daffainfo
/
ctf-writeup
mirror of https://github.com/daffainfo/ctf-writeup.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: added UMass CTF 2023

pull/1/head
Muhammad Daffa 2023-03-27 00:03:13 +07:00
parent 86cbaa8c79
commit 1e1458052b
9 changed files with 52 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -31,4 +31,5 @@ List of CTF events that i have joined before
| b01lers CTF 2023 | 18 March, 05:00 WIB — 20 March 2023, 05:00 WIB | [Link](/b01lers%20CTF%202023/) |
| OmWars CTF 2023 Quals | 18 March, 13:00 WIB — 19 March 2023, 01:00 WIB | [Link](/OmWars%20CTF%202023%20Quals/)
| Cyber Apocalypse 2023: The Cursed Mission | 18 March, 20:00 WIB — 23 March 2023, 19:59 WIB | [Link](/Cyber%20Apocalypse%202023%20The%20Cursed%20Mission/) |
| LINE CTF 2023 | 25 March, 07:00 WIB — 26 March 2023, 07:00 WIB | [Link](/LINE%20CTF%202023/)
| LINE CTF 2023 | 25 March, 07:00 WIB — 26 March 2023, 07:00 WIB | [Link](/LINE%20CTF%202023/)
| UMass CTF 2023 | 25 March, 06:00 WIB — 27 March 2023, 00:00 WIB | [Link](/UMass%20CTF%202023/)

BIN
UMass CTF 2023/Deepfried/DeepFried.zip Normal file
View File

Binary file not shown.

42
UMass CTF 2023/Deepfried/README.md Normal file
View File

@ -0,0 +1,42 @@
# Deepfried
> `-`
## About the Challenge
We have been given a source code (You can download the file [here](DeepFried.zip))
![preview](images/preview.png)
## How to Solve?
If we check the the source code, we will see there is a folder called `restriced_memes` and inside the folder there is an image called `TheFlag.jpg` so I'm assumming we need to access `/restricted_memes/TheFlag.jpg` to obtain the flag
![TheFlag](images/TheFlag_Image.png)
But we can't access that endpoint directly because that endpoint can only be accessed locally.
```javascript
router.all('/restricted_memes/:img', async (req,res, next)=>{
if(req.ip === '::ffff:127.0.0.1') {
next();
} else {
return res.status(403).send("Unauthorized Request");
}
})
```
So, the idea here. We need to input `http://127.0.0.1:3000/restricted_memes/TheFlag.jpg` in the `Image URL` form
![TheFlag](images/TheFlag.png)
As we can see in the image, the flag was located in `flag.txt` directory. So we need to input `http://127.0.0.1:3000/restricted_memes/flag.txt` in the `Image URL` form
![preview_flag](images/preview_flag.png)
Press `CTRL + U` to check the source code
![flag](images/flag.png)
You will see there is a Base64 string in `img` tag. Decode the msg using `Base64` Decoder to obtain the flag
```
UMASS{v@Mo$_APr0nTaR_1!i!I!}
```

BIN
UMass CTF 2023/Deepfried/images/TheFlag.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 185 KiB

BIN
UMass CTF 2023/Deepfried/images/TheFlag_Image.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 141 KiB

BIN
UMass CTF 2023/Deepfried/images/flag.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

BIN
UMass CTF 2023/Deepfried/images/preview.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

BIN
UMass CTF 2023/Deepfried/images/preview_flag.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.8 KiB

8
UMass CTF 2023/README.md Normal file
View File

@ -0,0 +1,8 @@
# UMass CTF 2023
CTF writeup for The UMass CTF 2023. I took part in this CTF competition with the TCP1P team, and got 15th place out of 571 teams
Thanks to the team especially @dimasma0305
| Category | Challenge |
| --- | --- |
| Web | [Deepfried](/UMass%20CTF%202023/Deepfried/)