CTF Challenges By Me Save
Pwnable|Web Security|Cryptography CTF-style challenges
Project README
CTF-challenges-by-me
These are CTF-style challenges I've made. Hope you enjoyed ✌
Highlight
Tips: Like reading book, don't read the last pages first. Let's enjoy them for a day at least before checking writeup/sol. I've put a lot of my work in each one.
I'm going to describe my highlight challenges, which I like mostly. Also point out the interesting points of them.
Web
| Name | Language | Summary | Rating | Level | Describe yet ? |
|---|---|---|---|---|---|
| prisonbreakseason2 | Python | Python Jail | ⭐⭐⭐⭐ | 💀💀💀 | ✔️ |
| XYZBANK | PHP | MySQL type casting | ⭐⭐ | 💀💀 | ✔️ |
| XYZTemplate | PHP/Javascript | Javascript/XSS | ⭐⭐ | 💀💀 | |
| cryptowww | PHP | Hash extension / urldecode trick, HTTP Parameter Pollution | ⭐⭐ | 💀💀 | ✔️ |
| curl_story_part_1 | PHP | SSRF /w CRLF Injection (it was 0day) | ⭐⭐⭐⭐ | 💀💀 | ✔️ |
| luckygame | PHP | MySQLi /w session variable + php type juggling | ⭐⭐⭐⭐ | 💀💀💀 | ✔️ |
| simplehttp | Ruby | Ruby RCE /w WEBrick::Log.new |
⭐⭐⭐⭐ | 💀💀💀 | ✔️ |
| tower4 | Python | Format injection | ⭐⭐⭐⭐ | 💀💀 | ✔️ |
| lixi | PHP | PHP syntax trick | ⭐⭐⭐ | 💀💀 | ✔️ |
| LoginMe | NodeJS | RegExp injection, MongoDB | ⭐⭐⭐ | 💀 | ✔️ |
| h4x0rs.club | PHP/JS | CSP strict-dynamic, XSS, iframe in the middle, postMessage to top |
⭐⭐⭐⭐ | 💀💀💀 | ✔️ |
| h4x0rs.space | PHP/JS | CSP, Persistent XSS, AppCache, ServiceWorker | ⭐⭐⭐⭐ | 💀💀💀 | ✔️ |
| h4x0rs.date | PHP/JS | CSP, cache, <meta> Referrer override |
⭐⭐⭐ | 💀💀 | ✔️ |
Pwnable
| Name | Summary | Rating | Level | Describe yet ? |
|---|---|---|---|---|
| anotherarena | Heap on another main_arena (threads) |
⭐⭐⭐ | 💀 | ✔️ |
| c0ffee | Race condition, with 1-byte overwrite, nearly impossible to exploit | ⭐⭐⭐⭐ | 💀💀💀 | |
| pokedex | Uninitialized memory -> Heap overflow | ⭐⭐⭐ | 💀💀 | ✔️ |
| rapgenius | Uninitialized memory -> Use-After-Free + _IO_FILE abusing (_IO_read_* && _IO_write_*) |
⭐⭐⭐ | 💀💀 | ✔️ |
| castle | Combine many of bugs: uninitliazed memory + stack overflow + heap overflow to defeat stack cookie eventually | ⭐⭐⭐⭐ | 💀💀💀 | |
| House-of-Cards | Old school pwnable, overwriting ENV |
⭐⭐⭐⭐ | 💀💀 | ✔️ |
| h4x0rs.club pt3 | Old school pwnable, Fake MySQL server, MySQL LOCAL INFILE | ⭐⭐⭐⭐⭐ | 💀💀💀 | ✔️ |
Footer
Final round SVATTT 2016 Introduction page
Twitter: @l4wio
...Dành cả tuổi thanh xuân để suy nghĩ đề CTF.
Updating...
Open Source Agenda is not affiliated with "CTF Challenges By Me" Project. README Source: l4wio/CTF-challenges-by-me
Stars
392
Open Issues
1
Last Commit
10 months ago
Repository
Homepage
Open Source Agenda Badge
