- Notifications
You must be signed in to change notification settings - Fork69
l4wio/CTF-challenges-by-me
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
These are CTF-style challenges I've made. Hope you enjoyed ✌
Tips: Like reading book, don't read the last pages first. Let's enjoy them for a day at least before checking writeup/sol. I've put a lot of my work in each one.
I'm going to describe my highlight challenges, which I like mostly. Also point out the interesting points of them.
| Name | Language | Summary | Rating | Level | Describe yet ? |
|---|---|---|---|---|---|
| prisonbreakseason2 | Python | Python Jail | ⭐⭐⭐⭐ | 💀💀💀 | ✔️ |
| XYZBANK | PHP | MySQL type casting | ⭐⭐ | 💀💀 | ✔️ |
| XYZTemplate | PHP/Javascript | Javascript/XSS | ⭐⭐ | 💀💀 | |
| cryptowww | PHP | Hash extension / urldecode trick, HTTP Parameter Pollution | ⭐⭐ | 💀💀 | ✔️ |
| curl_story_part_1 | PHP | SSRF /w CRLF Injection (it was 0day) | ⭐⭐⭐⭐ | 💀💀 | ✔️ |
| luckygame | PHP | MySQLi /w session variable + php type juggling | ⭐⭐⭐⭐ | 💀💀💀 | ✔️ |
| simplehttp | Ruby | Ruby RCE /wWEBrick::Log.new | ⭐⭐⭐⭐ | 💀💀💀 | ✔️ |
| tower4 | Python | Format injection | ⭐⭐⭐⭐ | 💀💀 | ✔️ |
| lixi | PHP | PHP syntax trick | ⭐⭐⭐ | 💀💀 | ✔️ |
| LoginMe | NodeJS | RegExp injection, MongoDB | ⭐⭐⭐ | 💀 | ✔️ |
| h4x0rs.club | PHP/JS | CSPstrict-dynamic, XSS, iframe in the middle, postMessage totop | ⭐⭐⭐⭐ | 💀💀💀 | ✔️ |
| h4x0rs.space | PHP/JS | CSP, Persistent XSS, AppCache, ServiceWorker | ⭐⭐⭐⭐ | 💀💀💀 | ✔️ |
| h4x0rs.date | PHP/JS | CSP, cache,<meta> Referrer override | ⭐⭐⭐ | 💀💀 | ✔️ |
| Name | Summary | Rating | Level | Describe yet ? |
|---|---|---|---|---|
| anotherarena | Heap on anothermain_arena (threads) | ⭐⭐⭐ | 💀 | ✔️ |
| c0ffee | Race condition, with 1-byte overwrite, nearly impossible to exploit | ⭐⭐⭐⭐ | 💀💀💀 | |
| pokedex | Uninitialized memory -> Heap overflow | ⭐⭐⭐ | 💀💀 | ✔️ |
| rapgenius | Uninitialized memory -> Use-After-Free +_IO_FILE abusing (_IO_read_* &&_IO_write_*) | ⭐⭐⭐ | 💀💀 | ✔️ |
| castle | Combine many of bugs: uninitliazed memory + stack overflow + heap overflow to defeat stack cookie eventually | ⭐⭐⭐⭐ | 💀💀💀 | |
| House-of-Cards | Old school pwnable, overwritingENV | ⭐⭐⭐⭐ | 💀💀 | ✔️ |
| h4x0rs.club pt3 | Old school pwnable, Fake MySQL server, MySQL LOCAL INFILE | ⭐⭐⭐⭐⭐ | 💀💀💀 | ✔️ |
Final round SVATTT 2016 Introduction page
Twitter: @l4wio
...Dành cả tuổi thanh xuân để suy nghĩ đề CTF.
Updating...
About
Pwnable|Web Security|Cryptography CTF-style challenges
Topics
Resources
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Releases
No releases published
Packages0
No packages published
Uh oh!
There was an error while loading.Please reload this page.