GithubHelp home page GithubHelp logo

haidv35 / ctf-challenges-by-me Goto Github PK

View Code? Open in Web Editor NEW

This project forked from l4wio/ctf-challenges-by-me

1.0 1.0 0.0 119.25 MB

Pwnable|Web Security|Cryptography CTF-style challenges

Home Page: https://l4w.io

PHP 13.09% Makefile 0.13% C 9.67% JavaScript 23.47% HTML 10.10% Python 10.29% TSQL 0.28% Assembly 1.08% CSS 30.45% Shell 0.89% Ruby 0.46% Pascal 0.09%

ctf-challenges-by-me's Introduction

CTF-challenges-by-me

These are CTF-style challenges I've made. Hope you enjoyed ✌

Highlight

Tips: Like reading book, don't read the last pages first. Let's enjoy them for a day at least before checking writeup/sol. I've put a lot of my work in each one.

I'm going to describe my highlight challenges, which I like mostly. Also point out the interesting points of them.

Web

Name Language Summary Rating Level Describe yet ?
prisonbreakseason2 Python Python Jail ⭐⭐⭐⭐ 💀💀💀 ✔️
XYZBANK PHP MySQL type casting ⭐⭐ 💀💀 ✔️
XYZTemplate PHP/Javascript Javascript/XSS ⭐⭐ 💀💀
cryptowww PHP Hash extension / urldecode trick, HTTP Parameter Pollution ⭐⭐ 💀💀 ✔️
curl_story_part_1 PHP SSRF /w CRLF Injection (it was 0day) ⭐⭐⭐⭐ 💀💀 ✔️
luckygame PHP MySQLi /w session variable + php type juggling ⭐⭐⭐⭐ 💀💀💀 ✔️
simplehttp Ruby Ruby RCE /w WEBrick::Log.new ⭐⭐⭐⭐ 💀💀💀 ✔️
tower4 Python Format injection ⭐⭐⭐⭐ 💀💀 ✔️
lixi PHP PHP syntax trick ⭐⭐⭐ 💀💀 ✔️
LoginMe NodeJS RegExp injection, MongoDB ⭐⭐⭐ 💀 ✔️
h4x0rs.club PHP/JS CSP strict-dynamic, XSS, iframe in the middle, postMessage to top ⭐⭐⭐⭐ 💀💀💀 ✔️
h4x0rs.space PHP/JS CSP, Persistent XSS, AppCache, ServiceWorker ⭐⭐⭐⭐ 💀💀💀 ✔️
h4x0rs.date PHP/JS CSP, cache, <meta> Referrer override ⭐⭐⭐ 💀💀 ✔️

Pwnable

Name Summary Rating Level Describe yet ?
anotherarena Heap on another main_arena (threads) ⭐⭐⭐ 💀 ✔️
c0ffee Race condition, with 1-byte overwrite, nearly impossible to exploit ⭐⭐⭐⭐ 💀💀💀
pokedex Uninitialized memory -> Heap overflow ⭐⭐⭐ 💀💀 ✔️
rapgenius Uninitialized memory -> Use-After-Free + _IO_FILE abusing (_IO_read_* && _IO_write_*) ⭐⭐⭐ 💀💀 ✔️
castle Combine many of bugs: uninitliazed memory + stack overflow + heap overflow to defeat stack cookie eventually ⭐⭐⭐⭐ 💀💀💀
House-of-Cards Old school pwnable, overwriting ENV ⭐⭐⭐⭐ 💀💀 ✔️
h4x0rs.club pt3 Old school pwnable, Fake MySQL server, MySQL LOCAL INFILE ⭐⭐⭐⭐⭐ 💀💀💀 ✔️

Footer

Final round SVATTT 2016 Introduction page

Twitter: @l4wio

...Dành cả tuổi thanh xuân để suy nghĩ đề CTF.

Updating...

ctf-challenges-by-me's People

Contributors

l4wio avatar

Stargazers

avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.