Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/j00ru/ctf-tasks

An archive of low-level CTF challenges developed over the years
https://github.com/j00ru/ctf-tasks

Last synced: 5 days ago
JSON representation

An archive of low-level CTF challenges developed over the years

Host: GitHub
URL: https://github.com/j00ru/ctf-tasks
Owner: j00ru
License: apache-2.0
Created: 2019-02-20T08:24:36.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2021-11-28T13:02:31.000Z (almost 3 years ago)
Last Synced: 2024-11-03T03:31:35.889Z (9 days ago)
Language: Python
Size: 12.7 MB
Stars: 604
Watchers: 30
Forks: 67
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # CTF Challenges

This repository contains an archive of CTF challenges I developed in the last few years for various CTFs organized by my team – [Dragon Sector](https://dragonsector.pl/). They are mostly software exploitation tasks with varying difficulty levels, for the x86/x64 architectures and Windows/Linux operating systems. Each subdirectory contains basic task information, original description, solution in the form of a short summary or a few slides from the post-CTF presentation, exploit code and optionally links to external solutions.

The challenges are as follows:

| Name                             | Competition                  | Category                   | Platform | Arch. | Difficulty  |

|----------------------------------|------------------------------|----------------------------|----------|-------|-------------|

| [Nim](Dragon%20CTF%202021/Nim) | Dragon CTF 2021 | Exploitation | Linux | x64 | Medium |

| [BitmapManager](Dragon%20CTF%202020/BitmapManager) | Dragon CTF 2020 | Exploitation | Windows | x64 | Hard |

| [BabyKernel](Dragon%20CTF%202019/Main%20event/BabyKernel) | Dragon CTF 2019 | Exploitation | Windows | x64 | Medium |

| [BadType](Dragon%20CTF%202019/Teaser/BadType) | Dragon CTF 2019 (Teaser) | Reverse Engineering | Windows | x64 | Medium |

| [Pipeline](Dragon%20CTF%202018/Main%20event/Pipeline) | Dragon CTF 2018 | Exploitation / Programming | Linux | x64 | Easy/medium |

| [Production](Dragon%20CTF%202018/Teaser/Production) | Dragon CTF 2018 (Teaser) | Exploitation | Linux | x64 | Easy/medium |

| [Filesystem](CONFidence%20CTF%202017/Main%20event/Filesystem) | CONFidence CTF 2017 | Exploitation | Linux | x64 | Medium |

| [Fastcalc-hardened](CONFidence%20CTF%202017/Main%20event/Fastcalc-hardened) | CONFidence CTF 2017 | Exploitation | Windows | x86 | Hard |

| [Fastcalc](CONFidence%20CTF%202017/Teaser/Fastcalc) | CONFidence CTF 2017 (Teaser) | Exploitation | Windows | x86 | Hard |

| [Entree](CONFidence%20CTF%202016/Main%20event/Entree) | CONFidence CTF 2016 | Exploitation | Windows | x86 | Medium |

| [Antipasto](CONFidence%20CTF%202016/Main%20event/Antipasto) | CONFidence CTF 2016 | Exploitation | Linux | x86 | Easy |

| [Bubblegum](CONFidence%20CTF%202016/Teaser/Bubblegum) | CONFidence CTF 2016 (Teaser) | Exploitation | Windows | x86 | Hard |

| [Night Sky](CONFidence%20CTF%202015/Main%20event/Night%20Sky) | CONFidence CTF 2015 | Exploitation | Linux | x64 | Hard |

| [Quarantine](CONFidence%20CTF%202015/Teaser/Quarantine) | CONFidence CTF 2015 (Teaser) | Exploitation | Linux | x64 | Hard |

| [Crypto Machine](CONFidence%20CTF%202014/Main%20event/Crypto%20Machine) | CONFidence CTF 2014 | Exploitation | Linux | x64 | Medium |

| [Memory](CONFidence%20CTF%202014/Main%20event/Memory) | CONFidence CTF 2014 | Reverse Engineering | Windows | x86 | Easy |

| [Multipurpose Calculation Machine](CONFidence%20CTF%202014/Teaser/Multipurpose%20Calculation%20Machine) | CONFidence CTF 2014 (Teaser) | Exploitation | Linux | x86 | Medium |

## Running the tasks

For exploitation problems, if the program listens on a port by default, leave it running and connect to the port to interact with the task. If it reads and writes to/from `stdin` and `stdout`, you should bind it to a TCP port of your choice (e.g. with `netcat` or `socat` on Linux, and the enclosed `AppJailLauncher.exe` tool on Windows), and connect to it to exploit the vulnerabilities. The goal is to obtain the contents of the flag.txt (or similar) file in the task's current directory.

For reverse-engineering problems, the goal is to extract the flag from the provided executable file.

## About Dragon Sector

![Dragon Sector](logo.png)

[Dragon Sector](https://dragonsector.pl/) is a Polish security Capture The Flag team. It was created in February 2013 and currently has 17 active members. We frequently participate in both online and offline security Capture The Flag competitions, publish write-ups on CTF tasks, and sometimes even organize CTFs.

You can find us on [CTFTime](https://ctftime.org/team/3329), [our blog](https://blog.dragonsector.pl/) and [Twitter](https://twitter.com/DragonSectorCTF).

## Contact

Questions, comments? Let me know at [email protected].