model.png)
+
+```
+SM-G530FZ
+```

VU CYBERTHON 2023/What is the name of WhatsApp user which has phone number +37062166565/README.md

@@ -0,0 +1,18 @@
+# What is the name of WhatsApp user which has phone number +37062166565
+> What is the name of WhatsApp user which has phone number +37062166565?
+
+## About the Challenge
+We need to find the name of WhatsApp user
+
+## How to Solve?
+We need to find the email by get the SQLite Database first from `/root/data/com.whatsapp/databases/wa.db`
+
+![exports](images/exports.png)
+
+Open the SQLite database using `DB Browser for SQlite` and import the database. In the `wa_contacts` table, we can see the email
+
+![contacts](images/contacts.png)
+
+```
+Marcus
+```

VU CYBERTHON 2023/What is the name of the largest partition/README.md

@@ -0,0 +1,12 @@
+# What is the name of the largest partition
+> What is the name of the largest partition?
+
+## About the Challenge
+We need to find the name of the largest partition
+
+## How to Solve?
+Just use the FTK Imager and find the name of the largest partition
+
+```
+userdata
+```

VU CYBERTHON 2023/What is the name of the username telegram/README.md

@@ -0,0 +1,18 @@
+# What is the name of the username telegram
+> What is the name of the username telegram?
+
+## About the Challenge
+We need to find the name of the username telegram
+
+## How to Solve?
+Go to `root/data/org.telegram.mesengger.web/files` (Don't check `org.telegram.mesengger`). And then extract `cache4.db` file
+
+![extract](images/extract.png)
+
+Open the db file using `DB Browser for SQLite` and then find `users` table and you will find the uid
+
+![sqlite](images/sqlite.png)
+
+```
+5719323092
+```

VU CYBERTHON 2023/What tank specs the user was looking for/README.md

@@ -0,0 +1,14 @@
+# What tank specs the user was looking for
+> What tank specs the user was looking for?
+
+## About the Challenge
+We need to find the tank specs
+
+## How to Solve?
+I got the tanks specs in WhatsApp message (You can get the file in `/root/data/com.whatsapp/databases/msgstore.db`). Find in `message` table
+
+![sqlite](images/sqlite.png)
+
+```
+t14 armata
+```

VU CYBERTHON 2023/What web address was provided for a company that can rent cargo planes/README.md

@@ -0,0 +1,14 @@
+# What web address was provided for a company that can rent cargo planes
+> What web address was provided for a company that can rent cargo planes?
+
+## About the Challenge
+We need to find the web address
+
+## How to Solve?
+I got the web address in WhatsApp message (You can get the file in `/root/data/com.whatsapp/databases/msgstore.db`). Find in `message` table
+
+![sqlite](images/sqlite.png)
+
+```
+https://www.aircharterservice.com
+```