Need help with CTF-challenges-by-me?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

l4wio
310 Stars 67 Forks 189 Commits 1 Opened issues

Description

Pwnable|Web Security|Cryptography CTF-style challenges

Services available

!
?

Need anything else?

Contributors list

# 132,446
Shell
C++
C
websec
167 commits

CTF-challenges-by-me

These are CTF-style challenges I've made. Hope you enjoyed ✌

Highlight

Tips: Like reading book, don't read the last pages first. Let's enjoy them for a day at least before checking writeup/sol. I've put a lot of my work in each one.

I'm going to describe my highlight challenges, which I like mostly. Also point out the interesting points of them.

Web

Name

Language Summary Rating Level Describe yet ?
prisonbreakseason2 Python Python Jail ⭐⭐⭐⭐ 💀💀💀 ✔️
XYZBANK PHP MySQL type casting ⭐⭐ 💀💀 ✔️
XYZTemplate PHP/Javascript Javascript/XSS ⭐⭐ 💀💀
cryptowww PHP Hash extension / urldecode trick, HTTP Parameter Pollution ⭐⭐ 💀💀 ✔️
curlstorypart_1 PHP SSRF /w CRLF Injection (it was 0day) ⭐⭐⭐⭐ 💀💀 ✔️
luckygame PHP MySQLi /w session variable + php type juggling ⭐⭐⭐⭐ 💀💀💀 ✔️
simplehttp Ruby Ruby RCE /w

WEBrick::Log.new
⭐⭐⭐⭐ 💀💀💀 ✔️
tower4 Python Format injection ⭐⭐⭐⭐ 💀💀 ✔️
lixi PHP PHP syntax trick ⭐⭐⭐ 💀💀 ✔️
LoginMe NodeJS RegExp injection, MongoDB ⭐⭐⭐ 💀 ✔️
h4x0rs.club PHP/JS CSP
strict-dynamic
, XSS, iframe in the middle, postMessage to
top
⭐⭐⭐⭐ 💀💀💀 ✔️
h4x0rs.space PHP/JS CSP, Persistent XSS, AppCache, ServiceWorker ⭐⭐⭐⭐ 💀💀💀 ✔️
h4x0rs.date PHP/JS CSP, cache,
 Referrer override
⭐⭐⭐ 💀💀 ✔️

Pwnable

Name

Summary Rating Level Describe yet ?
anotherarena Heap on another

main_arena
(threads)
⭐⭐⭐ 💀 ✔️
c0ffee Race condition, with 1-byte overwrite, nearly impossible to exploit ⭐⭐⭐⭐ 💀💀💀
pokedex Uninitialized memory -> Heap overflow ⭐⭐⭐ 💀💀 ✔️
rapgenius Uninitialized memory -> Use-After-Free +
IO_FILE
abusing (
_IO_read_*
&&
_IO_write*
)
⭐⭐⭐ 💀💀 ✔️
castle Combine many of bugs: uninitliazed memory + stack overflow + heap overflow to defeat stack cookie eventually ⭐⭐⭐⭐ 💀💀💀
House-of-Cards Old school pwnable, overwriting
ENV
⭐⭐⭐⭐ 💀💀 ✔️
h4x0rs.club pt3 Old school pwnable, Fake MySQL server, MySQL LOCAL INFILE ⭐⭐⭐⭐⭐ 💀💀💀 ✔️

Footer

Final round SVATTT 2016 Introduction page

Twitter: @l4wio

...Dành cả tuổi thanh xuân để suy nghĩ đề CTF.

Updating...

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.