my-ctf-challenges
This is the repository of all the CTF challenges I've made / helped develop.
Message me on Discord at Strellic#2507 if you have any questions.
RaRCTF 2021
| Name | Category | Solves | Difficulty | Keywords |
|---|---|---|---|---|
| SecureStorage | web | ?? | ★★★☆☆ | xss, postMessage |
corCTF 2021
| Name | Category | Solves | Difficulty | Keywords |
|---|---|---|---|---|
| babyrev | rev | 203 | ★☆☆☆☆ | simple rev, xor, memfrob |
| smogofwar | misc | 7 | ★★☆☆☆ | chess ai, stockfish, fog of war, sockets |
| flagbot | misc | 23 | ★★☆☆☆ | discord bot, youtube, restricted environment, traffic sniffing |
| buyme | web | 110 | ★☆☆☆☆ | unsafe destructuring |
| phpme | web | 64 | ★★☆☆☆ | php, content-type confusion, lax+post |
| readme | web | 46 | ★★☆☆☆ | unsafe js eval, js vm escape |
| blogme | web | 2 | ★★★★☆ | xss, cloudflare csp bypass, service workers |
| msgme | web | 1 | ★★★★☆ | xss, websockets, webrtc csp bypass, command chaining |
| saasme | web | 2 | ★★★★☆ | dns rebinding, protocol smuggling, chrome remote debugging protocol |
| styleme | web | 1 | ★★★★★ | chrome extension, prototype pollution, novel xs-leak |
HackTheBox
You can find these challenges on the HackTheBox website.
| Name | Category | Solves / Blood Time | Difficulty | Keywords |
|---|---|---|---|---|
| AnalyticalEngine | web | 1 solve at CTF end | ★★★★☆ | htb uni ctf, xss, novel dom clobbering, csp bypass |
| OOPArtDB | web | 3d, 22hr for blood | ★★★★☆ | ? (active HTB challenge) |
DiceCTF 2022
| Name | Category | Solves | Difficulty | Keywords |
|---|---|---|---|---|
| noteKeeper | web | 2 | ★★★★★ | xss, JSONP, service workers, sec-fetch-dest, MediaRecorder |
| vm-calc | web | 2 | ★★★☆☆ | js trivia, vm2, CVE-2022-21824 |
| denoblog | web | 3 | ★★★★☆ | deno, ejs, nginx temp file buffering, deno sbx escape, pwn |
1337UP LIVE CTF
This was a CTF I wrote challenges for, hosted by Intigriti. I forgot to record solve counts. I cowrote these challenges with BrunoZero.
| Name | Category | Solves | Difficulty | Keywords |
|---|---|---|---|---|
| DeadTube | web | many | ★☆☆☆☆ | dns rebinding, ssrf, redirect |
| contact-alex | web | 7? | ★★☆☆☆ | jwt, xss, path traversal, ssti |
DiceCTF @ HOPE 2022
| Name | Category | Solves | Difficulty | Keywords |
|---|---|---|---|---|
| payment-pal | web | 3 | ★★★☆☆ | prototype pollution, caching, xss, history, aes |
corCTF 2022
| Name | Category | Solves | Difficulty | Keywords |
|---|---|---|---|---|
| jsonquiz | web | 573 | ★☆☆☆☆ | baby, POST request |
| simplewaf | web | 28 | ★★☆☆☆ | WAF bypass, NodeJS source reading |
| rustshop | web | 13 | ★★★☆☆ | Rust, Axum library, deserialization |
| modernblog | web | 1 | ★★★★★ | React, CSS injection, novel DOM clobbering |
| babypwn | pwn | 114 | ★☆☆☆☆ | Rust, unsafe, printf, ret2libc |
| solidarity | pwn | 6 | ★★☆☆☆ | baby solana, account confusion, missing checks |
| sbxcalc | pwn | 11 | ★★★☆☆ | vm2, js calculator, proxy, golf |
SekaiCTF 2022
| Name | Category | Solves | Difficulty | Keywords |
|---|---|---|---|---|
| Crab Commodities | web | 30 | ★★★☆☆ | Rust, race condition, overflow |
| Safelist | web | 3 | ★★★★☆ | XS-leak, DOMPurify, connection pool |
| Obligatory Calc | web | 1 | ★★★★★ | XSS, postMessage, DOM clobbering, null origin sandboxing |
DiceCTF 2023
| Name | Category | Solves | Difficulty | Keywords |
|---|---|---|---|---|
| recursive-csp | web | 178 | ★☆☆☆☆ | xss, PHP, CSP nonce, crc32 |
| unfinished | web | 14 | ★★★☆☆ | express, mongodb wire protocol, curl, ssrf |
| jwtjail | web | 3 | ★★★★☆ | nodejs, jail, process.binding, vm escape |
| chess.rs | pwn | 2 | ★★★★★ | rust, wasm, uaf, unsoundness, no unsafe |