feat: added 0xL4ugh CTF 2024

2023/Business CTF 2023 The Great Escape/README.md

@@ -11,4 +11,4 @@ CTF writeup for The HTB Business CTF 2023 The Great Escape. I took part in this
 | Crypto | [Initialization](/2023/Business%20CTF%202023%20The%20Great%20Escape/Initialization/)
 | Reversing | [DrillingPlatform](/2023/Business%20CTF%202023%20The%20Great%20Escape/DrillingPlatform/)
 
-> I didn't create the writeup for cloud and fullpwn because i don't have an access to the chall again
+> I didn't create the writeup for the `cloud` and `fullpwn` challenge because i don't have an access to the challenge again

2023/CSAW CTF Qualification Round 2023/README.md

@@ -7,4 +7,4 @@ CTF writeup for The CSAW CTF Qualification Round 2023. I took part in this CTF c
 | Misc | [Discord Admin Bot](/2023/CSAW%20CTF%20Qualification%20Round%202023/Discord%20Admin%20Bot/)
 | Misc | [AndroidDropper](/2023/CSAW%20CTF%20Qualification%20Round%202023/AndroidDropper/)
 
-> I didn't create a writeup for `stonk` and `Philantrophy` chall
+> I didn't create a writeup for the `stonk` and `Philantrophy` challenge

2023/NewportBlakeCTF 2023/README.md

@@ -12,4 +12,4 @@ CTF writeup for The NewportBlakeCTF 2023. I took part in this CTF competition (S
 | Misc | [do you hear that?](/2023/NewportBlakeCTF%202023/do%20you%20hear%20that/)
 | Misc | [not accepted](/2023/NewportBlakeCTF%202023/not%20accepted/)
 
-> I didn't create a writeup for OSINT chall
+> I didn't create a writeup for the `OSINT` challenge

2024/0xL4ugh CTF 2024/GitMeow-Revenge/README.md

@@ -0,0 +1,77 @@
+# GitMeow-Revenge
+> Just another annoying git challenge, without grep :)
+
+> Updated blacklist on remote server
+
+> BLACKLIST = ["|", "\"", "'", ";", "$", "\\", "#", "*", "(", ")", "&", "^", "@", "!", "<", ">", "%", ":", ",", "?", "{", "}", "`","diff","/dev/null","patch","./","alias","push","grep","f4k3","fl4g","f0r","n00b5","flag","work"]
+
+## About the Challenge
+We got a server to connect and source code (You can download the source code [here](gitmeow-misc.zip)). If we check the source code:
+
+```python
+import os
+from banner import monkey
+
+BLACKLIST = ["|", "\"", "'", ";", "$", "\\", "#", "*", "(", ")", "&", "^", "@", "!", "<", ">", "%", ":", ",", "?", "{", "}", "`","diff","/dev/null","patch","./","alias","push","grep","f4k3","fl4g","f0r","n00b5","flag","work"]
+
+def is_valid_utf8(text):
+    try:
+        text.encode('utf-8').decode('utf-8')
+        return True
+    except UnicodeDecodeError:
+        return False
+
+def get_git_commands():
+    commands = []
+    print("Enter git commands (Enter an empty line to end):")
+    while True:
+        try:
+            user_input = input("")
+        except (EOFError, KeyboardInterrupt):
+            break
+
+        if not user_input:
+            break
+
+        if not is_valid_utf8(user_input):
+            print(monkey)
+            exit(1337)
+
+        for command in user_input.split(" "):
+            for blacklist in BLACKLIST:
+                if blacklist in command:
+                    print(monkey)
+                    exit(1337)
+            
+
+        commands.append("git " + user_input)
+
+    return commands
+
+def execute_git_commands(commands):
+    for command in commands:
+        output = os.popen(command).read()
+        if "{f4k3_fl4g_f0r_n00b5}" in output:
+            print(monkey)
+            exit(1337)
+        else:
+            print(output)
+            
+
+
+commands = get_git_commands()
+execute_git_commands(commands)
+```
+
+We only need to obtain the flag using the git command
+
+![preview](images/preview.png)
+
+## How to Solve?
+In this case im using `git show --name-status` command in order to read the flag (I believe this is unintended, because someone already put the flag in the commit)
+
+![flag](images/flag.png)
+
+```
+0xL4ugh{GiT_D0c3_F0r_Th3_WiN_Gr3p_R3v3ng3!}
+```

2024/0xL4ugh CTF 2024/Library-Revenge/README.md

@@ -0,0 +1,40 @@
+# Library-Revenge
+> Built a book library, however my friend says that i made a really nasty mistake!
+
+## About the Challenge
+We got a server to connect and a source code (You can download the source code [here](Library-revenge-misc.zip))
+
+This program has many functions. For example, we can add a member, search for a book, etc
+
+![preview](images/preview.png)
+
+## How to Solve?
+This program is vulnerable to format string vulnerability where we can access other attributes (You can check more about the vulnerability [here](https://podalirius.net/en/articles/python-format-string-vulnerabilities/))
+
+```python
+        elif choice == "7":
+            choice = console.input("\n[bold blue]Book Manager:[/bold blue]\n1. Save Existing\n2. Create new book\n[bold blue]Enter your choice (1-2): [/bold blue]")
+            if choice == "1":
+                title = console.input("[bold blue]Enter Book title to save: [/bold blue]").strip()
+                file = SaveFile(library.display_books(title=title))
+                save_book(file.file, content="Hello World")
+            else:
+                save_file = SaveFile()
+                title = console.input("[bold blue]Enter book title: [/bold blue]").strip()
+                author = console.input("[bold blue]Enter book author: [/bold blue]")
+                isbn = console.input("[bold blue]Enter book ISBN: [/bold blue]")
+                num_copies = int(console.input("[bold blue]Enter number of copies: [/bold blue]"))
+                title = title.format(file=save_file)
+                book = Book(title,author, isbn)
+                isbn_to_book[isbn] = book
+                library.add_book(book, num_copies)
+                save_book(title)
+```
+
+So, if we input `{file.__init__.__globals__}` in the book title, we can read the value of the `FLAG` variable.
+
+![flag](images/flag.png)
+
+```
+0xL4ugh{TrU5t_M3_LiF3_I5_H4rD3r_Wi7h0u7_4_W1f3!}
+```

2024/0xL4ugh CTF 2024/Library/README.md

@@ -0,0 +1,36 @@
+# Library
+> Built a book library, however my friend says that i made a nasty mistake!
+
+## About the Challenge
+We got a server to connect and a source code (You can download the source code [here](Library-misc.zip))
+
+This program has many functions. For example, we can add a member, search for a book, etc
+
+![preview](images/preview.png)
+
+## How to Solve?
+This website is vulnerable to argument injection in the `check_file_presence()` function, and there's a `print(result)` code, so we can see the command output here
+
+```python
+def check_file_presence():
+    book_name = shlex.quote(console.input("[bold blue]Enter the name of the book (file) to check:[/bold blue] "))
+    command = "ls " + book_name
+
+    try:
+        result = os.popen(command).read().strip()
+        print(result)
+        if result == book_name:
+            console.print(f"[bold green]The book is present in the current directory.[/bold green]")
+        else:
+            console.print(f"[bold red]The book is not found in the current directory.[/bold red]")
+    except Exception as e:
+        console.print(f"[bold red]Error: {e}[/bold red]")
+```
+
+To obtain the flag I just using `-la` command (I believe this is unintended because someone has already placed the flag in the same directory as this program)
+
+![flag](images/flag.png)
+
+```
+0xL4ugh{TrU5t_M3_LiF3_I5_H4rD3r!}
+```

2024/0xL4ugh CTF 2024/README.md

@@ -0,0 +1,11 @@
+# 0xL4ugh CTF 2024
+CTF writeup for 0xL4ugh CTF 2024. I took part in this CTF competition with the HCS team and secured the 17th place out of 1428 teams
+
+| Category | Challenge |
+| --- | --- |
+| Misc | [Library](/2024/TetCTF%202024/TET%20&%204N6/)
+| Misc | [Library-Revenge](/2024/TetCTF%202024/TET%20&%204N6/)
+| Misc | [GitMeow-Revenge](/2024/TetCTF%202024/TET%20&%204N6/)
+| Web | [Library](/2024/TetCTF%202024/TET%20&%204N6/)
+
+> I didn't write a write-up for the `Forensic` challenge

2024/0xL4ugh CTF 2024/Simple WAF/README.md

@@ -0,0 +1,66 @@
+# Simple WAF
+> i whitelisted input values so, i think iam safe : P
+
+## About the Challenge
+We got a website and the source code (You can download the source code [here](simple_waf_togive.zip)). The source code is pretty simple:
+
+```php
+require_once("db.php");
+
+function waf($input)
+{
+    if(preg_match("/([^a-z])+/s",$input))
+    {
+        return true;
+    }
+    else
+    {
+        return false;
+    }
+}
+
+
+if(isset($_POST['login-submit']))
+{
+	if(!empty($_POST['username'])&&!empty($_POST['password']))
+	{
+        $username=$_POST['username'];
+		$password=md5($_POST['password']);
+        if(waf($username))
+        {
+            die("WAF Block");
+        }
+        else
+        {
+            $res = $conn->query("select * from users where username='$username' and password='$password'");
+                                                                    
+            if($res->num_rows ===1)
+            {
+                echo "0xL4ugh{Fake_Flag}";
+            }
+            else
+            {
+                echo "<script>alert('Wrong Creds')</script>";
+            }
+    }
+
+	}
+	else
+	{
+		echo "<script>alert('Please Fill All Fields')</script>";
+	}
+}
+```
+
+This website is vulnerable to SQL injection, but there's a waf() function that we need to bypass in order to perform SQL injection
+
+![previwe](images/preview.png)
+
+## How to Solve?
+We need to overflow the `preg_match` function by supplying a lot of characters, followed by an SQL injection payload (e.g., `' or true-- -`)
+
+![flag](images/flag.png)
+
+```
+0xL4ugh{0ohh_You_Brok3_My_Wh1te_List!!!}
+```

README.md

@@ -46,6 +46,8 @@ List of CTF events that i have joined before
 | KnightCTF 2024 | Yes | [Link](/2024/KnightCTF%202024/) |
 | Mapna CTF 2024 | No | - |
 | TetCTF 2024 | Yes | [Link](/2024/TetCTF%202024/) |
+| L3HCTF 2024 | No | - |
+| 0xL4ugh CTF 2024 | Yes |[Link](/2024/0xL4ugh%20CTF%202024/) |
 
 ### Local Events
 | Event Name | Writeup Available? | Writeup Link |