$flag
"; +} else { + // Display the source code for this file + echo "$flag
"; +} +``` + +The location of the flag is `flag.txt` not `/flag.txt`. So, you can read the flag directly by accessing http://idoriot.chal.imaginaryctf.org/flag.txt + + + +``` +ictf{1ns3cure_direct_object_reference_from_hidden_post_param_i_guess} +``` \ No newline at end of file diff --git a/ImaginaryCTF 2023/Idoriot/images/flag.png b/ImaginaryCTF 2023/Idoriot/images/flag.png new file mode 100644 index 0000000..d3cb470 Binary files /dev/null and b/ImaginaryCTF 2023/Idoriot/images/flag.png differ diff --git a/ImaginaryCTF 2023/Idoriot/images/login.png b/ImaginaryCTF 2023/Idoriot/images/login.png new file mode 100644 index 0000000..6956342 Binary files /dev/null and b/ImaginaryCTF 2023/Idoriot/images/login.png differ diff --git a/ImaginaryCTF 2023/Idoriot/images/register.png b/ImaginaryCTF 2023/Idoriot/images/register.png new file mode 100644 index 0000000..d03a68e Binary files /dev/null and b/ImaginaryCTF 2023/Idoriot/images/register.png differ diff --git a/ImaginaryCTF 2023/Idoriot/images/source_code.png b/ImaginaryCTF 2023/Idoriot/images/source_code.png new file mode 100644 index 0000000..15905a8 Binary files /dev/null and b/ImaginaryCTF 2023/Idoriot/images/source_code.png differ diff --git a/ImaginaryCTF 2023/README.md b/ImaginaryCTF 2023/README.md new file mode 100644 index 0000000..ca7ae58 --- /dev/null +++ b/ImaginaryCTF 2023/README.md @@ -0,0 +1,9 @@ +# ImaginaryCTF 2023 +CTF writeup for The ImaginaryCTF 2023. I took part in this CTF competition with the TCP1P team, and got 21th place out of 879 teams + +| Category | Challenge | +| --- | --- | +| Web | [Idoriot](/ImaginaryCTF%202023/Idoriot/) +| Web | [roks](/ImaginaryCTF%202023/roks/) +| Crypto | [rsa](/ImaginaryCTF%202023/rsa/) +| Forensic | [web](/ImaginaryCTF%202023/web/) \ No newline at end of file diff --git a/ImaginaryCTF 2023/roks/README.md b/ImaginaryCTF 2023/roks/README.md new file mode 100644 index 0000000..3066106 --- /dev/null +++ b/ImaginaryCTF 2023/roks/README.md @@ -0,0 +1,42 @@ +# roks +> My rock enthusiast friend made a website to show off some of his pictures. Could you do something with it? + +## About the Challenge +We have been given a source code (You can download the source code [here](roks.zip)) and we got the website too. Here is the preview of the website + + + +There is one button which will generate rock images by hitting `/file.php?image` endpoint. And as you can see in the network tab, `image7` is a file name. Which is we can predict this chall was about path traversal vulnerability + +## How to Solve? +Let's check the source code! There are 2 files, `index.php` and `file.php`. Here is the content of `file.php` + +```php + +``` + +This PHP script takes a file name from the parameter called `file`, checks if there is `.` or `/` in the value of the parameter, and serves the corresponding image file with the correct MIME content type. If it detects an unsafe file name, it serves a default image instead. And as you can see, this code was vulnerable to path traversal, but this code using `urldecode()` PHP function twice. That's why to do path traversal, we need to URL encode our payload three times + +``` +http://roks.chal.imaginaryctf.org/file.php?file=%2525%2532%2565%2525%2532%2565%2525%2532%2566%2525%2532%2565%2525%2532%2565%2525%2532%2566%2525%2532%2565%2525%2532%2565%2525%2532%2566%2525%2532%2565%2525%2532%2565%2525%2532%2566flag%25252Epng +``` + +Open the URL in your browser and then you will get a flag in the form of an image + + + +``` +ictf{tr4nsv3rs1ng_0v3r_r0k5_6a3367} +``` \ No newline at end of file diff --git a/ImaginaryCTF 2023/roks/images/flag.png b/ImaginaryCTF 2023/roks/images/flag.png new file mode 100644 index 0000000..b582c91 Binary files /dev/null and b/ImaginaryCTF 2023/roks/images/flag.png differ diff --git a/ImaginaryCTF 2023/roks/images/preview.png b/ImaginaryCTF 2023/roks/images/preview.png new file mode 100644 index 0000000..2c1edf7 Binary files /dev/null and b/ImaginaryCTF 2023/roks/images/preview.png differ diff --git a/ImaginaryCTF 2023/roks/roks.zip b/ImaginaryCTF 2023/roks/roks.zip new file mode 100644 index 0000000..54e775e Binary files /dev/null and b/ImaginaryCTF 2023/roks/roks.zip differ diff --git a/ImaginaryCTF 2023/rsa/README.md b/ImaginaryCTF 2023/rsa/README.md new file mode 100644 index 0000000..f16d5c8 --- /dev/null +++ b/ImaginaryCTF 2023/rsa/README.md @@ -0,0 +1,14 @@ +# rsa +> I think I did my RSA right... + +## About the Challenge +We got 3 files, `flag.enc`, `public.pem` and `private.pem`. And we need to decrypt the `flag.enc` + +## How to Solve? +Well, because we've got the private key, we can decrypt file directly. In this case im using `CyberChef` to decrypt the flag + + + +``` +ictf{keep_your_private_keys_private} +``` \ No newline at end of file diff --git a/ImaginaryCTF 2023/rsa/images/flag.png b/ImaginaryCTF 2023/rsa/images/flag.png new file mode 100644 index 0000000..5a31b42 Binary files /dev/null and b/ImaginaryCTF 2023/rsa/images/flag.png differ diff --git a/ImaginaryCTF 2023/web/README.md b/ImaginaryCTF 2023/web/README.md new file mode 100644 index 0000000..b441472 --- /dev/null +++ b/ImaginaryCTF 2023/web/README.md @@ -0,0 +1,32 @@ +# web +> We recovered this file from the disk of a potential threat actor. Can you find out what they were up to? + +## About the Challenge +We got a zip file (You can download the file [here](web.zip)) and it contains a mozilla firefox data + + + +## How to Solve? +We need to import the data first in our mozilla, but how? First, access `C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles` if you are using + + + +And then copy `8ubdbl3q.default` into the `Profiles` folder, and then you need to adjust the profile name on `profile.ini` file, the file location is in `C:\Users\test\AppData\Roaming\Mozilla\Firefox\` + + + +And then, open Mozilla and check the history browser by pressing `Ctrl + H` + + + +Hmm what is `PALMS Backchannel Chat`? Lets open the website + + + +The room name was very suspicious and there was an autofill password. Login into the room using the password to obtain the flag + + + +``` +ictf{behold_th3_forensics_g4untlet_827b3f13} +``` \ No newline at end of file diff --git a/ImaginaryCTF 2023/web/images/flag.png b/ImaginaryCTF 2023/web/images/flag.png new file mode 100644 index 0000000..e50a78a Binary files /dev/null and b/ImaginaryCTF 2023/web/images/flag.png differ diff --git a/ImaginaryCTF 2023/web/images/history.png b/ImaginaryCTF 2023/web/images/history.png new file mode 100644 index 0000000..16ed00a Binary files /dev/null and b/ImaginaryCTF 2023/web/images/history.png differ diff --git a/ImaginaryCTF 2023/web/images/preview.png b/ImaginaryCTF 2023/web/images/preview.png new file mode 100644 index 0000000..42b2e1e Binary files /dev/null and b/ImaginaryCTF 2023/web/images/preview.png differ diff --git a/ImaginaryCTF 2023/web/images/profile.png b/ImaginaryCTF 2023/web/images/profile.png new file mode 100644 index 0000000..58ad7e9 Binary files /dev/null and b/ImaginaryCTF 2023/web/images/profile.png differ diff --git a/ImaginaryCTF 2023/web/images/profile_ini.png b/ImaginaryCTF 2023/web/images/profile_ini.png new file mode 100644 index 0000000..f42b3c6 Binary files /dev/null and b/ImaginaryCTF 2023/web/images/profile_ini.png differ diff --git a/ImaginaryCTF 2023/web/images/website.png b/ImaginaryCTF 2023/web/images/website.png new file mode 100644 index 0000000..9149856 Binary files /dev/null and b/ImaginaryCTF 2023/web/images/website.png differ diff --git a/ImaginaryCTF 2023/web/web.zip b/ImaginaryCTF 2023/web/web.zip new file mode 100644 index 0000000..e44563d Binary files /dev/null and b/ImaginaryCTF 2023/web/web.zip differ diff --git a/README.md b/README.md index dce79b2..b5e071a 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,26 @@ # CTF Writeup This repository shall comprise writeups concerning Capture The Flag (CTF) competitions that I have undertaken. In the past, I participated in local CTF events in 2021; however, after participating in several of them, I did not take part in any further CTF competitions. In 2023, I made the decision to redo CTF from the beginning, and thus created this repository with the aim of assisting other CTF players in comprehending how to solve each challenge. +## Stats +This is a list of wins we have achieved while participating in several CTF competitions + +### Total Writeups +There are __396__ writeups that have been made in this repository + +### CTF Competitions + +| Event Name | Team | Ranking | +| ---------- | ---- | ------- | +| The Odyssey CTF | aseng_fans_club | 1 | +| BDSec CTF 2023 | HCS | 1 | +| 0xLaugh CTF 2023 | TCP1P | 2 | + +### Writeup Competitions + +| Event Name | Team | +| ---------- | ---- | +| UIUCTF 2023 | TCP1P | + ## List CTF List of CTF events that i have joined before diff --git a/VU CYBERTHON 2023/Based on the analysis of the video file 20221015_173902.mp4, please provide the GPS coordinates of the possible place, where video was recorded/README.md b/VU CYBERTHON 2023/Based on the analysis of the video file 20221015_173902.mp4, please provide the GPS coordinates of the possible place, where video was recorded/README.md index 1153c08..cae1307 100644 --- a/VU CYBERTHON 2023/Based on the analysis of the video file 20221015_173902.mp4, please provide the GPS coordinates of the possible place, where video was recorded/README.md +++ b/VU CYBERTHON 2023/Based on the analysis of the video file 20221015_173902.mp4, please provide the GPS coordinates of the possible place, where video was recorded/README.md @@ -1,5 +1,9 @@ # Based on the analysis of the video file 20221015_173902.mp4, please provide the GPS coordinates of the possible place, where video was recorded -> Based on the analysis of the video file 20221015_173902.mp4, please provide the GPS coordinates of the possible place, where video was recorded +> The main task is to perform the forensic information technology examination on the acquired image of mobile phone. Two suspects (two men) were arrested near Lithuanian and Republic of Belarus border. The truck with stored weapons was taken. During the seizure, a mobile phone without identification tags was founded on the ground near the truck. A criminal case has been opened related to the international illegal arms trade. Please help to find the relevant information for the case, examine the digital dump acquired from the seized phone memory and answer the questions below. + +> GPS coordinates. From investigators of the current case, it was determined that the cargo truck recorded in the video file userdata\media\0\Download\20221015_173902.mp4 is the same one that was detained at the time of the crime. Analyze this file and answer the question below. + +> Based on the analysis of the video file 20221015_173902.mp4, please provide the GPS coordinates of the possible place, where video was recorded? (please provide the GPS Latitude and Longitude in decimal degrees format (dd.dddd, dd.dddd). ## About the Challenge We need to find the location of the video diff --git a/VU CYBERTHON 2023/Blue Baby Shark/README.md b/VU CYBERTHON 2023/Blue Baby Shark/README.md index 2a14cb8..2ff07ba 100644 --- a/VU CYBERTHON 2023/Blue Baby Shark/README.md +++ b/VU CYBERTHON 2023/Blue Baby Shark/README.md @@ -1,5 +1,7 @@ # Blue Baby Shark -> I got recomendation from one of our common acquaintance. I’m a new into all of this CTF stuff. I g... +> Hello Stranger! + +> I got recomendation from one of our common acquaintance. I’m a new into all of this CTF stuff. I got stuck with one challange and I’m not that skilled wit the network traffic analysis. Would you be able to help me out with this partiucalr CTF and find the flag? Only hint I have so far is that one machine was compromised. ## About the Challenge We have been given a pcapng file and we need to find the flag there (You can find the file [here](Blue%20Baby%20Shark.pcapng)) diff --git a/VU CYBERTHON 2023/Docker Web/README.md b/VU CYBERTHON 2023/Docker Web/README.md index 83d791d..d4f15a8 100644 --- a/VU CYBERTHON 2023/Docker Web/README.md +++ b/VU CYBERTHON 2023/Docker Web/README.md @@ -1,5 +1,5 @@ # Docker Web -`-` +> A container that contains a web page (http) service. All answers will appear only after you look at the page. ## About the Challenge We are given a zip code that contain linux directories diff --git a/VU CYBERTHON 2023/RFC standard for security policy information/README.md b/VU CYBERTHON 2023/RFC standard for security policy information/README.md index 6d45024..d30895b 100644 --- a/VU CYBERTHON 2023/RFC standard for security policy information/README.md +++ b/VU CYBERTHON 2023/RFC standard for security policy information/README.md @@ -1,5 +1,11 @@ # RFC standard for security policy information -> The Lithuanian company Altacom uses one of the latest RFC standard formats for presenting security p... +> The Lithuanian company Altacom uses one of the latest RFC standard formats for presenting security policy information. + +> This standard makes it easier for security specialists to identify the contacts they should reach out to in order to report a vulnerability to the organization. + +> Please help me find the email address to report any vulnerabilities found. + +> Flag format: VU{email@address.com} ## About the Challenge We need to know the email that company use to receive vulnerability report diff --git a/VU CYBERTHON 2023/Simple Web/README.md b/VU CYBERTHON 2023/Simple Web/README.md index 726e647..91e22cc 100644 --- a/VU CYBERTHON 2023/Simple Web/README.md +++ b/VU CYBERTHON 2023/Simple Web/README.md @@ -1,5 +1,5 @@ # Simple Web -`-` +> It consists of only eight commands, each represented by a single character, and uses a tape-based memory model with a pointer. However, it is considered difficult to write programs in, as it provides very little abstraction over the machine model and requires one to break problems down into very simple steps. ## About the Challenge We are given a zip code that contain HTML file inside of it