feat: added Incognito CTF 2023

0xL4ughCTF 2023/README.md

@@ -1,5 +1,5 @@
 # 0xL4ughCTF 2023
-CTF writeup for 0xL4ugh CTF 2023. I took part in this CTF competition with the TCP1P team, and got 2nd place out of 4xx teams
+CTF writeup for 0xL4ugh CTF 2023. I took part in this CTF competition with the TCP1P team, and got 2nd place out of 340 teams
 
 Thanks to the team especially @dimasma0305
 

IncognitoCTF 2023/README.md

@@ -0,0 +1,11 @@
+# IncognitoCTF 2023
+CTF writeup for The Incognito CTF 2023. I took part in this CTF competition with the HCS team, and got 18th place out of 525 teams
+
+Thanks to the team especially @0xazr and @kos0ng
+
+| Category | Challenge
+| --- | --- |
+| Web | [get flag 1](/IncognitoCTF%202023/get%20flag%201/)
+| Misc | [more sanity](/IncognitoCTF%202023/more%20sanity/)
+| Osint | [gaining insight](/IncognitoCTF%202023/gaining%20insight/)
+| Osint | [find ip](/IncognitoCTF%202023/find%20ip/)

IncognitoCTF 2023/find ip/README.md

@@ -0,0 +1,14 @@
+# find ip
+`-`
+
+## About the Challenge
+We need to find the ip to the machine
+
+## How to Solve?
+I found the IP by checking this repository (You can access the repository [here](https://github.com/kristenchavis01/dotfiles)) and there is a folder named `.ssh`. And then if we open the `known_hosts` file we can get the IP address
+
+![known_hosts](images/known_hosts.png)
+
+```
+ictf{170.187.232.216}
+```

IncognitoCTF 2023/gaining insight/README.md

@@ -0,0 +1,24 @@
+# gaining insight
+`-`
+
+## About the Challenge
+We are given an email (kristen@kristenchavis.com) and we need to find a resume
+
+## How to Solve?
+One of the team member found the resume in github repository (You can access the resume [here](https://github.com/kristenchavis01/resume/blob/main/resume.tex))
+
+![github](images/github.png)
+
+And then if we check the commit named `Added profile.jpg` (You can access the commit [here](https://github.com/kristenchavis01/resume/commit/f8545cbb1cfdb244956345e4a1a4d098bce3c59c)). There is a new Overleaf link and we if access that link. We will get a profile photo
+
+![overloeaf](images/overleaf.png)
+
+Download the profile picture first and then doing bruteforce steganography on the picture that we have download earlier (In this case im using [stegseek](https://github.com/RickdeJager/stegseek))
+
+![stegseek](images/stegseek.png)
+
+If we open the result of stegseek, we will retrieve the flag
+
+```
+ictf{av01d_th3_z1p_b0mb_87ad2th}
+```

IncognitoCTF 2023/get flag 1/README.md

@@ -0,0 +1,19 @@
+# get flag 1
+`-`
+
+## About the Challenge
+We are given a website and we need to get the flag on port `9001`
+
+![preview](images/preview.png)
+
+## How to Solve?
+I solve this chall by using SSRF (Server-Side Request Forgery) vulnerability to retrieve the flag on port 9001. But there is some filter, for example i can't use `http://127.0.0.1` payload. To bypass the filter, im using `http://0.0.0.0` payload and then i can get the flag by accessing
+```
+http://45.79.210.216:5000/getUrl?url=http://127.0.0.1:9001/flag.txt
+```
+
+And then you will retrieve the flag
+
+```
+ictf{l0c4l_byp4$$_323theu0a9}
+```

IncognitoCTF 2023/more sanity/README.md

@@ -0,0 +1,14 @@
+# Bypass 403
+`-`
+
+## About the Challenge
+We need to find the flag in incognito CTF discord bot
+
+## How to Solve?
+After attempting to send some message, I retrieved the flag by messaging the bot with the !flag command.
+
+![discord](images/discord.png)
+
+```
+ictf{!flag_work5??_p718jq091}
+```