https://github.com/pythoninthegrass/ctf_snyk

https://101.ctf-snyk.io/challenges
https://github.com/pythoninthegrass/ctf_snyk

Last synced: 11 months ago
JSON representation

https://101.ctf-snyk.io/challenges

• Host: GitHub
• URL: https://github.com/pythoninthegrass/ctf_snyk
• Owner: pythoninthegrass
• License: unlicense
• Created: 2023-03-29T21:33:14.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2023-10-28T18:36:40.000Z (about 2 years ago)
• Last Synced: 2025-01-11T16:50:31.164Z (about 1 year ago)
• Language: Just
• Size: 113 KB
• Stars: 1
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# ctf_snyk

## Pre-requisites

### Minimum Requirements

* [nodejs](https://nodejs.org/en/download/)

* [python3](https://www.python.org/downloads/)

### Recommended Requirements

* [docker](https://docs.docker.com/get-docker/)

* [parrot os - docker](hhttps://parrotsec.org/docs/cloud/parrot-on-docker/)

    ```bash

    docker run --rm -it --network host -v $PWD/work:/work parrotsec/security

    ```

### 101

> In order to solve the challenges, please complete the following requisites

> * [Register](https://101.ctf-snyk.io/register) to access the challenges

> * Create a free [Snyk account](https://snyk.co/ctf101portal)

### Fetch the Flag (Oct 27, 2023)

* [CTF](https://snyk.ctf.games/)

## What is Snyk?

> Snyk finds and automatically fixes vulnerabilities in your projects for free. You can use Snyk to detect vulnerabilities in CTF challenges, so you can uncover hidden flags faster. Check out the docs to learn how to run Snyk in your CLI.

## Challenges

[Invisible Ink](http://invisible-ink.c.ctf-snyk.io/)

[Sauerkraut](http://sauerkraut.c.ctf-snyk.io/)

## TODO

* [Issues?](https://github.com/pythoninthegrass/ctf_snyk/issues)

* Dockerize repo. Maybe

## Further Reading

[Snyk CTF-101](https://101.ctf-snyk.io/prerequisites)

[Free developer security education lessons | Snyk Learn](https://learn.snyk.io/lessons/)



Hints

[What is prototype pollution? | Tutorial & examples | Snyk Learn](https://learn.snyk.io/lessons/prototype-pollution/javascript/)

[Exploiting Python pickles - David Hamann](https://davidhamann.de/2020/04/05/exploiting-python-pickle/)

[Exploit Notes](https://exploit-notes.hdks.org/)

[HackTricks](https://book.hacktricks.xyz/welcome/readme)





Spoilers

[SnykCon CTF - "Invisible Ink" Prototype Pollution - YouTube](https://www.youtube.com/watch?v=ycbRA_Ipq1U)

[SnykCon CTF - Sauerkraut - Python Pickle Vulnerabilities - YouTube](https://www.youtube.com/watch?v=snVokteaKG8)

[SynthWave '84 - Visual Studio Marketplace](https://marketplace.visualstudio.com/items?itemName=RobbOwen.synthwave-vscode)