feat: added pingCTF

1337UP LIVE CTF/Keyless/README.md

@@ -60,5 +60,5 @@ Run the script and voilà!
 ![flag](images/flag.png)
 
 ```
-HackTM{Timisoara}
+INTIGRITI{m4yb3_4_k3y_w0uld_b3_b3773r_4f73r_4ll}
 ```

Cyber Jawara 2023 - Umum/README.md

@@ -3,5 +3,5 @@ CTF writeup for The HackTM CTF 2023. I took part in this CTF competition with No
 
 | Category | Challenge |
 | --- | --- |
-| Web | [Static Web](/HackTM%20Quals%202023/Blog/)
-| Web | [Magic 1](/HackTM%20Quals%202023/Blog/)
+| Web | [Static Web](/Cyber%20Jawara%202023%20-%20Umum/Static%20Web/)
+| Web | [Magic 1](/Cyber%20Jawara%202023%20-%20Umum/Magic%201/)

NahamCon CTF 2023/IR #2/README.md

@@ -14,5 +14,5 @@ So I tried to check the browser download history and I got nothing, and then I t
 ![flag](images/flag.png)
 
 ```
-HackTM{Timisoara}
+flag{75f086f265fff161f81874c6e97dee0c}
 ```

README.md

@@ -126,6 +126,8 @@ List of CTF events that i have joined before
 | TSG CTF 2023 | Yes | [Link](/TSG%20CTF%202023/) |
 | 1337UP LIVE CTF | Yes | [Link](/1337UP%20LIVE%20CTF/) |
 | NewportBlakeCTF 2023 | Yes | [Link](/NewportBlakeCTF%202023/) |
+| Hackappatoi CTF '23 | No | - |
+| pingCTF 2023 | Yes | [Link](/pingCTF%202023/) |
 
 ### Local Events
 | Event Name | Writeup Available? | Writeup Link |

pingCTF 2023/README.md

@@ -0,0 +1,10 @@
+# pingCTF 2023
+CTF writeup for The pingCTF 2023. I took part in this CTF competition with the TCP1P team and secured the 18th place out of 794 teams
+
+| Category | Challenge |
+| --- | --- |
+| Web | [i-see-no-vulnerability](/pingCTF%202023/i-see-no-vulnerability/)
+| Web | [youtube-trailer](/pingCTF%202023/youtube-trailer/)
+| Web | [internet-explorer](/pingCTF%202023/internet-explorer/)
+| Misc | [internet-cat](/pingCTF%202023/internet-cat/)
+| Cryptography | [hard-work](/pingCTF%202023/hard-work/)

pingCTF 2023/hard-work/README.md

@@ -0,0 +1,19 @@
+# hard-work
+> You've received a cryptic message from your boss at the company. Apparently, your aggressive demeanor has raised concerns, and your paycheck is on hold until you decipher the hidden magic message.
+
+## About the Challenge
+We were given an encrypted msg (You can download the msg [here](9cddbd472fe3ad694468f3799cb80e08.zip))and we need to decode it
+
+## How to Solve?
+Upload to cyberchef and then use this options:
+* Hex
+* Octal
+* Binary
+* Hex
+* Base64
+
+![flag](images/flag.png)
+
+```
+ping{patience_is_the_key_to_tranquility}
+```

pingCTF 2023/i-see-no-vulnerability/README.md

@@ -0,0 +1,83 @@
+# i-see-no-vulnerability
+> With AI we are entering a new era! Join us in this exciting journey with our visionary app!
+
+> When solving this challenge a new one will be unlocked which is a sequel to this one.
+
+## About the Challenge
+We were given a website and a source code (You can download the source code [here](1c24ae229fff8eb7ac53c1252e52b12e.zip)). And this website has a functionality where the uploaded images will be read using OCR, and if text is found in the image, the text will be displayed on the website.
+
+![preview](images/preview.png)
+
+This is when I uploaded a photo containing the text `Hi daffainfo`
+
+![preview 2](images/preview2.png)
+
+## How to Solve?
+If you look at the source code, our input will go into a script HTML tag and div tag
+
+```html
+<head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <title>Image {{IMAGE}}</title>
+    <link
+        rel="stylesheet"
+        href="https://cdn.jsdelivr.net/npm/bulma@0.9.4/css/bulma.min.css" />
+</head>
+<body>
+    <section class="hero">
+        <div class="hero-body">
+            <p class="title">I'm a visionary!!!</p>
+            <p class="subtitle">I see...</p>
+            <div id="vision">{{VISION_TEXT}}</div>
+        </div>
+    </section>
+    <footer class="footer">
+        <div class="content has-text-centered">
+            <p><a href="/">Go back</a></p>
+            <p>
+                NSFW? <form method="post" action="/report/{{IMAGE}}"><input type="submit" value="Click here to report" class="button" /></form>
+            </p>
+        </div>
+    </footer>
+    <script>
+        const text = "{{VISION_TEXT}}";
+        if (text.length === 0) {
+            vision.innerHTML = "<img src='/i-see-nothing.gif' />";
+        }
+    </script>
+</body
+```
+
+And because the program filters image text using `DOMPurify`, we cannot use HTML tags to perform XSS, so we cannot place an XSS payload in `div` tags, and the other option is to place the XSS payload in `script` tags.
+
+```javascript
+app.get("/result/:uuid", (req, res) => {
+	const { uuid } = req.params;
+	if (isValidUUID(uuid)) {
+		const unsafe_text = visionedDict[uuid];
+		if (unsafe_text === undefined) {
+			return res.redirect("/");
+		}
+		const text = DOMPurify.sanitize(unsafe_text);
+		const page = readFileSync("./templates/result.html", "utf8")
+			.replaceAll("{{VISION_TEXT}}", text)
+			.replaceAll("{{IMAGE}}", uuid);
+		res.send(page);
+	} else {
+		res.status(400).send("Invalid UUID");
+	}
+});
+```
+
+This is the final payload I used to obtain the flag:
+
+![payload](images/payload.png)
+
+Upload the image and then press the report button
+
+![flag](images/flag.png)
+
+```
+ping{a2cfbb9ccd0d1b649cbf99669930092b}
+```

pingCTF 2023/internet-cat/README.md

@@ -0,0 +1,48 @@
+# internet-cat
+> I heard that there are is no official nc for windows and I love this OS! Fortunately, my black hat hacker colleague has sent me his forged copy that he intercepted from other hackers which have intercepted it from others and that from others... I don't know how many times it was intercepted but it works! I have tested it on my Windows 10 and it works like a charm!
+
+## About the Challenge
+We were given a file called `80295df3cfa79de08064ddffed0deff5.zip` (You can download the file [here](880295df3cfa79de08064ddffed0deff5.zip)). Here is the preview of the program
+
+## How to Solve?
+If you upload the file to an online malware sandbox (in this case, I am using https://www.hybrid-analysis.com/), you will receive a base64 string.
+
+![base64](images/base64.png)
+
+Decode it using `base64` encoding and you'll get a GitHub gist
+
+```
+https://gist.github.com/tomek7667/92393a59207d91379f9ee8785878b98b/e3dc6bb2fed39c0f9d3a74b30af09394174ef78c
+```
+
+If you open the GitHub gist, you'll see `Nothing to see here, move along.` msg. But there are 2 revisions here, open the first revision and you'll get a list of numbers
+
+![gist](images/gist.png)
+
+And then upload to cyberchef and then use this options:
+* Octal
+* Base64
+* Hex
+* Base58
+* Render Image
+* Parse QR Code
+
+And you'll get another URL
+
+![cyberchef](images/cyberchef.png)
+
+Open the URL and you got another string
+
+```
+UEsDBBQACQBjABpciVcFV6wiRQAAACcAAAAIAAsAZmxhZy50eHQBmQcAAQBBRQMIAOqNoUX0Z5cij1J6uViuJOT+jLbo0Tibnbs0x++zz1pfItBmkkebOjEsVMVAxWFcUO8yYdA4CXgjEECKzi+mBqdI+rjACFBLBwgFV6wiRQAAACcAAABQSwECHwAUAAkAYwAaXIlXBVesIkUAAAAnAAAACAAvAAAAAAAAACAIAAAAAAAAZmxhZy50eHQKACAAAAAAAAEAGAATmwIRiyraARObAhGLKtoBNqEVIIcq2gEBmQcAAQBBRQMIAFBLBQYAAAAAAQABAGUAAACGAAAAAAA=
+```
+
+Decode it again using `base64` encoding and you will receive a password-protected zip file. Crack it using john
+
+![zip](images/zip.png)
+
+Enter the password and voilà!
+
+```
+ping{u_w4nt3d_f0r3n51C5_4nD_y0u_g0t_17}
+```

pingCTF 2023/internet-explorer/README.md

@@ -0,0 +1,20 @@
+# internet-explorer
+> Can you run Internet Explorer on Linux?
+
+## About the Challenge
+We were given a website without the source code, and this is what the website looks like
+
+![preview](images/preview.png)
+
+## How to Solve?
+At first I tried to change the `User-Agent` header from `Windows` to `Linux` and I got another response:
+
+![linux](images/linux.png)
+
+So I googled and found a correct header for Internet Explorer in Linux
+
+![flag](images/flag.png)
+
+```
+ping{ping{the_best_browser_ever_made111}}
+```

pingCTF 2023/youtube-trailer/README.md

@@ -0,0 +1,14 @@
+# youtube-trailer
+> Watch the PING CTF 2023 official trailer and find the flag!
+
+## About the Challenge
+We were given a youtube link
+
+## How to Solve?
+Open the website and then find the flag in the source code by pressing `CTRL + U`
+
+![flag](images/flag.png)
+
+```
+ping{hello_welcome_to_ping_ctf}
+```