Merge pull request #6 from yaudahbanh/Nahamcon-CTF-2023

Add: Goose Chase, One Zero, One Zero Two, Regina
2023-07-09 20:55:40 +07:00 · 2023-07-09 20:55:40 +07:00 · d2c9665e86
parent 061e41f729 ddaebf1133
commit d2c9665e86
13 changed files with 97 additions and 1 deletions
--- a/Chase/README.md
+++ b/Chase/README.md
@ -0,0 +1,29 @@
+# Goose Chase
+
+> I am truly sorry. I really do apologize... I hope you can bear with me as I set you all loose together, on a communal collaboriative wild goose chase.
+
+[Google sheets link](https://docs.google.com/spreadsheets/d/17qy0Yw1_8rLOhrG5MWT8rWzpMi3_1vr3A_khcv3j6Cc/)
+
+## How to Solve
+
+First visit the google sheets link
+
+After that make copy from the sheets
+
+![solve](images/solve.jpg)
+
+Access the hidden sheet
+
+![solve2](images/solve2.jpg)
+
+You will see the link to the other sheets
+
+![solve3](images/solve3.jpg)
+
+View-source the sheets, and you get the flag
+
+![flag](images/flag.jpg)
+
+```
+flag{323264294cc2a4ebb2c8d5f9e0afb0f7}  
+```
--- a/Chase/images/flag.jpg
+++ b/Chase/images/flag.jpg
--- a/Chase/images/solve.jpg
+++ b/Chase/images/solve.jpg
--- a/Chase/images/solve2.jpg
+++ b/Chase/images/solve2.jpg
--- a/Chase/images/solve3.jpg
+++ b/Chase/images/solve3.jpg
--- a/Two/README.md
+++ b/Two/README.md
@ -0,0 +1,21 @@
+# One Zero
+
+> You only get one zero... for real this time. ;)
+
+## How to Solve
+
+To solve this you need bash obfuscate method
+
+[Bash Obfuscate Tool](https://gist.github.com/dimasma0305/c3d5d3cac71c8240a491a3010f2372b8)
+
+The original payload is `bash <<< {cat, flag.txt}`
+
+After obfuscate became this 
+
+```${!#} <<< {$\'\\${##}$((${##}<<$((${##}))<<$((${##}))))$((${##}<<$((${##}))^${##}))\\${##}$((${##}<<$((${##}))<<$((${##}))))${##}\\${##}$(($((${##}<<$((${##}))^${##}))<<${##}))$((${##}<<$((${##}))<<$((${##}))))\',$\'\\${##}$((${##}<<$((${##}))<<$((${##}))))$(($((${##}<<$((${##}))^${##}))<<${##}))\\${##}$((${##}<<$((${##}))<<$((${##}))^${##}))$((${##}<<$((${##}))<<$((${##}))))\\${##}$((${##}<<$((${##}))<<$((${##}))))${##}\\${##}$((${##}<<$((${##}))<<$((${##}))))$(($((${##}<<$((${##}))^${##}))<<${##}^${##}))\\$((${##}<<$((${##}))<<$((${##}))^${##}))$(($((${##}<<$((${##}))^${##}))<<${##}))\\${##}$(($((${##}<<$((${##}))^${##}))<<${##}))$((${##}<<$((${##}))<<$((${##}))))\\${##}$(($((${##}<<$((${##}))^${##}))<<${##}^${##}))${#}\\${##}$(($((${##}<<$((${##}))^${##}))<<${##}))$((${##}<<$((${##}))<<$((${##}))))\',}```
+
+![flag](images/flag.png)
+
+```
+flag{5d15f415ef8e8601f80340761c5918be}
+```
--- a/Two/images/flag.png
+++ b/Two/images/flag.png
--- a/Zero/README.md
+++ b/Zero/README.md
@ -0,0 +1,21 @@
+# One Zero
+
+> You only get one zero. ;)
+
+## How to Solve
+
+To solve this you need bash obfuscate method
+
+[Bash Obfuscate Tool](https://gist.github.com/dimasma0305/c3d5d3cac71c8240a491a3010f2372b8)
+
+The original payload is `bash <<< {cat, flag.txt}`
+
+After obfuscate became this 
+
+```${!#} <<< {$\'\\${##}$((${##}<<$((${##}))<<$((${##}))))$((${##}<<$((${##}))^${##}))\\${##}$((${##}<<$((${##}))<<$((${##}))))${##}\\${##}$(($((${##}<<$((${##}))^${##}))<<${##}))$((${##}<<$((${##}))<<$((${##}))))\',$\'\\${##}$((${##}<<$((${##}))<<$((${##}))))$(($((${##}<<$((${##}))^${##}))<<${##}))\\${##}$((${##}<<$((${##}))<<$((${##}))^${##}))$((${##}<<$((${##}))<<$((${##}))))\\${##}$((${##}<<$((${##}))<<$((${##}))))${##}\\${##}$((${##}<<$((${##}))<<$((${##}))))$(($((${##}<<$((${##}))^${##}))<<${##}^${##}))\\$((${##}<<$((${##}))<<$((${##}))^${##}))$(($((${##}<<$((${##}))^${##}))<<${##}))\\${##}$(($((${##}<<$((${##}))^${##}))<<${##}))$((${##}<<$((${##}))<<$((${##}))))\\${##}$(($((${##}<<$((${##}))^${##}))<<${##}^${##}))${#}\\${##}$(($((${##}<<$((${##}))^${##}))<<${##}))$((${##}<<$((${##}))<<$((${##}))))\',}```
+
+![flag](images/flag.png)
+
+```
+flag{81b9de37f5bd218c9f59ac2d9d709bf6}
+```
--- a/Zero/images/flag.png
+++ b/Zero/images/flag.png
--- a/2023/README.md
+++ b/2023/README.md
@ -13,6 +13,13 @@ CTF writeup for The NahamCon CTF 2023. I took part in this CTF competition with
 | Web | [Hidden Figures](/NahamCon%20CTF%202023/Hidden%20Figures/)
 | Web | [Star Wars](/NahamCon%20CTF%202023/Star%20Wars/)
 | Web | [Sticker](/NahamCon%20CTF%202023/Stickers/)
+| Mobile | [JNInjaSpeak](/NahamCon%20CTF%202023/JNInjaSpeak/)
 | Warmups | [Glasses](/NahamCon%20CTF%202023/Glasses/)
+| Warmups | [Regina](/NahamCon%20CTF%202023/Regina/)
+| Warmups | [tiny little fibers](/NahamCon%20CTF%202023/tiny%20little%20fibers/)
 | Misc | [Where's My Water?](/NahamCon%20CTF%202023/Where's%20My%20Water/)
-| Misc | [Wordle Bash](/NahamCon%20CTF%202023/Wordle%20Bash/)
+| Misc | [Wordle Bash](/NahamCon%20CTF%202023/Wordle%20Bash/)
+| Misc | [Zombie](/NahamCon%20CTF%202023/Zombie/)
+| Misc | [Goose Chase](/NahamCon%20CTF%202023/Goose%20Chase/)
+| Misc | [One Zero](/NahamCon%20CTF%202023/One%20Zero/)
+| Misc | [One Zero Two](/NahamCon%20CTF%202023/One%20Zero%20Two/)
--- a/2023/Regina/README.md
+++ b/2023/Regina/README.md
@ -0,0 +1,18 @@
+# Regina
+
+> I have a tyrannosaurus rex plushie and I named it Regina! Here, you can talk to it :)
+
+## How to Solve
+
+First you make a parse command to execute in the server, after that you `CTRL + D`
+to send signal the end of input (EOF)
+
+![solve1](images/solve1.png)
+
+And then reproduce same process and read the flag
+
+![flag](images/flag.png)
+
+```
+flag{2459b9ae7c704979948318cd2f47dfd6}
+```
--- a/2023/Regina/images/flag.png
+++ b/2023/Regina/images/flag.png
--- a/2023/Regina/images/solve1.png
+++ b/2023/Regina/images/solve1.png