feat: added 2 CTF writeup

2023-05-21 21:57:52 +07:00 · 2023-05-21 21:57:52 +07:00 · 8925316c31
parent b35db1da93
commit 8925316c31
43 changed files with 392 additions and 13 deletions
--- a/2023/Compact/README.md
+++ b/2023/Compact/README.md
@ -0,0 +1,18 @@
 # Compact
 > Apparently this is meant to replace the Latin alphabet??
 > Flag format: byuctf{word or phrase} case insensitve.
 ## About the Challenge
 We need to decode the message in the image below
 ![chall](chall.png)
 ## How to Solve?
 To solve this, im using [Dotsies translator](https://www.dcode.fr/dotsies-writing) by dcode.fr
 ![flag](images/flag.png)
 ```
 byuctf{well its definitely more compact}
 ```
--- a/2023/Compact/chall.png
+++ b/2023/Compact/chall.png
--- a/2023/Compact/images/flag.png
+++ b/2023/Compact/images/flag.png
--- a/2023/Legoclones
+++ b/2023/Legoclones
@ -0,0 +1,30 @@
 # Legoclones 1
 > For some reason completely incomprehensible to mankind, you have become sworn enemies of one of the BYUCTF organizers, Legoclones. In your efforts to defeat him, you have decided to go back to the origins of Legoclones to learn more about him. This is what you know so far:
 > He once claimed that he's been going by the moniker "Legoclones" for over a decade
 There was a website that he adopted and fostered for about 3 years, based on a specific, niche area of Star Wars
 Your goal now is to find this website that he claims as "his". When he retired from the website, he stated he was leaving it in the hands of Commander ????. What was the username of the person he turned the site over to?
 > Notes from the organizer:
 > The remaining 4 Legoclones-related OSINT challenges will open up after this one
 > Doxxing Legoclones in real-life will not help you in any of these OSINT challenges. Stick to Legoclones and not his real-life counterpart
 > Flag format - byuctf{Username}
 ## About the Challenge
 We have to find the username that took over the website when `Legoclones` retired
 ## How to Solve?
 At first im using [whatsmyname.app](https://whatsmyname.app/) to find any account related to `Legoclones`. And I found `Legoclones` have a reddit account. And if we check the account, I found there is 1 comment about his website
 ![reddit](images/reddit.png)
 Go to the website and find his account and you will find the username that took over the fandom account
 https://clonetrooper.fandom.com/wiki/User:Legoclones
 ![flag](images/flag.png)
 ```
 byuctf{Blyndblitz}
 ```
--- a/1/images/flag.png
+++ b/1/images/flag.png
--- a/1/images/reddit.png
+++ b/1/images/reddit.png
--- a/2023/Legoclones
+++ b/2023/Legoclones
@ -0,0 +1,21 @@
 # Legoclones 3
 > Wow, this wiki is so old, it wasn't even captured by the Wayback Machine until a few years after it had started to flourish. Can you figure out the exact date and time the wiki was created? There may be somewhat reputable sources with a date listed, but in an effort to force you to find an authoritative, reputable source, I'm also requiring you to find the time it was created too. Because I'm too lazy to worry about timezones, the flag is only the minute of when it was created.
 > For example, if you found the wiki was created at 01:23, then the flag is byuctf{23}.
 > Notes from the organizer:
 > Doxxing Legoclones in real-life will not help you in any of these OSINT challenges. Stick to Legoclones and not his real-life counterpart
 > Flag format - byuctf{00}
 ## About the Challenge
 We have to find the time when the website was created
 ## How to Solve?
 You can find the time by checking history of the fandom (You can access the history [here](https://clonetrooper.fandom.com/wiki/Clone_Trooper_Wiki?action=history&dir=prev))
 ![flag](images/flag.png)
 ```
 byuctf{20}
 ```
--- a/3/images/flag.png
+++ b/3/images/flag.png
--- a/2023/README.md
+++ b/2023/README.md
@ -0,0 +1,15 @@
 # BYUCTF 2023
 CTF writeup for The BYUCTF 2023. I took part in this CTF competition with the TCP1P team, and got 32th place out of 581 teams
 Thanks to the team especially @dimasma0305 and @yuuna
 | Category | Challenge |
 | --- | --- |
 | Crypto | [Compact](/BYUCTF%202023/Compact/)
 | Crypto | [RSA1](/BYUCTF%202023/RSA1/)
 | Crypto | [RSA2](/BYUCTF%202023/RSA2/)
 | Crypto | [RSA3](/BYUCTF%202023/RSA3/)
 | Crypto | [RSA4](/BYUCTF%202023/RSA4/)
 | Crypto | [RSA5](/BYUCTF%202023/RSA5/)
 | OSINT | [Legoclones 1](/BYUCTF%202023/Legoclones%201/)
 | OSINT | [Legoclones 2](/BYUCTF%202023/Legoclones%202/)
--- a/2023/RSA1/README.md
+++ b/2023/RSA1/README.md
@ -0,0 +1,22 @@
 # RSA1
 `-`
 ## About the Challenge
 We have been given a file that contain modulus, public exponent, and the ciphertext
 ```
 n = 287838647563564518717519107521814079281
 e = 7
 c = 258476617615202392748150555415953446503
 ```
 ## How to Solve?
 In this case im using [X-RSA](https://github.com/X-Vector/X-RSA) to recover the plaintext, and then choose the first option
 ![flag](images/flag.png)
 ```
 byuctf{too_smol}
 ```
--- a/2023/RSA1/images/flag.png
+++ b/2023/RSA1/images/flag.png
--- a/2023/RSA1/rsa1.txt
+++ b/2023/RSA1/rsa1.txt
@ -0,0 +1,5 @@
 n = 287838647563564518717519107521814079281
 e = 7
 c = 258476617615202392748150555415953446503
--- a/2023/RSA2/README.md
+++ b/2023/RSA2/README.md
@ -0,0 +1,22 @@
 # RSA2
 `-`
 ## About the Challenge
 We have been given a file that contain modulus, public exponent, and the ciphertext
 ```
 n = 546014635841741214724882952304387823741798461149589549073179989118942746109940806878269775538274570065946589413677004071487344751464649121103982272835006900203922112014630898761428602513684456008956735791010937229939856259403186940249737579526542460562078728957198932156520780835942292131829398548678970431263462917223085165930683353518778015361505451889259321493813123084031407195410778661720394898118828299025325200597986154170392835072784810370185329392356423340408483449291280713796374297147668615988522804223480631576577707073715128342533703842150980913675658012799681575774731843549389349977365287936534707998476564357339504431638612839358093914282814270477657856345062084136585402704930924062452984009716927826681976269057923158930326380110735873715506666086031427627450725825495228912040943784627278987497908133546573083543604901933763330940965980882566819970423354937076331119777415405707162588442490342746115310986462330781467571631209829523895479737199963129517613642920935109776495829400236613168913129178658637967592913193540283532220304664924612246117951571439486418122093867454452618997458068515332016877486822805232899716524040444751997121936138984564834862354469295078855441829018404782747219665338778379471257704041
 e = 65537
 c = 497483520135207500611760341868934810216889295862727367409205471739457798733223813938415492642898622071289502771394670201759355356873731071744923938304067196827981196823596976532284031567818944043351160692892539254848854527943095670705184836531463778923699513154523281624336593518751911469590777921172775020125081803529411082078530404614569485860638460689961289946436553586222781503048987585305336865777424252321433817251942278548031598867440246798562662298880488044382840476214732326114298681849826143159014132251265975612736174765852107701466877003101250308950535660691651846052082123375934624356694170453897672257371991315676787548733520567289929667876604682273501711766130944645562650989837328685043543330211830184365436596077862055649246517141787872170320358968622818470064395975654949073402489903952399985907827496667385839890041608685588908200009780210043116940593521695695047783434230143405184690206691002634954008353327872663055826018481013718627348218684688250775372760462829705754318024652361552668830110066219305953343851243676904796434142570868419087560131333056695456062994781034014322792678534785191950145702468201676105282230660132801024614625267740668507168119879074770666830923799616054485447308126877109671082189614
 ```
 ## How to Solve?
 In this case im using [X-RSA](https://github.com/X-Vector/X-RSA) to recover the plaintext, and then choose the first option
 ![flag](images/flag.png)
 ```
 byuctf{rsa_is_only_secure_when_p_and_q_are_unknown}
 ```
--- a/2023/RSA2/images/flag.png
+++ b/2023/RSA2/images/flag.png
--- a/2023/RSA2/rsa2.txt
+++ b/2023/RSA2/rsa2.txt
@ -0,0 +1,5 @@
 n = 546014635841741214724882952304387823741798461149589549073179989118942746109940806878269775538274570065946589413677004071487344751464649121103982272835006900203922112014630898761428602513684456008956735791010937229939856259403186940249737579526542460562078728957198932156520780835942292131829398548678970431263462917223085165930683353518778015361505451889259321493813123084031407195410778661720394898118828299025325200597986154170392835072784810370185329392356423340408483449291280713796374297147668615988522804223480631576577707073715128342533703842150980913675658012799681575774731843549389349977365287936534707998476564357339504431638612839358093914282814270477657856345062084136585402704930924062452984009716927826681976269057923158930326380110735873715506666086031427627450725825495228912040943784627278987497908133546573083543604901933763330940965980882566819970423354937076331119777415405707162588442490342746115310986462330781467571631209829523895479737199963129517613642920935109776495829400236613168913129178658637967592913193540283532220304664924612246117951571439486418122093867454452618997458068515332016877486822805232899716524040444751997121936138984564834862354469295078855441829018404782747219665338778379471257704041
 e = 65537
 c = 497483520135207500611760341868934810216889295862727367409205471739457798733223813938415492642898622071289502771394670201759355356873731071744923938304067196827981196823596976532284031567818944043351160692892539254848854527943095670705184836531463778923699513154523281624336593518751911469590777921172775020125081803529411082078530404614569485860638460689961289946436553586222781503048987585305336865777424252321433817251942278548031598867440246798562662298880488044382840476214732326114298681849826143159014132251265975612736174765852107701466877003101250308950535660691651846052082123375934624356694170453897672257371991315676787548733520567289929667876604682273501711766130944645562650989837328685043543330211830184365436596077862055649246517141787872170320358968622818470064395975654949073402489903952399985907827496667385839890041608685588908200009780210043116940593521695695047783434230143405184690206691002634954008353327872663055826018481013718627348218684688250775372760462829705754318024652361552668830110066219305953343851243676904796434142570868419087560131333056695456062994781034014322792678534785191950145702468201676105282230660132801024614625267740668507168119879074770666830923799616054485447308126877109671082189614
--- a/2023/RSA3/README.md
+++ b/2023/RSA3/README.md
@ -0,0 +1,29 @@
 # RSA3
 `-`
 ## About the Challenge
 We have been given a file that contain 2 modulus, public exponent, and 2 ciphertexts
 ```
 n1 = 26936730986023789726214222876998431579035871765812234385674097050592112272540329063679602773116293498245937781951160051718036177035087801218359133356523071700951108999020905116034905584806261203518345118128714311038590925635180342040347317022008233631809623824589107373210514331169745651687793393307158179191306187356408951648269495142386375021669218752561961647301029204701333026044435685936341126368602940601101599988477874713569476970068734357580527463645209944448988010693985476127837819331701523891965427561798033127731232916390511986369304971158889254173850566560028528340860519614489276904182246324437302697433
 e1 = 65537
 c1 = 25934221721388531303090294836956821212346696995428676440185777623629033147440636130540319272854260855117016879903925227836710795492438220977864741830686432435183222727791461378988782191893620213711460265022633971293289987925875691438890670054518553696690583070284033592035281829227897938832962322172505881421894428362134145126751766514249801481330619906708370005958557827981820321861133293595400304305721764486699677941331024345924352161482159664366018182446127343098427579677894070842066840562853624060861183697917208697602208453017595582242281467105778066369782229287834403074433848470534633158573935584429007575715
 n2 = 20923351960149847207730448386993771286287991808293298691185156471519720793292179321382926775933281826329369963004005667653815105072159583791658532166606431385861980687037872135521884790087813454844716254644626942821490878728677736261700329782075809716063515721266692286574071240561529911159730824490258866613280873755548760004314650585913096197607936750263556276920577987540676841745347308103070523989154846358123142014592046611945781700690640990848003152423310523158983857208127158850925297742214928064334410930947749935069628731105093722212442331657106356911123912454871778728334875010902513275561639806401894881233
 e2 = 65537
 c2 = 5993773597007465934515223705550947500391213737662065644971977783446564890828050443747162704068048188331597029929182281837445674583301936037963788912954366180921337518251139032904603786774772009913305609053718347365864177247549192649908207240197602397010006677485658506955283638199651692990436006544549785434255965098715363287267470252318128158357490592521797199393154974403123099999366644663048724011101287811844340320520544010179529188112211115440469084617438296961494801221969674213288489675624156545941630517075958425681203711654677553772595530799489102830165490202523397154229276688719481530893488434863906070343
 ```
 ## How to Solve?
 In this case im using [X-RSA](https://github.com/X-Vector/X-RSA) to recover the plaintext, and because then choose the 14th option
 ![flag](images/flag.png)
 ```
 byuctf{coprime_means_factoring_N_becomes_much_easier}
 ```
--- a/2023/RSA3/images/flag.png
+++ b/2023/RSA3/images/flag.png
--- a/2023/RSA3/rsa3.txt
+++ b/2023/RSA3/rsa3.txt
@ -0,0 +1,12 @@
 n1 = 26936730986023789726214222876998431579035871765812234385674097050592112272540329063679602773116293498245937781951160051718036177035087801218359133356523071700951108999020905116034905584806261203518345118128714311038590925635180342040347317022008233631809623824589107373210514331169745651687793393307158179191306187356408951648269495142386375021669218752561961647301029204701333026044435685936341126368602940601101599988477874713569476970068734357580527463645209944448988010693985476127837819331701523891965427561798033127731232916390511986369304971158889254173850566560028528340860519614489276904182246324437302697433
 e1 = 65537
 c1 = 25934221721388531303090294836956821212346696995428676440185777623629033147440636130540319272854260855117016879903925227836710795492438220977864741830686432435183222727791461378988782191893620213711460265022633971293289987925875691438890670054518553696690583070284033592035281829227897938832962322172505881421894428362134145126751766514249801481330619906708370005958557827981820321861133293595400304305721764486699677941331024345924352161482159664366018182446127343098427579677894070842066840562853624060861183697917208697602208453017595582242281467105778066369782229287834403074433848470534633158573935584429007575715
 n2 = 20923351960149847207730448386993771286287991808293298691185156471519720793292179321382926775933281826329369963004005667653815105072159583791658532166606431385861980687037872135521884790087813454844716254644626942821490878728677736261700329782075809716063515721266692286574071240561529911159730824490258866613280873755548760004314650585913096197607936750263556276920577987540676841745347308103070523989154846358123142014592046611945781700690640990848003152423310523158983857208127158850925297742214928064334410930947749935069628731105093722212442331657106356911123912454871778728334875010902513275561639806401894881233
 e2 = 65537
 c2 = 5993773597007465934515223705550947500391213737662065644971977783446564890828050443747162704068048188331597029929182281837445674583301936037963788912954366180921337518251139032904603786774772009913305609053718347365864177247549192649908207240197602397010006677485658506955283638199651692990436006544549785434255965098715363287267470252318128158357490592521797199393154974403123099999366644663048724011101287811844340320520544010179529188112211115440469084617438296961494801221969674213288489675624156545941630517075958425681203711654677553772595530799489102830165490202523397154229276688719481530893488434863906070343
--- a/2023/RSA4/README.md
+++ b/2023/RSA4/README.md
@ -0,0 +1,38 @@
 # RSA4
 `-`
 ## About the Challenge
 We have been given a file that contain 3 modulus, public exponent, and 3 ciphertexts
 ```
 n1 = 25204912957894049536633029588071532883154221495361435745558539407530325536509218257991893451902442183954212400671502526830623527340613723328379300388737939211263541814108106183164630301938900862986688763583982133846507136234797325243547177627054271161715200611591594812723672399437505379398941496184886411879923583394041753902383846644013849190900416111230521180435101859101110596828380586449182686175177638441549656137307050392520754146511496313215137339773851458160180450925216541537448515297981124184019831730808991821344392915274230294654187421183676471212265322367890189804699510021526923237231850244056681024361
 e1 = 3
 c1 = 8177192204481601898705460379101384591996531766013815643642297541939314169289538943467463950155787562006058743758523755363825964609610993939021120980839831173842134605117089923025444468026164578567348718360392736482132312367435114106411271743218631041094275894508404221506482038656928803775293360599721583316194630449469869000491476753827928793659938654925187969087524783314008405767753004191090522037968098548258698350055999105058915648497702724525585509
 ================================================
 n2 = 17730912385401458370516374144454354828481353051514329263921774569034415114147424203611660978860008058118764431105602401970281692066419254457694301039461623568501484102567802483628476717695013320444442267232019104240173401975387173805390636521671252624249730700497552226732834062715286458634274525026438931671208367178653031967364951679420066768732647183187381700016195545187024094717207787859217993871236368911145957298126589666514319408022801341248744002320245345234912423717815146532293315342644702101415345900126397475592837306256140915525455824350305349773210334856093169535686115299159772550674315375987529523179
 e2 = 3
 c2 = 8177192204481601898705460379101384591996531766013815643642297541939314169289538943467463950155787562006058743758523755363825964609610993939021120980839831173842134605117089923025444468026164578567348718360392736482132312367435114106411271743218631041094275894508404221506482038656928803775293360599721583316194630449469869000491476753827928793659938654925187969087524783314008405767753004191090522037968098548258698350055999105058915648497702724525585509
 ================================================
 n3 = 23693871552180460990138635073805949225912252125308334418081834697641804631104724668330415198785050388969117484647897131795893896100932121531733121069301557203541651575306855376180158639595396645851251320756224273151350168394783274111111375428683335001923152182758469432988805562827169898721409159172411067426322303967736140645806651181720610635139163613355013365367013643617931710120446074129630384181873406149243284193113399417540744056880787819360491511062694356302764642727497777585348003477373456680752873785829149551421840290660162776229985812994060664107888011786183808824620497078292008444842754064007647832261
 e3 = 3
 c3 = 8177192204481601898705460379101384591996531766013815643642297541939314169289538943467463950155787562006058743758523755363825964609610993939021120980839831173842134605117089923025444468026164578567348718360392736482132312367435114106411271743218631041094275894508404221506482038656928803775293360599721583316194630449469869000491476753827928793659938654925187969087524783314008405767753004191090522037968098548258698350055999105058915648497702724525585509
 ```
 ## How to Solve?
 In this case im using [X-RSA](https://github.com/X-Vector/X-RSA) to recover the plaintext, and because then choose the 6th option
 ![flag](images/flag.png)
 ```
 byuctf{hastad_broadcast_attack_is_why_e_needs_to_be_very_large}
 ```
--- a/2023/RSA4/images/flag.png
+++ b/2023/RSA4/images/flag.png
--- a/2023/RSA4/rsa4.txt
+++ b/2023/RSA4/rsa4.txt
@ -0,0 +1,21 @@
 n1 = 25204912957894049536633029588071532883154221495361435745558539407530325536509218257991893451902442183954212400671502526830623527340613723328379300388737939211263541814108106183164630301938900862986688763583982133846507136234797325243547177627054271161715200611591594812723672399437505379398941496184886411879923583394041753902383846644013849190900416111230521180435101859101110596828380586449182686175177638441549656137307050392520754146511496313215137339773851458160180450925216541537448515297981124184019831730808991821344392915274230294654187421183676471212265322367890189804699510021526923237231850244056681024361
 e1 = 3
 c1 = 8177192204481601898705460379101384591996531766013815643642297541939314169289538943467463950155787562006058743758523755363825964609610993939021120980839831173842134605117089923025444468026164578567348718360392736482132312367435114106411271743218631041094275894508404221506482038656928803775293360599721583316194630449469869000491476753827928793659938654925187969087524783314008405767753004191090522037968098548258698350055999105058915648497702724525585509
 ================================================
 n2 = 17730912385401458370516374144454354828481353051514329263921774569034415114147424203611660978860008058118764431105602401970281692066419254457694301039461623568501484102567802483628476717695013320444442267232019104240173401975387173805390636521671252624249730700497552226732834062715286458634274525026438931671208367178653031967364951679420066768732647183187381700016195545187024094717207787859217993871236368911145957298126589666514319408022801341248744002320245345234912423717815146532293315342644702101415345900126397475592837306256140915525455824350305349773210334856093169535686115299159772550674315375987529523179
 e2 = 3
 c2 = 8177192204481601898705460379101384591996531766013815643642297541939314169289538943467463950155787562006058743758523755363825964609610993939021120980839831173842134605117089923025444468026164578567348718360392736482132312367435114106411271743218631041094275894508404221506482038656928803775293360599721583316194630449469869000491476753827928793659938654925187969087524783314008405767753004191090522037968098548258698350055999105058915648497702724525585509
 ================================================
 n3 = 23693871552180460990138635073805949225912252125308334418081834697641804631104724668330415198785050388969117484647897131795893896100932121531733121069301557203541651575306855376180158639595396645851251320756224273151350168394783274111111375428683335001923152182758469432988805562827169898721409159172411067426322303967736140645806651181720610635139163613355013365367013643617931710120446074129630384181873406149243284193113399417540744056880787819360491511062694356302764642727497777585348003477373456680752873785829149551421840290660162776229985812994060664107888011786183808824620497078292008444842754064007647832261
 e3 = 3
 c3 = 8177192204481601898705460379101384591996531766013815643642297541939314169289538943467463950155787562006058743758523755363825964609610993939021120980839831173842134605117089923025444468026164578567348718360392736482132312367435114106411271743218631041094275894508404221506482038656928803775293360599721583316194630449469869000491476753827928793659938654925187969087524783314008405767753004191090522037968098548258698350055999105058915648497702724525585509
--- a/2023/RSA5/README.md
+++ b/2023/RSA5/README.md
@ -0,0 +1,26 @@
 # RSA5
 `-`
 ## About the Challenge
 We have been given a file that contain 1 modulus, 2 public exponent, and 2 ciphertexts
 ```
 n = 158307578375429142391814474806884486236362186916188452580137711655290101749246194796158132723192108831610021920979976831387798531310286521988621973910776725756124498277292094830880179737057636826926718870947402385998304759357604096043571760391265436342427330673679572532727716853811470803394787706010603830747
 e1 = 65537
 c1 = 147465654815005020063943150787541676244006907179548061733683379407115931956604160894199596187128857070739585522099795520030109295201146791378167977530770154086872347421667566213107792455663772279848013855378166127142983660396920011133029349489200452580907847840266595584254579298524777000061248118561875608240
 e2 = 65521
 c2 = 142713643080475406732653557020038566547302005567266455940547551173573770529850069157484999432568532977025654715928532390305041525635025949965799289602536953914794718670859158768092964083443092374251987427058692219234329521939404919423432910655508395090232621076454399975588453154238832799760275047924852124717
 ```
 ## How to Solve?
 In this case im using [X-RSA](https://github.com/X-Vector/X-RSA) to recover the plaintext, and because then choose the 7th option
 ![flag](images/flag.png)
 ```
 byuctf{NEVER_USE_SAME_MODULUS_WITH_DIFFERENT_e_VALUES}
 ```
--- a/2023/RSA5/images/flag.png
+++ b/2023/RSA5/images/flag.png
--- a/2023/RSA5/rsa5.txt
+++ b/2023/RSA5/rsa5.txt
@ -0,0 +1,9 @@
 n = 158307578375429142391814474806884486236362186916188452580137711655290101749246194796158132723192108831610021920979976831387798531310286521988621973910776725756124498277292094830880179737057636826926718870947402385998304759357604096043571760391265436342427330673679572532727716853811470803394787706010603830747
 e1 = 65537
 c1 = 147465654815005020063943150787541676244006907179548061733683379407115931956604160894199596187128857070739585522099795520030109295201146791378167977530770154086872347421667566213107792455663772279848013855378166127142983660396920011133029349489200452580907847840266595584254579298524777000061248118561875608240
 e2 = 65521
 c2 = 142713643080475406732653557020038566547302005567266455940547551173573770529850069157484999432568532977025654715928532390305041525635025949965799289602536953914794718670859158768092964083443092374251987427058692219234329521939404919423432910655508395090232621076454399975588453154238832799760275047924852124717
--- a/2023/chall.png
+++ b/2023/chall.png
--- a/2023/Bing/README.md
+++ b/2023/Bing/README.md
@ -0,0 +1,26 @@
 # Bing
 > `-`
 ## About the Challenge
 We have been given a website that contains a form and we can input a host there
 ![preview_1](images/preview_1.png)
 And then I tried to input 127.0.0.1 and here was the output
 ![preview_2](images/preview_2.png)
 ## How to Solve?
 We need to exploit the website using `Command Injection` vulnerability in order to read the flag. Here is the payload that I used to read the flag
 ```
 127.0.0.1;c\a\t${IFS}/f\lag.txt${IFS}|base64
 ```
 Because some of the commands are blacklisted by the website (Like `cat` or `ls`), we can trick it with `/` character.  And because whitespace is also blacklisted by the website we can use `${IFS}`
 ![flag](images/flag.png)
 ```
 dead{okokok!!!_th1s_flAg_f0R_Y0U}
 ```
--- a/2023/Bing/images/flag.png
+++ b/2023/Bing/images/flag.png
--- a/2023/Bing/images/preview_1.png
+++ b/2023/Bing/images/preview_1.png
--- a/2023/Bing/images/preview_2.png
+++ b/2023/Bing/images/preview_2.png
--- a/2023/FRSS/README.md
+++ b/2023/FRSS/README.md
@ -0,0 +1,29 @@
 # FRSS
 > `-`
 ## About the Challenge
 We got a websites that can make requests to other websites and display the response
 ![preview](images/preview.png)
 We need to access `/hehe.txt` by using that feature. However there is a limit of characters that we can input into that form
 ![preview_2](images/preview_2.png)
 ## How to Solve?
 In order to read the flag, we need to access the website internally and access the `/hehe.txt` endpoint
 At first, I inputted `127.0.0.1/hehe.txt` but the response is `Oh no no, url is too long I can't handle it`. And then I and found this [payload](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md)
 ![PayloadAllTheThings](images/PayloadAllTheThings.png)
 So, my final payload was:
 ```
 0.0.0.0/hehe.txt
 ```
 ![flag](images/flag.png)
 ```
 dead{Ashiiiibaaa_you_hAv3_Pybass_chA11}
 ```
--- a/2023/FRSS/images/PayloadAllTheThings.png
+++ b/2023/FRSS/images/PayloadAllTheThings.png
--- a/2023/FRSS/images/flag.png
+++ b/2023/FRSS/images/flag.png
--- a/2023/FRSS/images/preview.png
+++ b/2023/FRSS/images/preview.png
--- a/2023/FRSS/images/preview_2.png
+++ b/2023/FRSS/images/preview_2.png
--- a/2023/README.md
+++ b/2023/README.md
@ -0,0 +1,10 @@
 # DeadSec CTF 2023
 CTF writeup for The DeadSec CTF 2023. I took part in this CTF competition with the TCP1P team, and got 16th place out of 436 teams
 Thanks to the team especially @dimasma0305
 | Category | Challenge |
 | --- | --- |
 | Web | [FRSS](/DeadSec%20CTF%202023/FRSS/)
 | Web | [Bing](/DeadSec%20CTF%202023/Bing/)
 | Web | [XEE1](/DeadSec%20CTF%202023/XEE1/)
--- a/2023/XEE1/README.md
+++ b/2023/XEE1/README.md
@ -0,0 +1,38 @@
 # XEE1
 > flag in flag.txt
 ## About the Challenge
 We have been given a website that contains a login page
 ![preview](images/preview.png)
 And if we check the HTTP request and response when entering the username and password
 ![http](images/http.png)
 ## How to Solve?
 At first, Im using a `file` protocol to read `/flag.txt` file
 ![first_request](images/first_request.png)
 But the output was `You can't read the flag`. Im very confused because my payload was working perfectly if I want to read another file (ex: /etc/passwd)
 ![testing](images/testing.png)
 So I decided to use PHP wrapper to encoded the output with `base64` encoding. Here is the final payload
 ```xml
 <!--?xml version="1.0" ?-->
 <!DOCTYPE replace [<!ENTITY ent SYSTEM "php://filter/read=convert.base64-encode/resource=/flag.txt"> ]>
 <user>
    <username>&ent;</username>
    <password>test</password>
 </user>
 ```
 ![flag](images/flag.png)
 ```
 dead{n1ce_br0_XE3_3z_h3h3}
 ```
--- a/2023/XEE1/images/first_request.png
+++ b/2023/XEE1/images/first_request.png
--- a/2023/XEE1/images/flag.png
+++ b/2023/XEE1/images/flag.png
--- a/2023/XEE1/images/http.png
+++ b/2023/XEE1/images/http.png
--- a/2023/XEE1/images/preview.png
+++ b/2023/XEE1/images/preview.png
--- a/2023/XEE1/images/testing.png
+++ b/2023/XEE1/images/testing.png
--- a/2023/README.md
+++ b/2023/README.md
@ -5,15 +5,15 @@ Thanks to the team especially @spitfire
 | Category | Challenge |
 | --- | --- |
-| Jubilife | [The Historian Channel - 1](/ICSJWG%20CTF%202023/)
+| Jubilife | [The Historian Channel - 1](/ICSJWG%20CTF%202023/The%20Historian%20Channel%20-%201/)
-| Jubilife | [The Historian Channel - 2](/ICSJWG%20CTF%202023/)
+| Jubilife | [The Historian Channel - 2](/ICSJWG%20CTF%202023/The%20Historian%20Channel%20-%202/)
-| Jubilife | [The Historian Channel - 3](/ICSJWG%20CTF%202023/)
+| Jubilife | [The Historian Channel - 3](/ICSJWG%20CTF%202023/The%20Historian%20Channel%20-%203/)
-| Jubilife | [Windows Pane - 1](/ICSJWG%20CTF%202023/)
+| Jubilife | [Windows Pane - 1](/ICSJWG%20CTF%202023/Windows%20Pane%20-%201/)
-| Jubilife | [Windows Pane - 2](/ICSJWG%20CTF%202023/)
+| Jubilife | [Windows Pane - 2](/ICSJWG%20CTF%202023/Windows%20Pane%20-%202/)
-| Jubilife | [Windows Pane - 3](/ICSJWG%20CTF%202023/)
+| Jubilife | [Windows Pane - 3](/ICSJWG%20CTF%202023/Windows%20Pane%20-%203/)
-| Jubilife | [Chrome-Plated Nonsense - 1](/ICSJWG%20CTF%202023/)
+| Jubilife | [Chrome-Plated Nonsense - 1](/ICSJWG%20CTF%202023/Chrome-Plated%20Nonsense%20-%201/)
-| Jubilife | [Chrome-Plated Nonsense - 2](/ICSJWG%20CTF%202023/)
+| Jubilife | [Chrome-Plated Nonsense - 2](/ICSJWG%20CTF%202023/Chrome-Plated%20Nonsense%20-%202/)
-| Snowpoint | [The Phish Tank - 1](/ICSJWG%20CTF%202023/)
+| Snowpoint | [The Phish Tank - 1](/ICSJWG%20CTF%202023/The%20Phish%20Tank%20-%201/)
-| Snowpoint | [The Phish Tank - 2](/ICSJWG%20CTF%202023/)
+| Snowpoint | [The Phish Tank - 2](/ICSJWG%20CTF%202023/The%20Phish%20Tank%20-%202/)
-| Snowpoint | [The Phish Tank - 3a](/ICSJWG%20CTF%202023/)
+| Snowpoint | [The Phish Tank - 3a](/ICSJWG%20CTF%202023/The%20Phish%20Tank%20-%203a/)
-| Snowpoint | [The Phish Tank - 3b](/ICSJWG%20CTF%202023/)
+| Snowpoint | [The Phish Tank - 3b](/ICSJWG%20CTF%202023/The%20Phish%20Tank%20-%203b/)
--- a/README.md
+++ b/README.md
@ -43,4 +43,7 @@ List of CTF events that i have joined before
 | HackPack CTF 2023 | 14 April, 22:00 WIB — 15 April 2023, 21:59 WIB | [Link](/Hackpack%20CTF%202023/) |
 | Cyberconférence CTF (24h@CTF '23) | 14 April, 23:00 WIB — 16 April 2023, 21:00 WIB | [Link](/24h%40CTF%202023/) |
 | Texas Security Awareness Week 2023 | 15 April, 22:00 WIB — 17 April 2023, 05:00 WIB | [Link](/TexSAW%202023/) |
-| WaniCTF 2023 | 04 May, 13:00 WIB — 06 May 2023, 13:00 WIB | [Link](/WaniCTF%202023/) |
+| WaniCTF 2023 | 04 May, 13:00 WIB — 06 May 2023, 13:00 WIB | [Link](/WaniCTF%202023/) |
 | ICSJWG Spring 2023 | 07 May, 01:00 WIB — 12 May 2023, 01:00 WIB | [Link](/ICSJWG%20CTF%202023/) |
 | DeadSec CTF 2023 | 19 May, 20:00 WIB — 21 May 2023, 20:00 WIB | [Link](/DeadSec%20CTF%202023/) |
 | BYUCTF 2023 | 20 May, 00:00 WIB — 21 May 2023, 12:00 WIB | [Link](/BYUCTF%202023/) |