A repo containing a variety of home made ctf's and programming puzzles and the solutions.
Feel free to submit a pull request if you found a completely different or better solution.
Disclaimer: All challenges are self-made. Some challenges require using backdoors, but rely on you playing "by the rules", as the solution is oftentimes included or easily accessible. All components are either in this repo, or on my website dfsu.systems (or a subdomain thereof), if it explicitly says so there. DO NOT attempt to hack or find abckdoors of anything outside the aforementioned scope of the challenge. Every challenege explicitly says what you may or may not touch.
name | type | lang(s) | tags |
---|---|---|---|
resource/challenge |
mysql , (python) |
SQL , sql injection |
|
calculator | CTF |
python |
RCE , repl , eval |
copy_paste | challenge |
python |
recursion , clone |
tamper_proof | CTF |
python |
hash , self check |
(examples with python, might use other langs in the future)
Take a look at the challenge's README.md
for speical cases.
Typically such a challenge would contain
README.md
containing the task, tips, links, references, etcsolution.py
orSOLUTION.md
orsolution_[x].py
where multiple exist orsolution/*
: Look at only if stuck or you beat the challenge- optionally
HINT.md
orHINT_[x].md
where multiple exist: Look at those only if stuck
README.md
containing the task, tips, links, references, etc[project].py
orsrc/*
or[project]/*
or similar -> Access:Readonly
or sometimesNone
, seeREADME.md
flag
orflag.txt
orflag.zip
or similar -> Access:None
solution.py
orSOLUTION.md
orsolution_x.py
where multiple exist orsolution/*
: Look at only if stuck or you beat the challenge- optionally
HINT.md
orHINT_[x].md
where multiple exist: Look at those only if stuck
- Solutions and hints may obviously only be checked after the challenge, or if completely stuck
None
: You may not open the file, look at it's metadata or in any way interact with it except through the exploit.
(Imagine this file is on the server and contains a password or key, like a.env
file)Readonly
: You may open the file to read its contents, but not edit it.
Exception: adding a shebang, fixing imports, etc, as long as it does not change behavior. To prettify or debug code, copy the file!
(Imagine you found this project in a github repo and know a server deployed it)