feat: added NBCTF and CJ Umum

1337UP LIVE CTF/Triage Bot/README.md

@@ -1,4 +1,4 @@
-# Welcome To HackTM CTF 2023 Quals
+# Triage Bot
 > `-`
 
 ## About the Challenge

Business CTF 2023 The Great Escape/README.md

@@ -11,4 +11,4 @@ CTF writeup for The HTB Business CTF 2023 The Great Escape. I took part in this
 | Crypto | [Initialization](/Business%20CTF%202023%20The%20Great%20Escape/Initialization/)
 | Reversing | [DrillingPlatform](/Business%20CTF%202023%20The%20Great%20Escape/DrillingPlatform/)
 
-I didn't create the writeup for cloud and fullpwn because i don't have an access to the chall again
+> I didn't create the writeup for cloud and fullpwn because i don't have an access to the chall again

Cyber Jawara 2023 - Umum/Magic 1/README.md

@@ -0,0 +1,43 @@
+# Magic 1
+> Another warmup with PHP web app.
+
+## About the Challenge
+We were given a source code (You can download the source code [here](magic-1.zip)) and website, here is the preview of the source code
+
+![Alt text](images/preview.png)
+
+The website only has 1 functionality where we can upload a file and the file can be accessed in `results` endpoint
+
+## How to Solve?
+Even though we can upload some file, there are some restriction here
+
+```php
+function canUploadImage($file) {
+    $fileExtension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
+    $finfo = new finfo(FILEINFO_MIME_TYPE);
+    $fileMimeType = $finfo->file($file['tmp_name']);
+    $maxFileSize = 500 * 1024;
+    return (strpos($fileMimeType, 'image/') === 0 &&
+        $file['size'] <= $maxFileSize &&
+        strlen($file['name']) >= 30
+    );
+}
+...
+...
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['image'])) {
+    if (canUploadImage($_FILES['image'])) {
+        move_uploaded_file($_FILES['image']['tmp_name'], 'results/original-' . $_FILES['image']['name']);
+        $resizedImagePath = resizeImage($_FILES['image']);
+    } else {
+        $error = 'Please upload different file.';
+    }
+}
+```
+
+We need to upload an image where the file size is equal or less than 500 * 1024, and the file name is equal or greater than 30 characters. We need to insert the PHP payload into the image, for example `<?php system("cat /flag.txt"); ?>`.
+
+![flag](images/flag.png)
+
+```
+CJ2023{4n0th3r_unrestricted_file_upload__}
+```

Cyber Jawara 2023 - Umum/README.md

@@ -0,0 +1,7 @@
+# HackTM CTF 2023
+CTF writeup for The HackTM CTF 2023. I took part in this CTF competition with NobodyFansClub team and secured the 25th place out of 65 teams
+
+| Category | Challenge |
+| --- | --- |
+| Web | [Static Web](/HackTM%20Quals%202023/Blog/)
+| Web | [Magic 1](/HackTM%20Quals%202023/Blog/)

Cyber Jawara 2023 - Umum/Static Web/README.md

@@ -0,0 +1,68 @@
+# Static Web
+> "Static" web for your hacking warmup.
+
+## About the Challenge
+We only got 1 file called `index.js` and here is the content of the file
+
+```javascript
+const http = require('http');
+const fs = require('fs');
+const path = require('path');
+const url = require('url');
+
+const config = require('./config.js')
+
+const server = http.createServer((req, res) => {
+    if (req.url.startsWith('/static/')) {
+        const urlPath = req.url.replace(/\.\.\//g, '')
+        const filePath = path.join(__dirname, urlPath);
+        fs.readFile(filePath, (err, data) => {
+            if (err) {
+                res.writeHead(404);
+                res.end("Error: File not found");
+            } else {
+                res.writeHead(200);
+                res.end(data);
+            }
+        });
+    } else if (req.url.startsWith('/admin/')) {
+        const parsedUrl = url.parse(req.url, true); 
+        const queryObject = parsedUrl.query;
+        if (queryObject.secret == config.secret) {
+            res.writeHead(200);
+            res.end(config.flag);
+        } else {
+            res.writeHead(403);
+            res.end('Nope');
+        }
+    } else if (req.url == '/') {
+        fs.readFile('index.html', (err, data) => {
+            if (err) {
+                res.writeHead(500);
+                res.end("Error");
+            } else {
+                res.writeHead(200);
+                res.end(data);
+            }
+        });
+    } else {
+        res.writeHead(404);
+        res.end("404: Resource not found");
+    }
+});
+
+server.listen(3000, () => {
+    console.log("Server running at http://localhost:3000/");
+});
+```
+
+The website was vulnerable to path traversal in `/static` endpoint
+
+## How to Solve?
+Because there's a filter where we can't input `../`, we need to input `..././` to bypass the filter and then read `config.js` file to obtain the flag
+
+![flag](images/flag.png)
+
+```
+CJ2023{1st_warmup_and_m1c_ch3ck}
+```

NewportBlakeCTF 2023/32+32=64/README.md

@@ -0,0 +1,16 @@
+# 32+32=64
+> 64 is too much, but 32 isn't. 32+32=64?
+
+## About the Challenge
+We were given 2 files and each file contains base64 encoded text (You can download the file [here](32_1.txt) and [here](32_2.txt))
+
+## How to Solve?
+Open the file in CyberChef and then decode the encoded text using `Base64` encoding 32 times
+
+![Flag 1](images/flag1.png)
+
+![Flag 2](images/flag2.png)
+
+```
+nbctf{h0pE_y0U_h4d_fUn}
+```

NewportBlakeCTF 2023/Caesar Salads/README.md

@@ -0,0 +1,18 @@
+# Caesar Salads
+> Every CTF needs an introductory crypto. I found a roman emperor that made this super cool cipher. Can you decrypt this for me?
+
+## About the Challenge
+We were given a file called `output.txt` and here is the content of the file
+
+```
+Ciphertext: xlmdp{ryzo_drsc_gkcxd_dyy_rkbn_yp_k_cdkbd}
+```
+
+## How to Solve?
+Replaces each letter with the 16th letter after it in the latin alphabet
+
+![flag](images/flag.png)
+
+```
+nbctf{hope_this_wasnt_too_hard_of_a_start}
+```

NewportBlakeCTF 2023/Galleria/README.md

@@ -0,0 +1,37 @@
+# Galleria
+> Put up some fun images for everyone in this amazing image gallery!
+
+## About the Challenge
+We were given a web and a source code, the web has many functionalities such as:
+* We can upload an image
+* We can read arbitrary file
+
+Here is the preview of the website
+
+![preview](images/preview.png)
+
+## How to Solve?
+If we check the `Dockerfile` file, the flag was located in `/tmp/flag.txt` and because we can read any file using `/gallery` endpoint
+
+```python
+@app.route('/gallery')
+def gallery():
+    if request.args.get('file'):
+        filename = os.path.join('uploads', request.args.get('file'))
+        if not check_file_path(filename):
+            return redirect(url_for('gallery'))
+
+        return send_file(filename)
+
+    image_files = [f for f in os.listdir(
+        app.config['UPLOAD_FOLDER'])]
+    return render_template('gallery.html', images=image_files)
+```
+
+We can read the flag using this [payload](https://galleria.chal.nbctf.com/gallery?file=/tmp/flag.txt)
+
+![flag](images/flag.png)
+
+```
+nbctf{w0nd3rh0000yyYYyYyyYyyyYyYYYyy!}
+```

NewportBlakeCTF 2023/Inspector Gadget/README.md

@@ -0,0 +1,35 @@
+# Inspector Gadget
+> While snooping around this website, inspector gadet lost parts of his flag. Can you help him find it?
+
+## About the Challenge
+We were given a website without any source code, and the flag has been split into 4 parts. We need to find all of them
+
+## How to Solve?
+* Part 1/4:
+
+We can find this in one of the hyperlink (/gadgetmag.html)
+
+![Part 1/4](images/part1.png)
+
+* Part 2/4:
+
+There's a hidden file called `supersecrettopsecret.txt` inside `getFlag()` function
+
+![getFlag func](images/getFlag.png)
+
+![Part 2/4](images/part2.png)
+* Part 3/4:
+
+We can find this in the homepage
+
+![Part 3/4](images/part3.png)
+
+* Part 4/4:
+
+There's a new file called `/mysecretfiles.html` inside `robots.txt`
+
+![Part 4/4](images/part4.png)
+
+```
+nbctf{G00d_J06_D3tect1v3_G4dg3t352}
+```

NewportBlakeCTF 2023/README.md

@@ -0,0 +1,15 @@
+# NewportBlakeCTF 2023
+CTF writeup for The 0ByteCTF 2023. I took part in this CTF competition (Solo) and secured the 80th place out of 376+ users
+
+| Category | Challenge |
+| --- | --- |
+| Web | [Inspector Gadget](/NewportBlakeCTF%202023/Inspector%20Gadget/)
+| Web | [walter's crystal shop](/NewportBlakeCTF%202023/walter's%20crystal%20shop/)
+| Web | [secret tunnel](/NewportBlakeCTF%202023/secret%20tunnel/)
+| Web | [Galleria](/NewportBlakeCTF%202023/Galleria/)
+| Cryptography | [Caesar Salads](/NewportBlakeCTF%202023/Caesar%20Salads/)
+| Cryptography | [32+32=64](/NewportBlakeCTF%202023/32+32=64/)
+| Misc | [do you hear that?](/NewportBlakeCTF%202023/do%20you%20hear%20that?/)
+| Misc | [not accepted](/NewportBlakeCTF%202023/not%20accepted/)
+
+> I didn't create a writeup for OSINT chall

NewportBlakeCTF 2023/do you hear that?/README.md

@@ -0,0 +1,43 @@
+# do you hear that?
+> I'm not sure why, but when I look at this image I can hear some sort of faint sound. Do you hear it too?
+
+## About the Challenge
+We were given an image called `help.png` (You can download the file [here](help.png)) and if we check using `zsteg` there's a wav file inside the image
+
+```
+root@ubuntu:~# zsteg help.png
+[?] 317564 bytes of extra data after image end (IEND), offset = 0x8a24
+extradata:0         .. file: RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
+    00000000: 52 49 46 46 74 d8 04 00  57 41 56 45 66 6d 74 20  |RIFFt...WAVEfmt |
+    00000010: 10 00 00 00 01 00 01 00  44 ac 00 00 88 58 01 00  |........D....X..|
+    00000020: 02 00 10 00 64 61 74 61  50 d8 04 00 00 00 00 00  |....dataP.......|
+    00000030: 01 00 03 00 05 00 08 00  0a 00 0b 00 0b 00 09 00  |................|
+    00000040: 06 00 02 00 fe ff f9 ff  f6 ff f4 ff f5 ff f7 ff  |................|
+    00000050: fb ff 00 00 04 00 08 00  09 00 06 00 00 00 f7 ff  |................|
+    00000060: ec ff e0 ff d5 ff cd ff  c8 ff c8 ff ce ff d7 ff  |................|
+    00000070: e3 ff f0 ff fb ff 03 00  05 00 01 00 f7 ff e9 ff  |................|
+    00000080: d8 ff c9 ff be ff b9 ff  bd ff cb ff e0 ff fd ff  |................|
+    00000090: 1b 00 39 00 51 00 60 00  64 00 5c 00 4b 00 32 00  |..9.Q.`.d.\.K.2.|
+    000000a0: 18 00 02 00 f6 ff f7 ff  08 00 29 00 57 00 8d 00  |..........).W...|
+    000000b0: c3 00 f1 00 0e 01 16 01  05 01 db 00 9e 00 55 00  |..............U.|
+    000000c0: 0c 00 ce ff a6 ff 9d ff  b7 ff f2 ff 46 00 a4 00  |............F...|
+    000000d0: fb 00 36 01 40 01 09 01  88 00 ba ff aa fe 6a fd  |..6.@.........j.|
+    000000e0: 17 fc d3 fa c5 f9 10 f9  d2 f8 21 f9 01 fa 6d fb  |..........!...m.|
+    000000f0: 4c fd 7b ff cb 01 09 04  04 06 8f 07 89 08 de 08  |L.{.............|
+[!] possible image block size is 639x5, downscaling may be necessary
+```
+
+## How to Solve?
+First, we need to extract the WAV file inside the png using this command
+
+```bash
+zsteg -e extradata:0 help.png > sound.wav
+```
+
+And then use spectogram analyzer, there's an online tool like https://www.dcode.fr/spectral-analysis or you can use `Sonic Visualizer`
+
+![Flag](images/flag.png)
+
+```
+bctf{y0u_h4v3_s0m3_g00d_34rs}
+```

NewportBlakeCTF 2023/not accepted/README.md

@@ -0,0 +1,17 @@
+# not accepted
+> I can't seem to pass this problem... can you help me? https://codeforces.com/contestInvitation/9cf6e56adf19ecb8e5dd7af8a9c5bf5610c8e46e
+
+## About the Challenge
+We were given a "programming" chall, but in this case we need to only input wrong and correct answer to get all the flag
+
+## How to Solve?!
+
+![Flag 1/3](images/flag1.png)
+
+![Flag 2/3](images/flag2.png)
+
+![Flag 3/3](images/flag3.png)
+
+```
+nbctf{n1C3_y0U_90t_4lL_mY_V3rd1cTs}
+```

NewportBlakeCTF 2023/secret tunnel/README.md

@@ -0,0 +1,41 @@
+# secret tunnel
+> Can you find the flag on the other end of my secret tunnel?
+
+## About the Challenge
+We were given a website and source code (You can download the source code [here](secret_tunnel.zip)). Here is the preview of the website
+
+![preview](images/preview.png)
+
+If we check the source code, there are 2 ports `1337` and `80`. To get the flag we need to access port 1337 so this is a SSRF chall. But there are some restrictions:
+* Checks if the string "127" is present in the URL.
+* Checks if the count of dots in the URL is greater than 2.
+* Checks if the character "x" is present in the URL.
+* Checks if the string "flag" is present in the URL.
+
+The source code:
+```python
+@app.route("/fetchdata", methods=["POST"])
+def fetchdata():
+    url = request.form["url"]
+
+    if "127" in url:
+        return Response("No loopback for you!", mimetype="text/plain")
+    if url.count('.') > 2:
+        return Response("Only 2 dots allowed!", mimetype="text/plain")
+    if "x" in url:
+        return Response("I don't like twitter >:(" , mimetype="text/plain") 
+    if "flag" in url:
+        return Response("It's not gonna be that easy :)", mimetype="text/plain")
+...
+```
+
+## How to Solve?
+We can bypass the restriction using `http://0:1337/fl%61g` payload:
+* Instead of using localhost / 127.0.0.1 we can bypass it by using `http://0`
+* To bypass the `flag` string restriction, we need to encode one / more character using url encoding
+
+![flag](images/flag.png)
+
+```
+nbctf{s3cr3t_7uNN3lllllllllll!}
+```

NewportBlakeCTF 2023/walter's crystal shop/README.md

@@ -0,0 +1,41 @@
+# walter's crystal shop
+> My buddy Walter is selling some crystals, check out his shop!
+
+## About the Challenge
+We were given a website and source code (You can download the source code [here](walters_crystal_shop.zip)). There's only 1 functionality where we can search some crstal
+
+![preview](images/preview.png)
+
+## How to Solve?
+If we look at the source code, this website was vulnerable to SQL injection (SQLite)
+
+```javascript
+app.get("/crystals", (req, res) => {
+  const { name } = req.query;
+
+  if (!name) {
+    return res.status(400).send({ err: "Missing required fields" });
+  }
+
+  db.all(`SELECT * FROM crystals WHERE name LIKE '%${name}%'`, (err, rows) => {
+    if (err) {
+      console.error(err.message);
+      return res.status(500).send('Internal server error');
+    }
+
+    return res.send(rows);
+  });
+});
+```
+
+And because the flag was located in a table called `flag`. To obtain the flag we need to input this payload
+
+```
+' union select (select * from flag),2,3-- -
+```
+
+![Flag](images/flag.png)
+
+```
+nbctf{h0p3fuLLy_7h3_D3A_d035n7_kn0w_ab0ut_th3_0th3r_cRyst4l5}
+```

README.md

@@ -125,10 +125,12 @@ List of CTF events that i have joined before
 | EKOPARTY CTF 2023 | Yes | [Link](/EKOPARTY%20CTF%202023/) |
 | TSG CTF 2023 | Yes | [Link](/TSG%20CTF%202023/) |
 | 1337UP LIVE CTF | Yes | [Link](/1337UP%20LIVE%20CTF/) |
+| NewportBlakeCTF 2023 | Yes | [Link](/NewportBlakeCTF%202023/) |
 
 ### Local Events
 | Event Name | Writeup Available? | Writeup Link |
 | ---------- | ------------------ | ------------ |
+| Cyber Jawara 2023 - Umum | No | [Link](/Cyber%20Jawara%202023%20-%20Umum/) |
 | Information and Technology Festival 2023 | No | - |
 | 0ByteCTF 2023 | Yes | [Link](/0ByteCTF%202023/) |
 | N45HTCTF2023 2023 | No | - |