Skip to content

l4wio/CTF-challenges-by-me

Repository files navigation

CTF-challenges-by-me

These are CTF-style challenges I've made. Hope you enjoyed ✌

Highlight

Tips: Like reading book, don't read the last pages first. Let's enjoy them for a day at least before checking writeup/sol. I've put a lot of my work in each one.

I'm going to describe my highlight challenges, which I like mostly. Also point out the interesting points of them.

Web

Name Language Summary Rating Level Describe yet ?
prisonbreakseason2 Python Python Jail ⭐⭐⭐⭐ 💀💀💀 ✔️
XYZBANK PHP MySQL type casting ⭐⭐ 💀💀 ✔️
XYZTemplate PHP/Javascript Javascript/XSS ⭐⭐ 💀💀
cryptowww PHP Hash extension / urldecode trick, HTTP Parameter Pollution ⭐⭐ 💀💀 ✔️
curl_story_part_1 PHP SSRF /w CRLF Injection (it was 0day) ⭐⭐⭐⭐ 💀💀 ✔️
luckygame PHP MySQLi /w session variable + php type juggling ⭐⭐⭐⭐ 💀💀💀 ✔️
simplehttp Ruby Ruby RCE /w WEBrick::Log.new ⭐⭐⭐⭐ 💀💀💀 ✔️
tower4 Python Format injection ⭐⭐⭐⭐ 💀💀 ✔️
lixi PHP PHP syntax trick ⭐⭐⭐ 💀💀 ✔️
LoginMe NodeJS RegExp injection, MongoDB ⭐⭐⭐ 💀 ✔️
h4x0rs.club PHP/JS CSP strict-dynamic, XSS, iframe in the middle, postMessage to top ⭐⭐⭐⭐ 💀💀💀 ✔️
h4x0rs.space PHP/JS CSP, Persistent XSS, AppCache, ServiceWorker ⭐⭐⭐⭐ 💀💀💀 ✔️
h4x0rs.date PHP/JS CSP, cache, <meta> Referrer override ⭐⭐⭐ 💀💀 ✔️

Pwnable

Name Summary Rating Level Describe yet ?
anotherarena Heap on another main_arena (threads) ⭐⭐⭐ 💀 ✔️
c0ffee Race condition, with 1-byte overwrite, nearly impossible to exploit ⭐⭐⭐⭐ 💀💀💀
pokedex Uninitialized memory -> Heap overflow ⭐⭐⭐ 💀💀 ✔️
rapgenius Uninitialized memory -> Use-After-Free + _IO_FILE abusing (_IO_read_* && _IO_write_*) ⭐⭐⭐ 💀💀 ✔️
castle Combine many of bugs: uninitliazed memory + stack overflow + heap overflow to defeat stack cookie eventually ⭐⭐⭐⭐ 💀💀💀
House-of-Cards Old school pwnable, overwriting ENV ⭐⭐⭐⭐ 💀💀 ✔️
h4x0rs.club pt3 Old school pwnable, Fake MySQL server, MySQL LOCAL INFILE ⭐⭐⭐⭐⭐ 💀💀💀 ✔️

Footer

Final round SVATTT 2016 Introduction page

Twitter: @l4wio

...Dành cả tuổi thanh xuân để suy nghĩ đề CTF.

Updating...