feat: added 2 CTF writeup

pull/1/head
Muhammad Daffa 2023-05-21 21:57:52 +07:00
parent b35db1da93
commit 8925316c31
43 changed files with 392 additions and 13 deletions

View File

@ -0,0 +1,18 @@
# Compact
> Apparently this is meant to replace the Latin alphabet??
> Flag format: byuctf{word or phrase} case insensitve.
## About the Challenge
We need to decode the message in the image below
![chall](chall.png)
## How to Solve?
To solve this, im using [Dotsies translator](https://www.dcode.fr/dotsies-writing) by dcode.fr
![flag](images/flag.png)
```
byuctf{well its definitely more compact}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.9 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 163 KiB

View File

@ -0,0 +1,30 @@
# Legoclones 1
> For some reason completely incomprehensible to mankind, you have become sworn enemies of one of the BYUCTF organizers, Legoclones. In your efforts to defeat him, you have decided to go back to the origins of Legoclones to learn more about him. This is what you know so far:
> He once claimed that he's been going by the moniker "Legoclones" for over a decade
There was a website that he adopted and fostered for about 3 years, based on a specific, niche area of Star Wars
Your goal now is to find this website that he claims as "his". When he retired from the website, he stated he was leaving it in the hands of Commander ????. What was the username of the person he turned the site over to?
> Notes from the organizer:
> The remaining 4 Legoclones-related OSINT challenges will open up after this one
> Doxxing Legoclones in real-life will not help you in any of these OSINT challenges. Stick to Legoclones and not his real-life counterpart
> Flag format - byuctf{Username}
## About the Challenge
We have to find the username that took over the website when `Legoclones` retired
## How to Solve?
At first im using [whatsmyname.app](https://whatsmyname.app/) to find any account related to `Legoclones`. And I found `Legoclones` have a reddit account. And if we check the account, I found there is 1 comment about his website
![reddit](images/reddit.png)
Go to the website and find his account and you will find the username that took over the fandom account
https://clonetrooper.fandom.com/wiki/User:Legoclones
![flag](images/flag.png)
```
byuctf{Blyndblitz}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 75 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 57 KiB

View File

@ -0,0 +1,21 @@
# Legoclones 3
> Wow, this wiki is so old, it wasn't even captured by the Wayback Machine until a few years after it had started to flourish. Can you figure out the exact date and time the wiki was created? There may be somewhat reputable sources with a date listed, but in an effort to force you to find an authoritative, reputable source, I'm also requiring you to find the time it was created too. Because I'm too lazy to worry about timezones, the flag is only the minute of when it was created.
> For example, if you found the wiki was created at 01:23, then the flag is byuctf{23}.
> Notes from the organizer:
> Doxxing Legoclones in real-life will not help you in any of these OSINT challenges. Stick to Legoclones and not his real-life counterpart
> Flag format - byuctf{00}
## About the Challenge
We have to find the time when the website was created
## How to Solve?
You can find the time by checking history of the fandom (You can access the history [here](https://clonetrooper.fandom.com/wiki/Clone_Trooper_Wiki?action=history&dir=prev))
![flag](images/flag.png)
```
byuctf{20}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 51 KiB

15
BYUCTF 2023/README.md Normal file
View File

@ -0,0 +1,15 @@
# BYUCTF 2023
CTF writeup for The BYUCTF 2023. I took part in this CTF competition with the TCP1P team, and got 32th place out of 581 teams
Thanks to the team especially @dimasma0305 and @yuuna
| Category | Challenge |
| --- | --- |
| Crypto | [Compact](/BYUCTF%202023/Compact/)
| Crypto | [RSA1](/BYUCTF%202023/RSA1/)
| Crypto | [RSA2](/BYUCTF%202023/RSA2/)
| Crypto | [RSA3](/BYUCTF%202023/RSA3/)
| Crypto | [RSA4](/BYUCTF%202023/RSA4/)
| Crypto | [RSA5](/BYUCTF%202023/RSA5/)
| OSINT | [Legoclones 1](/BYUCTF%202023/Legoclones%201/)
| OSINT | [Legoclones 2](/BYUCTF%202023/Legoclones%202/)

View File

@ -0,0 +1,22 @@
# RSA1
`-`
## About the Challenge
We have been given a file that contain modulus, public exponent, and the ciphertext
```
n = 287838647563564518717519107521814079281
e = 7
c = 258476617615202392748150555415953446503
```
## How to Solve?
In this case im using [X-RSA](https://github.com/X-Vector/X-RSA) to recover the plaintext, and then choose the first option
![flag](images/flag.png)
```
byuctf{too_smol}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 44 KiB

View File

@ -0,0 +1,5 @@
n = 287838647563564518717519107521814079281
e = 7
c = 258476617615202392748150555415953446503

View File

@ -0,0 +1,22 @@
# RSA2
`-`
## About the Challenge
We have been given a file that contain modulus, public exponent, and the ciphertext
```
n = 546014635841741214724882952304387823741798461149589549073179989118942746109940806878269775538274570065946589413677004071487344751464649121103982272835006900203922112014630898761428602513684456008956735791010937229939856259403186940249737579526542460562078728957198932156520780835942292131829398548678970431263462917223085165930683353518778015361505451889259321493813123084031407195410778661720394898118828299025325200597986154170392835072784810370185329392356423340408483449291280713796374297147668615988522804223480631576577707073715128342533703842150980913675658012799681575774731843549389349977365287936534707998476564357339504431638612839358093914282814270477657856345062084136585402704930924062452984009716927826681976269057923158930326380110735873715506666086031427627450725825495228912040943784627278987497908133546573083543604901933763330940965980882566819970423354937076331119777415405707162588442490342746115310986462330781467571631209829523895479737199963129517613642920935109776495829400236613168913129178658637967592913193540283532220304664924612246117951571439486418122093867454452618997458068515332016877486822805232899716524040444751997121936138984564834862354469295078855441829018404782747219665338778379471257704041
e = 65537
c = 497483520135207500611760341868934810216889295862727367409205471739457798733223813938415492642898622071289502771394670201759355356873731071744923938304067196827981196823596976532284031567818944043351160692892539254848854527943095670705184836531463778923699513154523281624336593518751911469590777921172775020125081803529411082078530404614569485860638460689961289946436553586222781503048987585305336865777424252321433817251942278548031598867440246798562662298880488044382840476214732326114298681849826143159014132251265975612736174765852107701466877003101250308950535660691651846052082123375934624356694170453897672257371991315676787548733520567289929667876604682273501711766130944645562650989837328685043543330211830184365436596077862055649246517141787872170320358968622818470064395975654949073402489903952399985907827496667385839890041608685588908200009780210043116940593521695695047783434230143405184690206691002634954008353327872663055826018481013718627348218684688250775372760462829705754318024652361552668830110066219305953343851243676904796434142570868419087560131333056695456062994781034014322792678534785191950145702468201676105282230660132801024614625267740668507168119879074770666830923799616054485447308126877109671082189614
```
## How to Solve?
In this case im using [X-RSA](https://github.com/X-Vector/X-RSA) to recover the plaintext, and then choose the first option
![flag](images/flag.png)
```
byuctf{rsa_is_only_secure_when_p_and_q_are_unknown}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 142 KiB

View File

@ -0,0 +1,5 @@
n = 546014635841741214724882952304387823741798461149589549073179989118942746109940806878269775538274570065946589413677004071487344751464649121103982272835006900203922112014630898761428602513684456008956735791010937229939856259403186940249737579526542460562078728957198932156520780835942292131829398548678970431263462917223085165930683353518778015361505451889259321493813123084031407195410778661720394898118828299025325200597986154170392835072784810370185329392356423340408483449291280713796374297147668615988522804223480631576577707073715128342533703842150980913675658012799681575774731843549389349977365287936534707998476564357339504431638612839358093914282814270477657856345062084136585402704930924062452984009716927826681976269057923158930326380110735873715506666086031427627450725825495228912040943784627278987497908133546573083543604901933763330940965980882566819970423354937076331119777415405707162588442490342746115310986462330781467571631209829523895479737199963129517613642920935109776495829400236613168913129178658637967592913193540283532220304664924612246117951571439486418122093867454452618997458068515332016877486822805232899716524040444751997121936138984564834862354469295078855441829018404782747219665338778379471257704041
e = 65537
c = 497483520135207500611760341868934810216889295862727367409205471739457798733223813938415492642898622071289502771394670201759355356873731071744923938304067196827981196823596976532284031567818944043351160692892539254848854527943095670705184836531463778923699513154523281624336593518751911469590777921172775020125081803529411082078530404614569485860638460689961289946436553586222781503048987585305336865777424252321433817251942278548031598867440246798562662298880488044382840476214732326114298681849826143159014132251265975612736174765852107701466877003101250308950535660691651846052082123375934624356694170453897672257371991315676787548733520567289929667876604682273501711766130944645562650989837328685043543330211830184365436596077862055649246517141787872170320358968622818470064395975654949073402489903952399985907827496667385839890041608685588908200009780210043116940593521695695047783434230143405184690206691002634954008353327872663055826018481013718627348218684688250775372760462829705754318024652361552668830110066219305953343851243676904796434142570868419087560131333056695456062994781034014322792678534785191950145702468201676105282230660132801024614625267740668507168119879074770666830923799616054485447308126877109671082189614

View File

@ -0,0 +1,29 @@
# RSA3
`-`
## About the Challenge
We have been given a file that contain 2 modulus, public exponent, and 2 ciphertexts
```
n1 = 26936730986023789726214222876998431579035871765812234385674097050592112272540329063679602773116293498245937781951160051718036177035087801218359133356523071700951108999020905116034905584806261203518345118128714311038590925635180342040347317022008233631809623824589107373210514331169745651687793393307158179191306187356408951648269495142386375021669218752561961647301029204701333026044435685936341126368602940601101599988477874713569476970068734357580527463645209944448988010693985476127837819331701523891965427561798033127731232916390511986369304971158889254173850566560028528340860519614489276904182246324437302697433
e1 = 65537
c1 = 25934221721388531303090294836956821212346696995428676440185777623629033147440636130540319272854260855117016879903925227836710795492438220977864741830686432435183222727791461378988782191893620213711460265022633971293289987925875691438890670054518553696690583070284033592035281829227897938832962322172505881421894428362134145126751766514249801481330619906708370005958557827981820321861133293595400304305721764486699677941331024345924352161482159664366018182446127343098427579677894070842066840562853624060861183697917208697602208453017595582242281467105778066369782229287834403074433848470534633158573935584429007575715
n2 = 20923351960149847207730448386993771286287991808293298691185156471519720793292179321382926775933281826329369963004005667653815105072159583791658532166606431385861980687037872135521884790087813454844716254644626942821490878728677736261700329782075809716063515721266692286574071240561529911159730824490258866613280873755548760004314650585913096197607936750263556276920577987540676841745347308103070523989154846358123142014592046611945781700690640990848003152423310523158983857208127158850925297742214928064334410930947749935069628731105093722212442331657106356911123912454871778728334875010902513275561639806401894881233
e2 = 65537
c2 = 5993773597007465934515223705550947500391213737662065644971977783446564890828050443747162704068048188331597029929182281837445674583301936037963788912954366180921337518251139032904603786774772009913305609053718347365864177247549192649908207240197602397010006677485658506955283638199651692990436006544549785434255965098715363287267470252318128158357490592521797199393154974403123099999366644663048724011101287811844340320520544010179529188112211115440469084617438296961494801221969674213288489675624156545941630517075958425681203711654677553772595530799489102830165490202523397154229276688719481530893488434863906070343
```
## How to Solve?
In this case im using [X-RSA](https://github.com/X-Vector/X-RSA) to recover the plaintext, and because then choose the 14th option
![flag](images/flag.png)
```
byuctf{coprime_means_factoring_N_becomes_much_easier}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 158 KiB

12
BYUCTF 2023/RSA3/rsa3.txt Normal file
View File

@ -0,0 +1,12 @@
n1 = 26936730986023789726214222876998431579035871765812234385674097050592112272540329063679602773116293498245937781951160051718036177035087801218359133356523071700951108999020905116034905584806261203518345118128714311038590925635180342040347317022008233631809623824589107373210514331169745651687793393307158179191306187356408951648269495142386375021669218752561961647301029204701333026044435685936341126368602940601101599988477874713569476970068734357580527463645209944448988010693985476127837819331701523891965427561798033127731232916390511986369304971158889254173850566560028528340860519614489276904182246324437302697433
e1 = 65537
c1 = 25934221721388531303090294836956821212346696995428676440185777623629033147440636130540319272854260855117016879903925227836710795492438220977864741830686432435183222727791461378988782191893620213711460265022633971293289987925875691438890670054518553696690583070284033592035281829227897938832962322172505881421894428362134145126751766514249801481330619906708370005958557827981820321861133293595400304305721764486699677941331024345924352161482159664366018182446127343098427579677894070842066840562853624060861183697917208697602208453017595582242281467105778066369782229287834403074433848470534633158573935584429007575715
n2 = 20923351960149847207730448386993771286287991808293298691185156471519720793292179321382926775933281826329369963004005667653815105072159583791658532166606431385861980687037872135521884790087813454844716254644626942821490878728677736261700329782075809716063515721266692286574071240561529911159730824490258866613280873755548760004314650585913096197607936750263556276920577987540676841745347308103070523989154846358123142014592046611945781700690640990848003152423310523158983857208127158850925297742214928064334410930947749935069628731105093722212442331657106356911123912454871778728334875010902513275561639806401894881233
e2 = 65537
c2 = 5993773597007465934515223705550947500391213737662065644971977783446564890828050443747162704068048188331597029929182281837445674583301936037963788912954366180921337518251139032904603786774772009913305609053718347365864177247549192649908207240197602397010006677485658506955283638199651692990436006544549785434255965098715363287267470252318128158357490592521797199393154974403123099999366644663048724011101287811844340320520544010179529188112211115440469084617438296961494801221969674213288489675624156545941630517075958425681203711654677553772595530799489102830165490202523397154229276688719481530893488434863906070343

View File

@ -0,0 +1,38 @@
# RSA4
`-`
## About the Challenge
We have been given a file that contain 3 modulus, public exponent, and 3 ciphertexts
```
n1 = 25204912957894049536633029588071532883154221495361435745558539407530325536509218257991893451902442183954212400671502526830623527340613723328379300388737939211263541814108106183164630301938900862986688763583982133846507136234797325243547177627054271161715200611591594812723672399437505379398941496184886411879923583394041753902383846644013849190900416111230521180435101859101110596828380586449182686175177638441549656137307050392520754146511496313215137339773851458160180450925216541537448515297981124184019831730808991821344392915274230294654187421183676471212265322367890189804699510021526923237231850244056681024361
e1 = 3
c1 = 8177192204481601898705460379101384591996531766013815643642297541939314169289538943467463950155787562006058743758523755363825964609610993939021120980839831173842134605117089923025444468026164578567348718360392736482132312367435114106411271743218631041094275894508404221506482038656928803775293360599721583316194630449469869000491476753827928793659938654925187969087524783314008405767753004191090522037968098548258698350055999105058915648497702724525585509
================================================
n2 = 17730912385401458370516374144454354828481353051514329263921774569034415114147424203611660978860008058118764431105602401970281692066419254457694301039461623568501484102567802483628476717695013320444442267232019104240173401975387173805390636521671252624249730700497552226732834062715286458634274525026438931671208367178653031967364951679420066768732647183187381700016195545187024094717207787859217993871236368911145957298126589666514319408022801341248744002320245345234912423717815146532293315342644702101415345900126397475592837306256140915525455824350305349773210334856093169535686115299159772550674315375987529523179
e2 = 3
c2 = 8177192204481601898705460379101384591996531766013815643642297541939314169289538943467463950155787562006058743758523755363825964609610993939021120980839831173842134605117089923025444468026164578567348718360392736482132312367435114106411271743218631041094275894508404221506482038656928803775293360599721583316194630449469869000491476753827928793659938654925187969087524783314008405767753004191090522037968098548258698350055999105058915648497702724525585509
================================================
n3 = 23693871552180460990138635073805949225912252125308334418081834697641804631104724668330415198785050388969117484647897131795893896100932121531733121069301557203541651575306855376180158639595396645851251320756224273151350168394783274111111375428683335001923152182758469432988805562827169898721409159172411067426322303967736140645806651181720610635139163613355013365367013643617931710120446074129630384181873406149243284193113399417540744056880787819360491511062694356302764642727497777585348003477373456680752873785829149551421840290660162776229985812994060664107888011786183808824620497078292008444842754064007647832261
e3 = 3
c3 = 8177192204481601898705460379101384591996531766013815643642297541939314169289538943467463950155787562006058743758523755363825964609610993939021120980839831173842134605117089923025444468026164578567348718360392736482132312367435114106411271743218631041094275894508404221506482038656928803775293360599721583316194630449469869000491476753827928793659938654925187969087524783314008405767753004191090522037968098548258698350055999105058915648497702724525585509
```
## How to Solve?
In this case im using [X-RSA](https://github.com/X-Vector/X-RSA) to recover the plaintext, and because then choose the 6th option
![flag](images/flag.png)
```
byuctf{hastad_broadcast_attack_is_why_e_needs_to_be_very_large}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 170 KiB

21
BYUCTF 2023/RSA4/rsa4.txt Normal file
View File

@ -0,0 +1,21 @@
n1 = 25204912957894049536633029588071532883154221495361435745558539407530325536509218257991893451902442183954212400671502526830623527340613723328379300388737939211263541814108106183164630301938900862986688763583982133846507136234797325243547177627054271161715200611591594812723672399437505379398941496184886411879923583394041753902383846644013849190900416111230521180435101859101110596828380586449182686175177638441549656137307050392520754146511496313215137339773851458160180450925216541537448515297981124184019831730808991821344392915274230294654187421183676471212265322367890189804699510021526923237231850244056681024361
e1 = 3
c1 = 8177192204481601898705460379101384591996531766013815643642297541939314169289538943467463950155787562006058743758523755363825964609610993939021120980839831173842134605117089923025444468026164578567348718360392736482132312367435114106411271743218631041094275894508404221506482038656928803775293360599721583316194630449469869000491476753827928793659938654925187969087524783314008405767753004191090522037968098548258698350055999105058915648497702724525585509
================================================
n2 = 17730912385401458370516374144454354828481353051514329263921774569034415114147424203611660978860008058118764431105602401970281692066419254457694301039461623568501484102567802483628476717695013320444442267232019104240173401975387173805390636521671252624249730700497552226732834062715286458634274525026438931671208367178653031967364951679420066768732647183187381700016195545187024094717207787859217993871236368911145957298126589666514319408022801341248744002320245345234912423717815146532293315342644702101415345900126397475592837306256140915525455824350305349773210334856093169535686115299159772550674315375987529523179
e2 = 3
c2 = 8177192204481601898705460379101384591996531766013815643642297541939314169289538943467463950155787562006058743758523755363825964609610993939021120980839831173842134605117089923025444468026164578567348718360392736482132312367435114106411271743218631041094275894508404221506482038656928803775293360599721583316194630449469869000491476753827928793659938654925187969087524783314008405767753004191090522037968098548258698350055999105058915648497702724525585509
================================================
n3 = 23693871552180460990138635073805949225912252125308334418081834697641804631104724668330415198785050388969117484647897131795893896100932121531733121069301557203541651575306855376180158639595396645851251320756224273151350168394783274111111375428683335001923152182758469432988805562827169898721409159172411067426322303967736140645806651181720610635139163613355013365367013643617931710120446074129630384181873406149243284193113399417540744056880787819360491511062694356302764642727497777585348003477373456680752873785829149551421840290660162776229985812994060664107888011786183808824620497078292008444842754064007647832261
e3 = 3
c3 = 8177192204481601898705460379101384591996531766013815643642297541939314169289538943467463950155787562006058743758523755363825964609610993939021120980839831173842134605117089923025444468026164578567348718360392736482132312367435114106411271743218631041094275894508404221506482038656928803775293360599721583316194630449469869000491476753827928793659938654925187969087524783314008405767753004191090522037968098548258698350055999105058915648497702724525585509

View File

@ -0,0 +1,26 @@
# RSA5
`-`
## About the Challenge
We have been given a file that contain 1 modulus, 2 public exponent, and 2 ciphertexts
```
n = 158307578375429142391814474806884486236362186916188452580137711655290101749246194796158132723192108831610021920979976831387798531310286521988621973910776725756124498277292094830880179737057636826926718870947402385998304759357604096043571760391265436342427330673679572532727716853811470803394787706010603830747
e1 = 65537
c1 = 147465654815005020063943150787541676244006907179548061733683379407115931956604160894199596187128857070739585522099795520030109295201146791378167977530770154086872347421667566213107792455663772279848013855378166127142983660396920011133029349489200452580907847840266595584254579298524777000061248118561875608240
e2 = 65521
c2 = 142713643080475406732653557020038566547302005567266455940547551173573770529850069157484999432568532977025654715928532390305041525635025949965799289602536953914794718670859158768092964083443092374251987427058692219234329521939404919423432910655508395090232621076454399975588453154238832799760275047924852124717
```
## How to Solve?
In this case im using [X-RSA](https://github.com/X-Vector/X-RSA) to recover the plaintext, and because then choose the 7th option
![flag](images/flag.png)
```
byuctf{NEVER_USE_SAME_MODULUS_WITH_DIFFERENT_e_VALUES}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 86 KiB

View File

@ -0,0 +1,9 @@
n = 158307578375429142391814474806884486236362186916188452580137711655290101749246194796158132723192108831610021920979976831387798531310286521988621973910776725756124498277292094830880179737057636826926718870947402385998304759357604096043571760391265436342427330673679572532727716853811470803394787706010603830747
e1 = 65537
c1 = 147465654815005020063943150787541676244006907179548061733683379407115931956604160894199596187128857070739585522099795520030109295201146791378167977530770154086872347421667566213107792455663772279848013855378166127142983660396920011133029349489200452580907847840266595584254579298524777000061248118561875608240
e2 = 65521
c2 = 142713643080475406732653557020038566547302005567266455940547551173573770529850069157484999432568532977025654715928532390305041525635025949965799289602536953914794718670859158768092964083443092374251987427058692219234329521939404919423432910655508395090232621076454399975588453154238832799760275047924852124717

BIN
BYUCTF 2023/chall.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.9 KiB

View File

@ -0,0 +1,26 @@
# Bing
> `-`
## About the Challenge
We have been given a website that contains a form and we can input a host there
![preview_1](images/preview_1.png)
And then I tried to input 127.0.0.1 and here was the output
![preview_2](images/preview_2.png)
## How to Solve?
We need to exploit the website using `Command Injection` vulnerability in order to read the flag. Here is the payload that I used to read the flag
```
127.0.0.1;c\a\t${IFS}/f\lag.txt${IFS}|base64
```
Because some of the commands are blacklisted by the website (Like `cat` or `ls`), we can trick it with `/` character. And because whitespace is also blacklisted by the website we can use `${IFS}`
![flag](images/flag.png)
```
dead{okokok!!!_th1s_flAg_f0R_Y0U}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 276 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 32 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 25 KiB

View File

@ -0,0 +1,29 @@
# FRSS
> `-`
## About the Challenge
We got a websites that can make requests to other websites and display the response
![preview](images/preview.png)
We need to access `/hehe.txt` by using that feature. However there is a limit of characters that we can input into that form
![preview_2](images/preview_2.png)
## How to Solve?
In order to read the flag, we need to access the website internally and access the `/hehe.txt` endpoint
At first, I inputted `127.0.0.1/hehe.txt` but the response is `Oh no no, url is too long I can't handle it`. And then I and found this [payload](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md)
![PayloadAllTheThings](images/PayloadAllTheThings.png)
So, my final payload was:
```
0.0.0.0/hehe.txt
```
![flag](images/flag.png)
```
dead{Ashiiiibaaa_you_hAv3_Pybass_chA11}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 30 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 33 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 36 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 72 KiB

View File

@ -0,0 +1,10 @@
# DeadSec CTF 2023
CTF writeup for The DeadSec CTF 2023. I took part in this CTF competition with the TCP1P team, and got 16th place out of 436 teams
Thanks to the team especially @dimasma0305
| Category | Challenge |
| --- | --- |
| Web | [FRSS](/DeadSec%20CTF%202023/FRSS/)
| Web | [Bing](/DeadSec%20CTF%202023/Bing/)
| Web | [XEE1](/DeadSec%20CTF%202023/XEE1/)

View File

@ -0,0 +1,38 @@
# XEE1
> flag in flag.txt
## About the Challenge
We have been given a website that contains a login page
![preview](images/preview.png)
And if we check the HTTP request and response when entering the username and password
![http](images/http.png)
## How to Solve?
At first, Im using a `file` protocol to read `/flag.txt` file
![first_request](images/first_request.png)
But the output was `You can't read the flag`. Im very confused because my payload was working perfectly if I want to read another file (ex: /etc/passwd)
![testing](images/testing.png)
So I decided to use PHP wrapper to encoded the output with `base64` encoding. Here is the final payload
```xml
<!--?xml version="1.0" ?-->
<!DOCTYPE replace [<!ENTITY ent SYSTEM "php://filter/read=convert.base64-encode/resource=/flag.txt"> ]>
<user>
<username>&ent;</username>
<password>test</password>
</user>
```
![flag](images/flag.png)
```
dead{n1ce_br0_XE3_3z_h3h3}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 145 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 234 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 132 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 27 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 246 KiB

View File

@ -5,15 +5,15 @@ Thanks to the team especially @spitfire
| Category | Challenge |
| --- | --- |
| Jubilife | [The Historian Channel - 1](/ICSJWG%20CTF%202023/)
| Jubilife | [The Historian Channel - 2](/ICSJWG%20CTF%202023/)
| Jubilife | [The Historian Channel - 3](/ICSJWG%20CTF%202023/)
| Jubilife | [Windows Pane - 1](/ICSJWG%20CTF%202023/)
| Jubilife | [Windows Pane - 2](/ICSJWG%20CTF%202023/)
| Jubilife | [Windows Pane - 3](/ICSJWG%20CTF%202023/)
| Jubilife | [Chrome-Plated Nonsense - 1](/ICSJWG%20CTF%202023/)
| Jubilife | [Chrome-Plated Nonsense - 2](/ICSJWG%20CTF%202023/)
| Snowpoint | [The Phish Tank - 1](/ICSJWG%20CTF%202023/)
| Snowpoint | [The Phish Tank - 2](/ICSJWG%20CTF%202023/)
| Snowpoint | [The Phish Tank - 3a](/ICSJWG%20CTF%202023/)
| Snowpoint | [The Phish Tank - 3b](/ICSJWG%20CTF%202023/)
| Jubilife | [The Historian Channel - 1](/ICSJWG%20CTF%202023/The%20Historian%20Channel%20-%201/)
| Jubilife | [The Historian Channel - 2](/ICSJWG%20CTF%202023/The%20Historian%20Channel%20-%202/)
| Jubilife | [The Historian Channel - 3](/ICSJWG%20CTF%202023/The%20Historian%20Channel%20-%203/)
| Jubilife | [Windows Pane - 1](/ICSJWG%20CTF%202023/Windows%20Pane%20-%201/)
| Jubilife | [Windows Pane - 2](/ICSJWG%20CTF%202023/Windows%20Pane%20-%202/)
| Jubilife | [Windows Pane - 3](/ICSJWG%20CTF%202023/Windows%20Pane%20-%203/)
| Jubilife | [Chrome-Plated Nonsense - 1](/ICSJWG%20CTF%202023/Chrome-Plated%20Nonsense%20-%201/)
| Jubilife | [Chrome-Plated Nonsense - 2](/ICSJWG%20CTF%202023/Chrome-Plated%20Nonsense%20-%202/)
| Snowpoint | [The Phish Tank - 1](/ICSJWG%20CTF%202023/The%20Phish%20Tank%20-%201/)
| Snowpoint | [The Phish Tank - 2](/ICSJWG%20CTF%202023/The%20Phish%20Tank%20-%202/)
| Snowpoint | [The Phish Tank - 3a](/ICSJWG%20CTF%202023/The%20Phish%20Tank%20-%203a/)
| Snowpoint | [The Phish Tank - 3b](/ICSJWG%20CTF%202023/The%20Phish%20Tank%20-%203b/)

View File

@ -44,3 +44,6 @@ List of CTF events that i have joined before
| Cyberconférence CTF (24h@CTF '23) | 14 April, 23:00 WIB — 16 April 2023, 21:00 WIB | [Link](/24h%40CTF%202023/) |
| Texas Security Awareness Week 2023 | 15 April, 22:00 WIB — 17 April 2023, 05:00 WIB | [Link](/TexSAW%202023/) |
| WaniCTF 2023 | 04 May, 13:00 WIB — 06 May 2023, 13:00 WIB | [Link](/WaniCTF%202023/) |
| ICSJWG Spring 2023 | 07 May, 01:00 WIB — 12 May 2023, 01:00 WIB | [Link](/ICSJWG%20CTF%202023/) |
| DeadSec CTF 2023 | 19 May, 20:00 WIB — 21 May 2023, 20:00 WIB | [Link](/DeadSec%20CTF%202023/) |
| BYUCTF 2023 | 20 May, 00:00 WIB — 21 May 2023, 12:00 WIB | [Link](/BYUCTF%202023/) |