feat: added DeconstruCT.F 2023

DeconstruCT.F 2023/Hash roll/README.md

@@ -0,0 +1,41 @@
+# Hash roll
+> Augustine's friend took a important file of augustine and stashed it.
+
+> He was able to grab all the files from his friend's machine but he is worried that the files are encrypted.
+
+> Help him get the file back
+
+## About the Challenge
+We got 2 files, `nothing.pdf` and also `encrypted1.zip` (This is a zip protected password) and we need to find the password for `encrypted1.zip` 
+
+## How to Solve?
+Open the `nothing.pdf` first, and then tried to use `CTRL + a` keyboard shortcut to select all texts
+
+![pdf](images/pdf.png)
+
+You will notice there was very small text at the bottom of the PDF file. Now, press `CTRL + c` to copy the text and `CTRL + v` to paste the text into a text editor (in this case, I'm using Notepad). We got some interesting results.
+
+```
+Never gonna give you up
+Never gonna let you down
+Never gonna run around and desert you
+Never gonna make you cry
+Never gonna say goodbye
+Never gonna tell a lie and hurt you
+We've known each other for so long
+Your heart's been aching, but you're too shy
+to say it
+29ebf2f279da44f69a35206885cd2dbc might be something you need
+```
+
+Afterward, I tried searching the MD5 hash on Google, and we found out that the password for the zip file is `diosesamor`
+
+![hash](images/hash.png)
+
+Extract the zip file, and you will find one file called `flag.jpg`. Open it to obtain the flag.
+
+![flag](images/flag.png)
+
+```
+dsc{N3v3r_9OnNA_gIv3_y0u_up}
+```

DeconstruCT.F 2023/Mastermind/README.md

@@ -0,0 +1,31 @@
+# Mastermind
+> You are a hugeee swiftie! You really want to go to The Era's Tour but cannot because you are located in India. You call up Taylor Swift to request her to come to India. She will only come if you can get her a flag. Here's a recording of the call. Can you get her the flag?
+
+## About the Challenge
+We got a `wav` file and we need to find the flag there (You can download the file [here](mastermind.wav))
+
+## How to Solve?
+If you open the file and listen to the audio. You will notice this is a `DTMF` tones. You can translate the tones using this [website](https://unframework.github.io/dtmf-detect/#/). Just upload the wav file and this website will generate the number for you
+
+![DTMF](images/dtmf.png)
+
+Wait until you got all the numbers, and in the end you got this set of numbers
+
+```
+41323036267601217574
+36710992825315281347
+60924906937541136999
+02333
+```
+
+Merge it, and then convert the decimal into hexadecimal using this [website](https://www.rapidtables.com/convert/number/decimal-to-hex.html)
+
+![hex](images/hex.png)
+
+Now, decode the hex to ASCII using [Cyberchef](https://gchq.github.io/CyberChef/#recipe=From_Hex('None')&input=NjQ3MzYzN0I2RDMwNzQ2ODMzNzI1RjMxNzM1RjZEMzA3NDY4MzM3MjMxNkU2NzVGNzQ3MzdE)
+
+![flag](images/flag.png)
+
+```
+dsc{m0th3r_1s_m0th3r1ng_ts}
+```

DeconstruCT.F 2023/README.md

@@ -0,0 +1,11 @@
+# DeconstruCT.F 2023
+CTF writeup for The DeconstruCT.F 2023. I took part in this CTF competition with the aseng_fans_club team (HCS x CCUG), and got xth place out of xxx teams
+
+| Category | Challenge |
+| --- | --- |
+| Web | [where-are-the-cookies](/DeconstruCT.F%202023/where-are-the-cookies/)
+| Web | [debugzero](/DeconstruCT.F%202023/debugzero/)
+| Forensic | [Hash roll](/DeconstruCT.F%202023/Hash%20roll/)
+| Forensic | [Mastermind](/DeconstruCT.F%202023/Mastermind/)
+| Forensic | [snowy rock](/DeconstruCT.F%202023/snowy%20rock/)
+| Crypto | [Very Basic](/DeconstruCT.F%202023/Very%20Basic/)

DeconstruCT.F 2023/Very Basic/README.md

@@ -0,0 +1,20 @@
+# Very Basic
+> Sometimes, we need to oscillate To and fro? things become tough when interwoven together.
+
+## About the Challenge
+We got a ciphertext like this
+
+```
+TREFWPMHI5TZECOUQNBO6ZAWNTQZCBWETYXPKQ2TKTPIGA2ZIXLCGYQVPZKZQC2XG5LI4PTYIBJDMW2ISVBOSTCHI5PI4QCJHXODQAAVOHLYIFOSSRJO4XPCMXTZIWWVTDHOSPCPHFGCUWIYNLNZMFWRURDFYO2IODUIEFGMTDKEOTUZIBKC2EWKUDEFIS2RNHRIUF2BEBFSCW2XVJAOKTMHI5PZKWWES5OTQVQYMHLIKDOQTRFEATCOIBFRSU2XTRDOCPTYIJNTSV2EURADITUYHXJSEXAGNDVJEWWIUDEOQQJYJTNCGXIJM5CFSO2HNXTIOBOXUZLPIR2MNTNIIWVQU5JTWWQEMLUZEEGJUDJESUUWIXQCGAQWMXPZKA2KG5NISFWFUNDDIQU2NLVZQFGRTJDE4ZQIMDUIUF2LGJNDSUIFNHSY4OCLGJITWZAXNDVIQFGBUZHEOQ2JPDOIQFVQTDFO4W2SSJJPMQ2UNHQYKCOQTVGEYTCOG5VXIA2THXGTCVADOPLZMDWMQNAFGTCWIPHTWV2DQMXNKTUOHJJDSU2TURAEAUCAGFOTSQQFNXTIKBWHUZHFOQ2UNPVIQEWKVJDO4XAHO5IFKUMPHPQSSU2SSRFO4XQJMXRZIGWPTVDOSPTYITJS6C2KHTOCMXQVPZPZSF2KHFPCGZQRMXTYIEOTUVEO4UQOMXRZKE2BHFHCGZ2VQDZECQ2TPDVJIE2HIJLC4WWDUJIDKKCPJTHDWXICNLRYUGWJUVYE2W2LTQ2TYV2HURZFUQ22SDBOWTCGIPHTWWQGNDTIUF2QHTKCYAIEOLWIUEWKSZIFGKCXHXNCEVQROXQHCCWISDBOSKBXJPJCOXAOMLUJEFOJUZKEUQUYETNSCZQYMTWZKAWPT5NCEVQRNTPYMDGITNAE2ZADO5DEOUUAHFNSQYQVOHRIKBOTSRIESOTYIJETUWPFNZUX2NT5LS6D2===
+```
+
+And we need to decode the ciphertext
+
+## How to Solve?
+To solve this problem, first we need to decode it using `Vigenere Cipher` and the key is `key`. And then you need to decode it again using `base32/base64`
+
+![flag](images/flag.png)
+
+```
+DSC{V17_P0L1CY}
+```

DeconstruCT.F 2023/debugzero/README.md

@@ -0,0 +1,34 @@
+# debugzero
+> Someone on the dev team fat fingered their keyboard, and deployed the wrong app to production. Try and find what went wrong. The flag is in a file called "flag.txt"
+
+## About the Challenge
+We got a very simple website (And also there is no source code for this chall)
+
+![preview](images/preview.png)
+
+## How to Solve?
+First, let's analyze the homepage.
+
+![source_code](images/source_code.png)
+
+There is a HTML comment, that caught my interest
+
+```html
+<!-- John, please don't run the app in debug mode, how many times do I have to tell you this! -->
+```
+
+This website was running in debug mode, but we still didn't know about the technology behind it. Then, I decided to try some of the common endpoints, such as `/robots.txt`, `sitemap.xml`, `/console`, `/admin`, etc. And voila, there was an endpoint called `/console`
+
+![console](images/console.png)
+
+But we need to know the PIN code first to use the Werkzeug console. Now, let's get back to the homepage again. You will see there is a CSS file.
+
+![pin](images/pin.png)
+
+934123? Is that a PIN code? As it turned out to be true, that number is the PIN code! Now, we need to open `flag.txt` to obtain the flag. In this case im gonna use `open()`
+
+![flag](images/flag.png)
+
+```
+dsc{p1zz4_15_4w350m3}
+```

DeconstruCT.F 2023/snowy rock/README.md

@@ -0,0 +1,42 @@
+# snowy rock
+> am loves puzzles and his dad working in alaska sent a message hidden within for him to uncover
+Can you decode it?
+
+## About the Challenge
+We got an image and we need to find the flag there (You can download the flag [here](snowy_rock_fi.jpg))
+
+## How to Solve?
+First, we need to use `binwalk` to extract the zip file from the image
+
+```bash
+binwalk -e snowy_rock_fi.jpg
+```
+
+![binwalk](images/binwalk.png)
+
+You will see an error but that's okay, that happen because of the zip file was a password-protected file. And then we need to bruteforce the password of the zip file using `john`
+
+```bash
+zip2john file.zip > hash.txt
+john -w=/usr/share/wordlists/rockyou.txt hash.txt
+```
+
+![john](images/john.png)
+
+As you can see, the password is `11snowbird`. Extract the file and you will got `snowyrock.txt`. Now, because of the title of the chall and also the `snowyrock.txt` content, I decided to use `stegsnow` to retrieve hidden messages in `snowyrock.txt`
+
+```
+stegsnow -C snowyrock.txt
+```
+
+This command will run `stegsnow` without using a password
+
+![stegsnow](images/stegsnow.png)
+
+Decode the output using `base64` and also `rot13`
+
+![flag](images/flag.png)
+
+```
+dsc{SnOw_rOcKs_fOr_r34l}
+```

DeconstruCT.F 2023/where-are-the-cookies/README.md

@@ -0,0 +1,30 @@
+# where-are-the-cookies
+> Tom is feeling especially snacky during the CTF, can you find where the cookies are?
+
+> Note: This challenge works best on Chrome
+
+## About the Challenge
+We got a very simple website and we need to find the flag in the website
+
+![preview](images/preview.png)
+
+## How to Solve?
+First, we need to find some common files such as `robots.txt` / `sitemap.xml`. And in this case, this website have a `robots.txt` file
+
+![robots](images/robots.png)
+
+We discovered another endpoint called `/cookiesaretotallynothere`. When we hit the endpoint, there is a cookie called `caniseethecookie`
+
+![cookie](images/cookie.png)
+
+Decode the value of the cookie using `base64`
+
+![base64](images/base64.png)
+
+Change from `no` into `yes` and then encode the message again using `base64` encoding
+
+![flag](images/flag.png)
+
+```
+dsc{c0Ok135_4r3_th3_c0oL35t}
+```

README.md

@@ -11,6 +11,7 @@ There are __396__ writeups that have been made in this repository
 
 | Event Name | Team | Ranking |
 | ---------- | ---- | ------- |
+| DeconstruCT.F 2023 | aseng_fans_club | 1 |
 | The Odyssey CTF | aseng_fans_club | 1 |
 | BDSec CTF 2023 | HCS | 1 |
 | 0xLaugh CTF 2023 | TCP1P | 2 |
@@ -91,6 +92,8 @@ List of CTF events that i have joined before
 | The Odyssey CTF | Yes | [Link](/The%20Odyssey%20CTF/) |
 | TFC CTF 2023 | No | - |
 | ASC Cyber Wargames Qualification 2023 | Yes | [Link](/ASC%20Cyber%20Wargames%20Qualification%202023/) |
+| LIT CTF 2023 | No | - |
+| DeconstruCT.F 2023 | Yes | [Link](/DeconstruCT.F%202023/) |
 
 ### Local Events
 | Event Name | Writeup Available? | Writeup Link |