Added Web Challenges

Web/Cascade/README.md

@@ -0,0 +1,28 @@
+## Cascade
+The main idea finding the flag is just viewing the page source.
+
+#### Step-1:
+After I visited the URL: http://chall.csivit.com:30203, this web page was shown:
+
+<img src="Web1.png">
+
+
+#### Step-2:
+
+I tried all `/robots.txt`, `/flag.txt` or any access to tiny server by `//`. Also by visiting both given links, didn't give any flags.
+
+#### Step-3:
+Now, I searched for page source, and got this web page.
+
+<img src="Web2.png">
+
+I explored for `/static/style.css`.
+
+#### Step-4:
+<img src="Flag.png">
+
+Voila! I got the flag.
+
+#### Step-5:
+Finally the flag becomes:
+`csictf{w3lc0me_t0_csictf}`

Web/Mr Rami/README.md

@@ -0,0 +1,28 @@
+## Mr Rami
+The main idea finding the flag is accessing dormant sub domains of the site.
+
+#### Step-1:
+After I visited the URL: [http://chall.csivit.com:30231](http://chall.csivit.com:30231), this web page was shown:
+
+<img src="Web1.png">
+
+
+#### Step-2:
+
+I tried http://chall.csivit.com:30231/robots.txt and I got this:
+
+<img src="Robots.png">
+
+#### Step-3:
+There we got that `Disallow: /fade/to/black`, so I explored that URL: 
+http://chall.csivit.com:30231/fade/to/black
+
+
+#### Step-4:
+Voila! I got the flag there.
+
+<img src="Flag.png">
+
+#### Step-5:
+Finally the flag becomes:
+`csictf{br0b0t_1s_pr3tty_c00l_1_th1nk}`

Web/Oreo/README.md

@@ -0,0 +1,29 @@
+## Oreo
+The main idea finding the flag is just tweaking the cookies.
+
+#### Step-1:
+After I visited the URL: http://chall.csivit.com:30243/, this web page was shown:
+
+<img src="Web1.png">
+
+
+#### Step-2:
+
+I tried inspecting the element, but it wasn't helpful. So I checked the cookie and got a cookie `flavour` with value `c3RyYXdiZXJyeQ%3D%3D`.
+
+#### Step-3:
+It was simple Base64 and I decoded it to get `strawberry`.
+
+<img src="base64_decode.png">
+
+#### Step-4:
+So I got to change the flavor to chocolate as in description. So I encoded `chocolate` accordingly, to get:
+
+<img src="base64_encode.png">
+
+#### Step-5:
+I loaded that base64 encoding `Y2hvY29sYXRl` as a cookie and refreshed the page to get the flag.
+
+#### Step-6:
+Finally the flag becomes:
+`csictf{1ick_twi5t_dunk}`

Web/Secure Portal/README.md

@@ -0,0 +1,10 @@
+## Secure Portal
+The main idea finding the flag is decoding the script given.
+
+#### Step-1:
+I couldn't understand on how to proceed, so here is the writeup I followed.
+https://github.com/skyf0l/CTF/blob/master/CSICTF_2020/Web.md#secure-portal
+
+
+#### Step-2:
+`csictf{l3t_m3_c0nfus3_y0u}`

Web/Warm Up/README.md

@@ -0,0 +1,55 @@
+## Warm Up
+The main idea finding the flag is exploiting PHP type juggling.
+
+#### Step-1:
+After I visited the URL: http://chall.csivit.com:30272/, I was greeted with below code:
+
+```php
+<?php  
+  
+if (isset($_GET['hash'])) {  
+if ($_GET['hash'] === "10932435112") {  
+die('Not so easy mate.');  
+}  
+  
+$hash = sha1($_GET['hash']);  
+$target = sha1(10932435112);  
+if($hash == $target) {  
+include('flag.php');  
+print $flag;  
+} else {  
+print "csictf{loser}";  
+}  
+} else {  
+show_source(__FILE__);  
+}  
+  
+?>
+```
+
+
+#### Step-2:
+
+Sha1 of `10932435112` is `0e07766915004133176347055865026311692244`
+
+The comparison `if($hash == $target)` is vulnerable because it is not a strict comparison with `===`.
+
+#### Step-3:
+So a bit more deep search of `sha1(10932435112)` online gave me links to [Magic Hashes](https://git.linuxtrack.net/Azgarech/PayloadsAllTheThings/blob/master/PHP%20juggling%20type/README.md)
+
+#### Step-4:
+So, I tried the URL as any of the below. All have to work because all de-reference to same hash. 
+ - http://chall.csivit.com:30272/?hash=aaK1STfY 
+ - http://chall.csivit.com:30272/?hash=aaroZmOk 
+ - http://chall.csivit.com:30272/?hash=aaO8zKZF
+ - http://chall.csivit.com:30272/?hash=aa3OFF9m
+
+Any other hashes like MD5, will give false flag of `csictf{loser}`.
+
+<img src="Flag.png">
+
+Voila! I got the flag.
+
+#### Step-5:
+Finally the flag becomes:
+`csictf{typ3_juggl1ng_1n_php}`