feat: added KalmarCTF

CTF After Dark - Winter 2023/README.md

@@ -0,0 +1,13 @@
+# CTF After Dark - Winter 2023
+CTF writeup for CTF After Dark - Winter 2023. I took part in this CTF competition with the TCP1P team, and got 7th place out of 300 teams
+
+Thanks to the TCP1P team especially @dimasma0305 and @Rizsyad AR
+
+| Category | Challenge
+| --- | --- |
+| Intro | [Cookies]
+| Intro | [Secure Platform] 
+| Intro | [Bagels]
+| SQLi | [Bank] 
+| SQLi | [SQL Prevention-101]
+| LFI | [Star Poet Blog]

KalmarCTF 2023/Ez ⛳/README.md

@@ -0,0 +1,86 @@
+# Ez ⛳
+> Heard 'bout that new 🏌️-webserver? Apparently HTTPS just works(!), but seems like someone managed to screw up the setup, woops. The flag.txt is deleted until I figure out that HTTPS and PHP stuff #hacker-proof
+
+## About the Challenge
+We are given a website and the source code (You can get the source code [here])
+
+## How to Solve?
+You will notice there are 3 subdomains when you open the zip file
+
+![zip](images/zip.png)
+
+And inside the `php.caddy.chal-kalmarc.tf` folder there is a fake flag. So at first I thought we need request to `//php.caddy.chal-kalmarc.tf/flag.txt` to get the flag, but inside `docker-compose` file the author of the chall decided to remove the flag but there is a `backups` folder
+
+```bash
+apk add --update openssl nss-tools && rm -rf /var/cache/apk/ && openssl req -x509 -batch -newkey rsa:2048 -nodes -keyout /etc/ssl/private/caddy.key -days 365 -out /etc/ssl/certs/caddy.pem -subj '/C=DK/O=Kalmarunionen/CN=*.caddy.chal-kalmarc.tf' && mkdir -p backups/ && cp -r *.caddy.chal-kalmarc.tf backups/ && rm php.caddy.chal-kalmarc.tf/flag.txt && sleep 1 && caddy run
+```
+
+So, we need to access the backup folder to get the flag, but how? There is a misconfiguration on the `Caddy` configuration. The configuration will look like this
+
+```
+{
+    admin off
+    local_certs  # Let's not spam Let's Encrypt
+}
+
+caddy.chal-kalmarc.tf {
+    redir https://www.caddy.chal-kalmarc.tf
+}
+
+#php.caddy.chal-kalmarc.tf {
+#    php_fastcgi localhost:9000
+#}
+
+flag.caddy.chal-kalmarc.tf {
+    respond 418
+}
+
+*.caddy.chal-kalmarc.tf {
+    encode zstd gzip
+    log {
+        output stderr
+        level DEBUG
+    }
+
+    # block accidental exposure of flags:
+    respond /flag.txt 403
+
+    tls /etc/ssl/certs/caddy.pem /etc/ssl/private/caddy.key {
+        on_demand
+    }
+
+    file_server {
+        root /srv/{host}/
+    }
+}
+```
+
+The misconfiguration is on the `file_server` directive
+```
+file_server {
+    root /srv/{host}/
+}
+```
+
+For example if we access `https://php.caddy.chal-kalmarc.tf` caddy will serve any file inside `/srv/php.caddy.chal-kalmarc.tf/` folder, so to access the backup the HTTP request will be like this
+
+```
+GET /test HTTP/1.1
+Host: backups/php.caddy.chal-kalmarc.tf
+Accept-Encoding: gzip, deflate
+...
+```
+
+And then to access the flag, we can't access to `/flag.txt` because there is a restriction on the `caddy` configuration
+
+```
+respond /flag.txt 403
+```
+
+To bypass this restriction, we can send the HTTP request like this
+
+![flag](images/flag.png)
+
+```
+kalmar{th1s-w4s-2x0d4ys-wh3n-C4ddy==2.4}
+```

KalmarCTF 2023/README.md

@@ -0,0 +1,10 @@
+# KalmarCTF 2023
+CTF writeup for KalmarCTF 2023. I took part in this CTF competition with the TCP1P team, and got 50th place out of 891 teams
+
+Thanks to the TCP1P team especially @dimasma0305 and @ch0p
+
+| Category | Challenge
+| --- | --- |
+| Web | [Ez ⛳](/KalmarCTF%202023/Ez%20%E2%9B%B3/)
+| Forensic | [sewing-waste-and-agriculture-leftovers](/KalmarCTF%202023/sewing-waste-and-agriculture-leftovers/)
+| Misc | [Sanity Check](/KalmarCTF%202023/Sanity%20Check/)

KalmarCTF 2023/Sanity Check/README.md

@@ -0,0 +1,14 @@
+# Sanity Check
+> Have you read the rules?
+
+## About the Challenge
+To get the flag we need to check the `rules` page
+
+## How to Solve?
+Easy, just go to https://kalmarc.tf/rules, and then in the bottom of the page you will found the page
+
+![flag](images/flag.png)
+
+```
+kalmar{i_have_read_the_rules_and_each_player_has_their_own_account}
+```

KalmarCTF 2023/sewing-waste-and-agriculture-leftovers/README.md

@@ -0,0 +1,20 @@
+# sewing-waste-and-agriculture-leftovers
+> UDP - UNRELIABLE datagram protocol.
+
+## About the Challenge
+We have been given a `pcap` file (You can get the file [here](swaal.pcap.gz))
+
+## How to Solve?
+First i extract the pcap and then import the file into `Wireshark`. And then check every packet by pressing `Ctrl + Alt + Shift + U` to follow the UDP stream
+
+![udp_1](images/udp_1.png)
+
+![udp_2](images/udp_2.png)
+
+If we examine each packet, the data in each packet will form a flag but there are still many parts missing, so to solve this chall there are 2 ways combine each packet manually (Like me :D) or you can create a script to get the flag. In this case i check every packet manually and then you will get the flag
+
+![flag](images/flag.png)
+
+```
+kalmar{if_4t_first_you_d0nt_succeed_maybe_youre_us1ng_udp}
+```

README.md

@@ -17,5 +17,6 @@ List of CTF events that i have joined before
 | CTF ARA 2023 | 25 Feb., 9:00 WIB — 26 Feb. 2023, 17:00 WIB | [Link](/CTF%20ARA%202023/) |
 | VU CYBERTHON 2023 | 25 Feb., 14:00 WIB — 26 Feb. 2023, 02:00 WIB | [Link](/VU%20CYBERTHON%202023/) |
 | WxMCTF 2023 | 01 March, 12:00 WIB — 14 March 2023, 12:00 WIB	 | Soon |
+| Cyber Security Challenge Germany (CSCG) 2023 | 02 March, 00:00 WIB — 02 May 2023, 00:00 WIB | Soon |
 | CTF After Dark - Winter 2023 | 02 March, 09:00 WIB — 09 March 2023, 11:00 WIB | Soon |
-| KalmarCTF 2023 | 04 March, 00:00 WIB — 06 March 2023, 00:00 WIB | Soon |
+| KalmarCTF 2023 | 04 March, 00:00 WIB — 06 March 2023, 00:00 WIB | [Link](/KalmarCTF%202023/) |