├── assets ├── user.css ├── CFI-logo-05_copy.png ├── jumbotron.css ├── style.js ├── sticky-footer.css ├── fontawesome-fonts.css ├── utils.js ├── ezq.js └── base.css ├── FlagCollection ├── src │ ├── .watchmanconfig │ ├── .gitattributes │ ├── .babelrc │ ├── android │ │ ├── settings.gradle │ │ ├── app │ │ │ ├── src │ │ │ │ └── main │ │ │ │ │ ├── res │ │ │ │ │ ├── values │ │ │ │ │ │ ├── strings.xml │ │ │ │ │ │ └── styles.xml │ │ │ │ │ ├── mipmap-hdpi │ │ │ │ │ │ └── ic_launcher.png │ │ │ │ │ ├── mipmap-mdpi │ │ │ │ │ │ └── ic_launcher.png │ │ │ │ │ ├── mipmap-xhdpi │ │ │ │ │ │ └── ic_launcher.png │ │ │ │ │ ├── mipmap-xxhdpi │ │ │ │ │ │ └── ic_launcher.png │ │ │ │ │ └── mipmap-xxxhdpi │ │ │ │ │ │ └── ic_launcher.png │ │ │ │ │ ├── java │ │ │ │ │ └── com │ │ │ │ │ │ └── flagcollection │ │ │ │ │ │ ├── MainActivity.java │ │ │ │ │ │ ├── ValidateFlag3Package.java │ │ │ │ │ │ ├── MainApplication.java │ │ │ │ │ │ └── ValidateFlag3.java │ │ │ │ │ └── AndroidManifest.xml │ │ │ ├── proguard-rules.pro │ │ │ └── BUCK │ │ ├── gradle │ │ │ └── wrapper │ │ │ │ ├── gradle-wrapper.jar │ │ │ │ └── gradle-wrapper.properties │ │ ├── keystores │ │ │ ├── debug.keystore.properties │ │ │ └── BUCK │ │ ├── build.gradle │ │ ├── gradle.properties │ │ └── gradlew.bat │ ├── app.json │ ├── assets │ │ └── images │ │ │ └── logo.png │ ├── .buckconfig │ ├── index.js │ ├── package.json │ ├── .gitignore │ ├── solution.js │ ├── src │ │ ├── FlagValidator.js │ │ ├── FlagList.js │ │ ├── App.js │ │ └── SubmitFlagButton.js │ └── .flowconfig ├── .gitattributes └── FlagCollection.apk ├── serverless_cfi_λ ├── .gitignore ├── frontend │ ├── flag │ ├── requirements.txt │ ├── tests │ │ ├── input │ │ │ ├── 0 │ │ │ ├── 1 │ │ │ ├── 2 │ │ │ ├── 3 │ │ │ ├── 4 │ │ │ ├── 5 │ │ │ ├── 6 │ │ │ ├── 7 │ │ │ ├── 8 │ │ │ └── 9 │ │ └── output │ │ │ ├── 0 │ │ │ ├── 1 │ │ │ ├── 2 │ │ │ ├── 3 │ │ │ ├── 4 │ │ │ ├── 5 │ │ │ ├── 6 │ │ │ ├── 7 │ │ │ ├── 8 │ │ │ └── 9 │ ├── app.py │ └── templates │ │ └── index.html ├── docker-compose.yml ├── solution │ ├── Makefile │ ├── src │ │ └── solution.hs │ └── words ├── Dockerfile └── README.md ├── cheese-factory ├── src │ ├── LICENSE │ ├── robots.txt │ ├── application │ │ ├── database │ │ │ └── the-cheese-factory.db │ │ ├── views │ │ │ ├── about.php │ │ │ ├── contact.php │ │ │ └── home.php │ │ └── config │ │ │ └── config.php │ ├── README.md │ └── index.php ├── Dockerfile ├── docker-compose.yml ├── generate-database.php ├── cheeses.json └── db.sqlite ├── dayjavous ├── Dockerfile ├── docker-compose.yml ├── web │ ├── secret.php │ ├── fonts │ │ ├── glyphicons-halflings-regular.eot │ │ ├── glyphicons-halflings-regular.ttf │ │ ├── glyphicons-halflings-regular.woff │ │ └── glyphicons-halflings-regular.woff2 │ ├── js │ │ └── npm.js │ └── index.php └── README.md ├── hacking-tool ├── src │ ├── .ruby-version │ ├── flag.txt │ ├── Gemfile │ ├── Gemfile.lock │ ├── tool.rb │ └── app.rb ├── Dockerfile └── docker-compose.yml ├── CFI-in-Kotlin ├── cfiEvent │ ├── app │ │ ├── .gitignore │ │ ├── src │ │ │ ├── main │ │ │ │ ├── res │ │ │ │ │ ├── drawable │ │ │ │ │ │ └── logo.png │ │ │ │ │ ├── mipmap-hdpi │ │ │ │ │ │ ├── ic_launcher.png │ │ │ │ │ │ └── ic_launcher_round.png │ │ │ │ │ ├── mipmap-mdpi │ │ │ │ │ │ ├── ic_launcher.png │ │ │ │ │ │ └── ic_launcher_round.png │ │ │ │ │ ├── mipmap-xhdpi │ │ │ │ │ │ ├── ic_launcher.png │ │ │ │ │ │ └── ic_launcher_round.png │ │ │ │ │ ├── mipmap-xxhdpi │ │ │ │ │ │ ├── ic_launcher.png │ │ │ │ │ │ └── ic_launcher_round.png │ │ │ │ │ ├── mipmap-xxxhdpi │ │ │ │ │ │ ├── ic_launcher.png │ │ │ │ │ │ └── ic_launcher_round.png │ │ │ │ │ ├── values │ │ │ │ │ │ ├── dimens.xml │ │ │ │ │ │ ├── colors.xml │ │ │ │ │ │ ├── strings.xml │ │ │ │ │ │ └── styles.xml │ │ │ │ │ ├── mipmap-anydpi-v26 │ │ │ │ │ │ ├── ic_launcher.xml │ │ │ │ │ │ └── ic_launcher_round.xml │ │ │ │ │ ├── layout │ │ │ │ │ │ ├── activity_information.xml │ │ │ │ │ │ └── content_information_activity.xml │ │ │ │ │ └── drawable-v24 │ │ │ │ │ │ └── ic_launcher_foreground.xml │ │ │ │ ├── AndroidManifest.xml │ │ │ │ └── java │ │ │ │ │ └── com │ │ │ │ │ └── sagold │ │ │ │ │ └── cfievent │ │ │ │ │ └── InformationActivity.kt │ │ │ ├── test │ │ │ │ └── java │ │ │ │ │ └── com │ │ │ │ │ └── sagold │ │ │ │ │ └── cfievent │ │ │ │ │ └── ExampleUnitTest.kt │ │ │ └── androidTest │ │ │ │ └── java │ │ │ │ └── com │ │ │ │ └── sagold │ │ │ │ └── cfievent │ │ │ │ └── ExampleInstrumentedTest.kt │ │ ├── release │ │ │ └── output.json │ │ ├── proguard-rules.pro │ │ ├── google-services.json │ │ └── build.gradle │ ├── build │ │ ├── kotlin-build │ │ │ └── version.txt │ │ └── intermediates │ │ │ └── lint-cache │ │ │ └── maven.google │ │ │ └── com │ │ │ └── android │ │ │ └── support │ │ │ ├── constraint │ │ │ └── group-index.xml │ │ │ └── test │ │ │ ├── group-index.xml │ │ │ └── espresso │ │ │ └── group-index.xml │ ├── settings.gradle │ ├── gradle │ │ └── wrapper │ │ │ ├── gradle-wrapper.jar │ │ │ └── gradle-wrapper.properties │ ├── gradle.properties │ ├── build.gradle │ └── gradlew.bat ├── cfi-event.apk ├── flag screen.png └── README.md ├── awesome-cats ├── Dockerfile ├── src │ ├── LICENSE │ ├── secret │ │ ├── secret.md │ │ ├── todo.md │ │ ├── journal.md │ │ ├── javascript.html │ │ └── nodes.md │ ├── static │ │ └── assets │ │ │ ├── stylesheets │ │ │ ├── constants.css │ │ │ ├── constants.css.map │ │ │ └── style.css.map │ │ │ ├── images │ │ │ ├── cat-2948404.jpg │ │ │ ├── cat-3354864.jpg │ │ │ ├── cat-3391592.jpg │ │ │ ├── cat-3396982.jpg │ │ │ ├── cat-3401683.jpg │ │ │ ├── dog-1718242.jpg │ │ │ ├── dog-3383461.jpg │ │ │ ├── dog-3397110.jpg │ │ │ └── dog-801826.jpg │ │ │ └── temporary │ │ │ └── stylesheets │ │ │ └── construction.css │ ├── src │ │ └── assets │ │ │ └── stylesheets │ │ │ ├── constants.scss │ │ │ └── mixins.scss │ ├── cats-best.html │ ├── cats-and-mouse.html │ ├── cats-cute.html │ ├── README.md │ ├── old │ │ └── index.html │ ├── robots.txt │ ├── index-2.html │ ├── cats-fat.html │ ├── index-3.html │ └── index-old.html ├── docker-compose.yml └── README.md ├── equation_solving ├── .gitignore ├── src │ ├── flag │ ├── solution.py │ ├── equation.py │ └── server.py ├── Dockerfile ├── docker-compose.yml └── README.md ├── fuck ├── Dockerfile ├── web │ └── 4d4932602a75414640946d38ea6fefbf.php ├── docker-compose.yml └── README.md ├── ez_flag_cfi ├── Dockerfile ├── src │ ├── can_y#u_get_the_flag?! │ └── index.html ├── docker-compose.yml └── README.md ├── magic_word ├── Dockerfile ├── docker-compose.yml ├── web │ ├── flag.php │ └── index.php └── README.md ├── maths ├── flag ├── solution.hs └── README.md ├── Labyrinth ├── .gitignore ├── src │ ├── flag │ ├── bench.py │ ├── client.py │ ├── server.py │ └── solver.py ├── Dockerfile └── docker-compose.yml ├── guess_the_number ├── src │ ├── flag │ ├── solution.py │ └── server.py ├── Dockerfile ├── docker-compose.yml └── README.md ├── introToPE ├── IntroToPe.exe └── README.md ├── kadyrovs_cat ├── message.pdf ├── kadyrov_cat.jpeg └── README.md ├── powerPacker ├── powerPacker └── README.md ├── webLogon-capture ├── logon.pcapng └── README.md ├── SOHOpelesslyBroken ├── src │ ├── banner.gif │ └── wireless_tail.gif ├── cgi-bin │ ├── fetch.cgi │ └── login.cgi ├── challenge_files │ ├── print_flag.c │ ├── fetch.cgi │ ├── login.cgi │ ├── print_flag │ ├── fetch.c │ └── login.c ├── Dockerfile ├── docker-compose.yml └── README.md ├── automated_reversing ├── binaries.zip ├── solution.py └── generator.py ├── unix_drive ├── UnixDrive.tar.xz └── README.md ├── windows_xp_mem_part1 ├── memSecret.tar.xz └── README.md ├── windows_xp_mem_part2 └── ieSecret.tar.xz ├── Chinese_Food ├── setup.py └── README.md ├── Congolexicomatisation ├── setup.py └── README.md ├── hercule ├── setup.py └── README.md ├── thirteen-steps ├── setup.py ├── src │ └── challenge.py └── README.md ├── LICENSE └── README.md /assets/user.css: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /FlagCollection/src/.watchmanconfig: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /serverless_cfi_λ/.gitignore: -------------------------------------------------------------------------------- 1 | bin/ 2 | -------------------------------------------------------------------------------- /cheese-factory/src/LICENSE: -------------------------------------------------------------------------------- 1 | No LICENSE 2 | -------------------------------------------------------------------------------- /dayjavous/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:7.0-apache -------------------------------------------------------------------------------- /hacking-tool/src/.ruby-version: -------------------------------------------------------------------------------- 1 | 2.5.1 2 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/.gitignore: -------------------------------------------------------------------------------- 1 | /build 2 | -------------------------------------------------------------------------------- /awesome-cats/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:7.0-apache 2 | -------------------------------------------------------------------------------- /equation_solving/.gitignore: -------------------------------------------------------------------------------- 1 | __pycache__/ 2 | -------------------------------------------------------------------------------- /fuck/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:7.0-apache 2 | 3 | -------------------------------------------------------------------------------- /FlagCollection/src/.gitattributes: -------------------------------------------------------------------------------- 1 | *.pbxproj -text 2 | -------------------------------------------------------------------------------- /cheese-factory/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:7.0-apache 2 | -------------------------------------------------------------------------------- /ez_flag_cfi/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:7.0-apache 2 | 3 | -------------------------------------------------------------------------------- /magic_word/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:7.0-apache 2 | 3 | -------------------------------------------------------------------------------- /maths/flag: -------------------------------------------------------------------------------- 1 | CFI{591B83F054764D69BD4AD6FD153BC06D} 2 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/build/kotlin-build/version.txt: -------------------------------------------------------------------------------- 1 | 11001 -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/settings.gradle: -------------------------------------------------------------------------------- 1 | include ':app' 2 | -------------------------------------------------------------------------------- /Labyrinth/.gitignore: -------------------------------------------------------------------------------- 1 | __pycache__/ 2 | 3 | example.csv 4 | -------------------------------------------------------------------------------- /Labyrinth/src/flag: -------------------------------------------------------------------------------- 1 | CFI{85AEAEB2534F45A4931117C5CEA07348} 2 | -------------------------------------------------------------------------------- /hacking-tool/src/flag.txt: -------------------------------------------------------------------------------- 1 | CFI{send_is_a_very_dangerous_method} -------------------------------------------------------------------------------- /awesome-cats/src/LICENSE: -------------------------------------------------------------------------------- 1 | No license, but don't steal my code please. -------------------------------------------------------------------------------- /awesome-cats/src/secret/secret.md: -------------------------------------------------------------------------------- 1 | # Secret 2 | 3 | I love cats. ;) -------------------------------------------------------------------------------- /equation_solving/src/flag: -------------------------------------------------------------------------------- 1 | CFI{1a742afe172344df853e5a10cfe0ad1f} 2 | -------------------------------------------------------------------------------- /guess_the_number/src/flag: -------------------------------------------------------------------------------- 1 | CFI{9F1B64A9D28E47B89A110CB360AADABD} 2 | -------------------------------------------------------------------------------- /FlagCollection/src/.babelrc: -------------------------------------------------------------------------------- 1 | { 2 | "presets": ["react-native"] 3 | } 4 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/flag: -------------------------------------------------------------------------------- 1 | CFI{BCCC0EF9D11B4CBBAEBA69D8D8348B84} 2 | -------------------------------------------------------------------------------- /FlagCollection/.gitattributes: -------------------------------------------------------------------------------- 1 | *.apk filter=lfs diff=lfs merge=lfs -text 2 | -------------------------------------------------------------------------------- /fuck/web/4d4932602a75414640946d38ea6fefbf.php: -------------------------------------------------------------------------------- 1 | Logged in! CFI{g0tta_kn0w_y0ur_J4v4Scr1pt} 2 | -------------------------------------------------------------------------------- /cheese-factory/src/robots.txt: -------------------------------------------------------------------------------- 1 | User-agent: * 2 | Disallow: /README.md 3 | Disallow: /LICENSE 4 | -------------------------------------------------------------------------------- /introToPE/IntroToPe.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/introToPE/IntroToPe.exe -------------------------------------------------------------------------------- /kadyrovs_cat/message.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/kadyrovs_cat/message.pdf -------------------------------------------------------------------------------- /powerPacker/powerPacker: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/powerPacker/powerPacker -------------------------------------------------------------------------------- /FlagCollection/src/android/settings.gradle: -------------------------------------------------------------------------------- 1 | rootProject.name = 'FlagCollection' 2 | 3 | include ':app' 4 | -------------------------------------------------------------------------------- /FlagCollection/src/app.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "FlagCollection", 3 | "displayName": "FlagCollection" 4 | } -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfi-event.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/CFI-in-Kotlin/cfi-event.apk -------------------------------------------------------------------------------- /CFI-in-Kotlin/flag screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/CFI-in-Kotlin/flag screen.png -------------------------------------------------------------------------------- /assets/CFI-logo-05_copy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/assets/CFI-logo-05_copy.png -------------------------------------------------------------------------------- /awesome-cats/src/static/assets/stylesheets/constants.css: -------------------------------------------------------------------------------- 1 | 2 | 3 | /*# sourceMappingURL=constants.css.map */ 4 | -------------------------------------------------------------------------------- /kadyrovs_cat/kadyrov_cat.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/kadyrovs_cat/kadyrov_cat.jpeg -------------------------------------------------------------------------------- /webLogon-capture/logon.pcapng: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/webLogon-capture/logon.pcapng -------------------------------------------------------------------------------- /SOHOpelesslyBroken/src/banner.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/SOHOpelesslyBroken/src/banner.gif -------------------------------------------------------------------------------- /automated_reversing/binaries.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/automated_reversing/binaries.zip -------------------------------------------------------------------------------- /hacking-tool/src/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | ruby '2.5.1' 3 | gem 'sinatra' 4 | gem 'sinatra-contrib' 5 | -------------------------------------------------------------------------------- /SOHOpelesslyBroken/cgi-bin/fetch.cgi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/SOHOpelesslyBroken/cgi-bin/fetch.cgi -------------------------------------------------------------------------------- /SOHOpelesslyBroken/cgi-bin/login.cgi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/SOHOpelesslyBroken/cgi-bin/login.cgi -------------------------------------------------------------------------------- /SOHOpelesslyBroken/challenge_files/print_flag.c: -------------------------------------------------------------------------------- 1 | int main() { 2 | printf("CFI{0h_G0d_why_d0_pe0pl3_st1ll_d0_th1s}\n"); 3 | } 4 | -------------------------------------------------------------------------------- /fuck/docker-compose.yml: -------------------------------------------------------------------------------- 1 | web: 2 | build: . 3 | ports: 4 | - "17002:80" 5 | volumes: 6 | - ./web/:/var/www/html 7 | -------------------------------------------------------------------------------- /dayjavous/docker-compose.yml: -------------------------------------------------------------------------------- 1 | web: 2 | build: . 3 | ports: 4 | - "17003:80" 5 | volumes: 6 | - ./web/:/var/www/html 7 | -------------------------------------------------------------------------------- /magic_word/docker-compose.yml: -------------------------------------------------------------------------------- 1 | web: 2 | build: . 3 | ports: 4 | - "17001:80" 5 | volumes: 6 | - ./web/:/var/www/html 7 | -------------------------------------------------------------------------------- /FlagCollection/src/assets/images/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/FlagCollection/src/assets/images/logo.png -------------------------------------------------------------------------------- /Labyrinth/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:3 2 | 3 | WORKDIR /usr/src/Labyrinth 4 | 5 | COPY src/ . 6 | 7 | CMD [ "python", "./server.py" ] 8 | -------------------------------------------------------------------------------- /SOHOpelesslyBroken/src/wireless_tail.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/SOHOpelesslyBroken/src/wireless_tail.gif -------------------------------------------------------------------------------- /equation_solving/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:3 2 | 3 | WORKDIR /usr/src/app 4 | 5 | COPY src/ . 6 | 7 | CMD [ "python", "./server.py" ] 8 | -------------------------------------------------------------------------------- /guess_the_number/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:3 2 | 3 | WORKDIR /usr/src/app 4 | 5 | COPY src/ . 6 | 7 | CMD [ "python", "./server.py" ] 8 | -------------------------------------------------------------------------------- /SOHOpelesslyBroken/challenge_files/fetch.cgi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/SOHOpelesslyBroken/challenge_files/fetch.cgi -------------------------------------------------------------------------------- /SOHOpelesslyBroken/challenge_files/login.cgi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/SOHOpelesslyBroken/challenge_files/login.cgi -------------------------------------------------------------------------------- /assets/jumbotron.css: -------------------------------------------------------------------------------- 1 | /* Move down content because we have a fixed navbar that is 3.5rem tall */ 2 | body { 3 | padding-top: 3.5rem; 4 | } -------------------------------------------------------------------------------- /SOHOpelesslyBroken/challenge_files/print_flag: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/SOHOpelesslyBroken/challenge_files/print_flag -------------------------------------------------------------------------------- /FlagCollection/src/android/app/src/main/res/values/strings.xml: -------------------------------------------------------------------------------- 1 | 2 | FlagCollection 3 | 4 | -------------------------------------------------------------------------------- /dayjavous/web/secret.php: -------------------------------------------------------------------------------- 1 | 6 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/requirements.txt: -------------------------------------------------------------------------------- 1 | click==6.7 2 | Flask==1.0.2 3 | itsdangerous==0.24 4 | Jinja2==2.10 5 | MarkupSafe==1.0 6 | Werkzeug==0.14.1 7 | -------------------------------------------------------------------------------- /awesome-cats/src/static/assets/images/cat-2948404.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/awesome-cats/src/static/assets/images/cat-2948404.jpg -------------------------------------------------------------------------------- /awesome-cats/src/static/assets/images/cat-3354864.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/awesome-cats/src/static/assets/images/cat-3354864.jpg -------------------------------------------------------------------------------- /awesome-cats/src/static/assets/images/cat-3391592.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/awesome-cats/src/static/assets/images/cat-3391592.jpg -------------------------------------------------------------------------------- /awesome-cats/src/static/assets/images/cat-3396982.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/awesome-cats/src/static/assets/images/cat-3396982.jpg -------------------------------------------------------------------------------- /awesome-cats/src/static/assets/images/cat-3401683.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/awesome-cats/src/static/assets/images/cat-3401683.jpg -------------------------------------------------------------------------------- /awesome-cats/src/static/assets/images/dog-1718242.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/awesome-cats/src/static/assets/images/dog-1718242.jpg -------------------------------------------------------------------------------- /awesome-cats/src/static/assets/images/dog-3383461.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/awesome-cats/src/static/assets/images/dog-3383461.jpg -------------------------------------------------------------------------------- /awesome-cats/src/static/assets/images/dog-3397110.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/awesome-cats/src/static/assets/images/dog-3397110.jpg -------------------------------------------------------------------------------- /awesome-cats/src/static/assets/images/dog-801826.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/awesome-cats/src/static/assets/images/dog-801826.jpg -------------------------------------------------------------------------------- /dayjavous/web/fonts/glyphicons-halflings-regular.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/dayjavous/web/fonts/glyphicons-halflings-regular.eot -------------------------------------------------------------------------------- /dayjavous/web/fonts/glyphicons-halflings-regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/dayjavous/web/fonts/glyphicons-halflings-regular.ttf -------------------------------------------------------------------------------- /dayjavous/web/fonts/glyphicons-halflings-regular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/dayjavous/web/fonts/glyphicons-halflings-regular.woff -------------------------------------------------------------------------------- /dayjavous/web/fonts/glyphicons-halflings-regular.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/dayjavous/web/fonts/glyphicons-halflings-regular.woff2 -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/CFI-in-Kotlin/cfiEvent/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /FlagCollection/src/.buckconfig: -------------------------------------------------------------------------------- 1 | 2 | [android] 3 | target = Google Inc.:Google APIs:23 4 | 5 | [maven_repositories] 6 | central = https://repo1.maven.org/maven2 7 | -------------------------------------------------------------------------------- /magic_word/web/flag.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /serverless_cfi_λ/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | server: 5 | build: . 6 | ports: 7 | - "24002:5000" 8 | restart: "always" 9 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/res/drawable/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/CFI-in-Kotlin/cfiEvent/app/src/main/res/drawable/logo.png -------------------------------------------------------------------------------- /awesome-cats/src/static/assets/stylesheets/constants.css.map: -------------------------------------------------------------------------------- 1 | { 2 | "version": 3, 3 | "mappings": "", 4 | "sources": [], 5 | "names": [], 6 | "file": "constants.css" 7 | } -------------------------------------------------------------------------------- /unix_drive/UnixDrive.tar.xz: -------------------------------------------------------------------------------- 1 | version https://git-lfs.github.com/spec/v1 2 | oid sha256:933ba6119a6badc83a387a3792fd91d2893766992292d0126d627b7f9a96e7a2 3 | size 14163024 4 | -------------------------------------------------------------------------------- /FlagCollection/FlagCollection.apk: -------------------------------------------------------------------------------- 1 | version https://git-lfs.github.com/spec/v1 2 | oid sha256:b971762679b6361a38bc3ef4317ccf22e49101c6c563f4b455c5b2a3ee76ef0a 3 | size 8231938 4 | -------------------------------------------------------------------------------- /FlagCollection/src/android/gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/FlagCollection/src/android/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /awesome-cats/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "2" 2 | services: 3 | web: 4 | build: . 5 | ports: 6 | - "12001:80" 7 | volumes: 8 | - "./src/:/var/www/html" 9 | -------------------------------------------------------------------------------- /cheese-factory/src/application/database/the-cheese-factory.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/cheese-factory/src/application/database/the-cheese-factory.db -------------------------------------------------------------------------------- /FlagCollection/src/android/keystores/debug.keystore.properties: -------------------------------------------------------------------------------- 1 | key.store=debug.keystore 2 | key.alias=androiddebugkey 3 | key.store.password=android 4 | key.alias.password=android 5 | -------------------------------------------------------------------------------- /cheese-factory/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "2" 2 | services: 3 | web: 4 | build: . 5 | ports: 6 | - "12080:80" 7 | volumes: 8 | - "./src/:/var/www/html" 9 | -------------------------------------------------------------------------------- /windows_xp_mem_part1/memSecret.tar.xz: -------------------------------------------------------------------------------- 1 | version https://git-lfs.github.com/spec/v1 2 | oid sha256:38d1302bbe74ae9934b539bba9ac5405d1940c15107d8b7c5436d44cfa45d0f2 3 | size 97551916 4 | -------------------------------------------------------------------------------- /windows_xp_mem_part2/ieSecret.tar.xz: -------------------------------------------------------------------------------- 1 | version https://git-lfs.github.com/spec/v1 2 | oid sha256:e12eaf5f79cce341338e454ce109742b096c2c305fa24232e413d2e64eea1d7d 3 | size 110293236 4 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-hdpi/ic_launcher.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-hdpi/ic_launcher.png -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-mdpi/ic_launcher.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-mdpi/ic_launcher.png -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-xhdpi/ic_launcher.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-xhdpi/ic_launcher.png -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-xxhdpi/ic_launcher.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-xxhdpi/ic_launcher.png -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-xxxhdpi/ic_launcher.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-xxxhdpi/ic_launcher.png -------------------------------------------------------------------------------- /FlagCollection/src/android/app/src/main/res/mipmap-hdpi/ic_launcher.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/FlagCollection/src/android/app/src/main/res/mipmap-hdpi/ic_launcher.png -------------------------------------------------------------------------------- /FlagCollection/src/android/app/src/main/res/mipmap-mdpi/ic_launcher.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/FlagCollection/src/android/app/src/main/res/mipmap-mdpi/ic_launcher.png -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-hdpi/ic_launcher_round.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-hdpi/ic_launcher_round.png -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-mdpi/ic_launcher_round.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-mdpi/ic_launcher_round.png -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-xhdpi/ic_launcher_round.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-xhdpi/ic_launcher_round.png -------------------------------------------------------------------------------- /FlagCollection/src/android/app/src/main/res/mipmap-xhdpi/ic_launcher.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/FlagCollection/src/android/app/src/main/res/mipmap-xhdpi/ic_launcher.png -------------------------------------------------------------------------------- /FlagCollection/src/android/app/src/main/res/mipmap-xxhdpi/ic_launcher.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/FlagCollection/src/android/app/src/main/res/mipmap-xxhdpi/ic_launcher.png -------------------------------------------------------------------------------- /FlagCollection/src/android/app/src/main/res/mipmap-xxxhdpi/ic_launcher.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/FlagCollection/src/android/app/src/main/res/mipmap-xxxhdpi/ic_launcher.png -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-xxhdpi/ic_launcher_round.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-xxhdpi/ic_launcher_round.png -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-xxxhdpi/ic_launcher_round.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CFI-UL/2018-CFI-CTF/HEAD/CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-xxxhdpi/ic_launcher_round.png -------------------------------------------------------------------------------- /SOHOpelesslyBroken/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM httpd:latest 2 | COPY httpd.conf /usr/local/apache2/conf 3 | COPY challenge_files/print_flag /print_flag 4 | RUN chown root /print_flag 5 | RUN chmod 111 /print_flag 6 | -------------------------------------------------------------------------------- /ez_flag_cfi/src/can_y#u_get_the_flag?!: -------------------------------------------------------------------------------- 1 | // Good job! 2 | // Keep this in mind when doing web challenges ;) 3 | // https://www.w3.org/Protocols/HTTP/1.0/spec.html#URI-syntax 4 | CFI{y0u_4r3_3l_3nc0d1ngs} 5 | -------------------------------------------------------------------------------- /cheese-factory/src/application/views/about.php: -------------------------------------------------------------------------------- 1 |

The Cheese Factory

2 | Cheeses 3 | -------------------------------------------------------------------------------- /FlagCollection/src/index.js: -------------------------------------------------------------------------------- 1 | import { AppRegistry } from 'react-native'; 2 | import App from './src/App'; 3 | import { name as appName } from './app.json'; 4 | 5 | AppRegistry.registerComponent(appName, () => App); 6 | -------------------------------------------------------------------------------- /Labyrinth/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | server: 5 | build: . 6 | ports: 7 | - "24001:24001" 8 | restart: "always" 9 | environment: 10 | - "PORT=24001" 11 | -------------------------------------------------------------------------------- /serverless_cfi_λ/solution/Makefile: -------------------------------------------------------------------------------- 1 | all: bin/solution 2 | 3 | bin/solution: src/solution.hs 4 | [ -d bin ] || mkdir bin 5 | ghc -o ./bin/solution -outputdir ./bin ./src/solution.hs 6 | 7 | clean: 8 | rm -rf ./bin 9 | -------------------------------------------------------------------------------- /FlagCollection/src/android/keystores/BUCK: -------------------------------------------------------------------------------- 1 | keystore( 2 | name = "debug", 3 | properties = "debug.keystore.properties", 4 | store = "debug.keystore", 5 | visibility = [ 6 | "PUBLIC", 7 | ], 8 | ) 9 | -------------------------------------------------------------------------------- /guess_the_number/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | 3 | services: 4 | server: 5 | build: . 6 | ports: 7 | - "24000:24000" 8 | restart: "always" 9 | environment: 10 | - "PORT=24000" 11 | -------------------------------------------------------------------------------- /hacking-tool/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ruby:2.5 2 | 3 | WORKDIR /usr/src/app 4 | 5 | COPY ./src/Gemfile . 6 | COPY ./src/Gemfile.lock . 7 | RUN bundle install 8 | 9 | COPY ./src . 10 | 11 | CMD [ "ruby", "./app.rb" ] 12 | -------------------------------------------------------------------------------- /equation_solving/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | server: 5 | build: . 6 | ports: 7 | - "24003:24003" 8 | restart: "always" 9 | environment: 10 | - "PORT=24003" 11 | -------------------------------------------------------------------------------- /SOHOpelesslyBroken/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | services: 3 | web: 4 | build: . 5 | ports: 6 | - "50500:80" 7 | volumes: 8 | - ./src:/usr/local/apache2/htdocs/ 9 | - ./cgi-bin:/usr/local/apache2/cgi-bin/ 10 | -------------------------------------------------------------------------------- /hacking-tool/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | server: 4 | build: . 5 | ports: 6 | - "23200:23200" 7 | restart: "always" 8 | environment: 9 | - "PORT=23200" 10 | - "APP_ENV=production" 11 | -------------------------------------------------------------------------------- /Chinese_Food/setup.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | from setuptools import setup 3 | 4 | requirements = [ 5 | "setuptools", 6 | ] 7 | setup( 8 | name="chinese-food", 9 | version="0.0.1", 10 | install_requires=requirements, 11 | ) 12 | -------------------------------------------------------------------------------- /Congolexicomatisation/setup.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | from setuptools import setup 3 | 4 | requirements = [ 5 | "setuptools", 6 | ] 7 | setup( 8 | name="hercule", 9 | version="0.0.1", 10 | install_requires=requirements, 11 | ) 12 | -------------------------------------------------------------------------------- /hercule/setup.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | from setuptools import setup 3 | requirements = [ 4 | "setuptools", 5 | "cryptography", 6 | ] 7 | setup( 8 | name="hercule", 9 | version="0.0.1", 10 | install_requires=requirements, 11 | ) -------------------------------------------------------------------------------- /serverless_cfi_λ/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:3.7 2 | 3 | RUN apt-get update -y && apt-get install -y ghc 4 | 5 | WORKDIR /app 6 | COPY frontend/requirements.txt . 7 | RUN pip install -r requirements.txt 8 | 9 | COPY frontend/ . 10 | 11 | CMD [ "python", "app.py" ] 12 | -------------------------------------------------------------------------------- /thirteen-steps/setup.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | from setuptools import setup 4 | 5 | requirements = [ 6 | "setuptools", 7 | ] 8 | 9 | setup( 10 | name="thirteen-steps", 11 | version="0.0.1", 12 | install_requires=requirements, 13 | ) 14 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/release/output.json: -------------------------------------------------------------------------------- 1 | [{"outputType":{"type":"APK"},"apkInfo":{"type":"MAIN","splits":[],"versionCode":1,"versionName":"1.0","enabled":true,"outputFile":"app-release.apk","fullName":"release","baseName":"release"},"path":"app-release.apk","properties":{}}] -------------------------------------------------------------------------------- /FlagCollection/src/android/app/src/main/res/values/styles.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /serverless_cfi_λ/solution/src/solution.hs: -------------------------------------------------------------------------------- 1 | import Data.List( sortOn ) 2 | 3 | -- computes the value of a given string 4 | value :: String -> Int 5 | value line = sum $ map fromEnum line 6 | 7 | -- sort input lines by their value 8 | main = interact $ unlines . sortOn value . lines 9 | -------------------------------------------------------------------------------- /ez_flag_cfi/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | services: 3 | web: 4 | build: . 5 | ports: 6 | - "17000:80" 7 | volumes: 8 | - ./src:/var/www/html 9 | 10 | networks: 11 | default: 12 | ipam: 13 | config: 14 | - subnet: 10.133.11.0/24 15 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | #Fri Jun 01 19:36:21 EDT 2018 2 | distributionBase=GRADLE_USER_HOME 3 | distributionPath=wrapper/dists 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | distributionUrl=https\://services.gradle.org/distributions/gradle-4.4-all.zip 7 | -------------------------------------------------------------------------------- /FlagCollection/src/android/gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | #Wed Aug 22 21:17:12 EDT 2018 2 | distributionBase=GRADLE_USER_HOME 3 | distributionPath=wrapper/dists 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | distributionUrl=https\://services.gradle.org/distributions/gradle-4.1-all.zip 7 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/res/values/dimens.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 16dp 4 | 16dp 5 | 16dp 6 | 7 | -------------------------------------------------------------------------------- /SOHOpelesslyBroken/README.md: -------------------------------------------------------------------------------- 1 | # SOHOpelesslyBroken 2 | 3 | > web 4 | 5 | Author: [corb3nik](https://github.com/Corb3nik) 6 | 7 | http://localhost:50500 8 | 9 | 10 | ## Setup 11 | 12 | Requirements: 13 | - docker 14 | 15 | Start: 16 | 17 | ```shell 18 | docker-compose up 19 | ``` 20 | 21 | ## Writeup 22 | 23 | Coming soon. 24 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-anydpi-v26/ic_launcher.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/res/mipmap-anydpi-v26/ic_launcher_round.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/res/values/colors.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | #1D1D1B 4 | #E56765 5 | #E6332A 6 | #FFFFFF 7 | #575756 8 | #B2B2B2 9 | 10 | -------------------------------------------------------------------------------- /awesome-cats/src/src/assets/stylesheets/constants.scss: -------------------------------------------------------------------------------- 1 | // Colors. 2 | $seance: #641280; 3 | $sulu: #9df680; 4 | 5 | // Colors aliases. 6 | $primary-color: $seance; 7 | $secondary-color: $sulu; 8 | 9 | // Spacing. 10 | $v-space: 24px; 11 | $h-space: 16px; 12 | 13 | // Font. 14 | $font-family: 'Roboto', sans-serif; 15 | $font-light: 300; 16 | $font-regular: 400; 17 | $font-medium: 500; 18 | $font-bold: 700; 19 | -------------------------------------------------------------------------------- /awesome-cats/src/secret/todo.md: -------------------------------------------------------------------------------- 1 | # TODO 2 | 3 | - [x] learn markdown 4 | - [ ] learn php 5 | - [ ] learn database 6 | - [ ] learn javascript 7 | - [x] learn HTML 8 | - [x] learn CSS 9 | - [ ] buy some milk 10 | - [ ] workout 11 | - [ ] find some friends to have fun with 12 | - [x] learn _robots.txt_ (to keep my private stuff away from bad eyes) 13 | - [ ] write more often in my journal 14 | - [ ] have a better todo system -------------------------------------------------------------------------------- /dayjavous/README.md: -------------------------------------------------------------------------------- 1 | # Dayjavous 2 | 3 | > web 4 | 5 | Author: [corb3nik](https://github.com/Corb3nik) 6 | 7 | Are you allowed to view the flag? 8 | 9 | You'll need this : https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR) 10 | 11 | ## Setup 12 | 13 | Requirements: 14 | - docker 15 | 16 | Start: 17 | 18 | ```shell 19 | docker-compose up 20 | ``` 21 | 22 | ## Writeup 23 | 24 | Coming soon. 25 | 26 | -------------------------------------------------------------------------------- /cheese-factory/src/application/views/contact.php: -------------------------------------------------------------------------------- 1 |

Contact

2 | 3 |
4 |
5 |

Tel: 416-111-111

6 |

947 Broad Ave.

7 |

Elliot Lake, ON P5A J3M

8 |

Canada

9 |
10 |
11 | The Cheese Factory 12 |
13 |
14 | -------------------------------------------------------------------------------- /Labyrinth/src/bench.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from maze import RandomMaze 4 | import time 5 | 6 | def timing(f, *args): 7 | time1 = time.time() 8 | ret = f(*args) 9 | time2 = time.time() 10 | print('{:s} function took {:.3f} ms'.format(f.__name__, (time2-time1)*1000.0)) 11 | 12 | if __name__ == "__main__": 13 | for i in [10, 20, 30, 40, 50, 60, 70, 80, 90, 100]: 14 | timing(RandomMaze, i, i) 15 | timing(RandomMaze, i, i, False) 16 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/test/java/com/sagold/cfievent/ExampleUnitTest.kt: -------------------------------------------------------------------------------- 1 | package com.sagold.cfievent 2 | 3 | import org.junit.Test 4 | 5 | import org.junit.Assert.* 6 | 7 | /** 8 | * Example local unit test, which will execute on the development machine (host). 9 | * 10 | * See [testing documentation](http://d.android.com/tools/testing). 11 | */ 12 | class ExampleUnitTest { 13 | @Test 14 | fun addition_isCorrect() { 15 | assertEquals(4, 2 + 2) 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /awesome-cats/src/src/assets/stylesheets/mixins.scss: -------------------------------------------------------------------------------- 1 | @import 'constants'; 2 | 3 | @mixin base-font() { 4 | font-family: 'Roboto', sans-serif; 5 | line-height: normal; 6 | } 7 | 8 | @mixin titleize() { 9 | @include base-font; 10 | text-transform: uppercase; 11 | letter-spacing: .05em;; 12 | } 13 | 14 | @mixin linkify($color: $primary-color) { 15 | text-decoration: none; 16 | color: $color; 17 | 18 | &:active, 19 | &:visited, 20 | &:hover { 21 | color: $color; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/build/intermediates/lint-cache/maven.google/com/android/support/constraint/group-index.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /FlagCollection/src/android/app/src/main/java/com/flagcollection/MainActivity.java: -------------------------------------------------------------------------------- 1 | package com.flagcollection; 2 | 3 | import com.facebook.react.ReactActivity; 4 | 5 | public class MainActivity extends ReactActivity { 6 | 7 | /** 8 | * Returns the name of the main component registered from JavaScript. 9 | * This is used to schedule rendering of the component. 10 | */ 11 | @Override 12 | protected String getMainComponentName() { 13 | return "FlagCollection"; 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /equation_solving/src/solution.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import socket 4 | from equation import * 5 | 6 | soc = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 7 | soc.connect(("127.0.0.1", 24003)) 8 | 9 | res = "" 10 | while "\n\n" not in res: 11 | res += soc.recv(4096).decode() 12 | chal = res.strip().split("\n")[-1] 13 | sol = str(solve(chal)) 14 | print(sol) 15 | soc.send(f"{sol}\n".encode()) 16 | 17 | res = "" 18 | while "\n" not in res: 19 | res += soc.recv(4096).decode() 20 | print(res) 21 | -------------------------------------------------------------------------------- /webLogon-capture/README.md: -------------------------------------------------------------------------------- 1 | # webLogon capture 2 | 3 | > forensics 4 | 5 | Author: [jorkanofaln](https://github.com/jorkanofaln) 6 | 7 | An network capture to an insecure network 8 | 9 | 10 | ## Writeup 11 | 12 | Open Wireshark 13 | 14 | Follow the the TCP Stream 15 | 16 | Find the password field: `%20%43%46%49%7b%31%6e%73%33%63%75%72%33%5f%6c%30%67%30%6e%7d%20` 17 | 18 | visit [https://kt.gy/tools.html](https://kt.gy/tools.html) and URL decode the password 19 | 20 | There you have the flag! `CFI{1ns3cur3_l0g0n}` 21 | -------------------------------------------------------------------------------- /assets/style.js: -------------------------------------------------------------------------------- 1 | $(".form-control").bind({ 2 | focus: function() { 3 | $(this).addClass('input-filled-valid' ); 4 | }, 5 | blur: function() { 6 | if ($(this).val() === '') { 7 | $(this).removeClass('input-filled-valid' ); 8 | } 9 | } 10 | }); 11 | 12 | $(function () { 13 | $('.form-control').each(function () { 14 | if ($(this).val()) { 15 | $(this).addClass("input-filled-valid"); 16 | } 17 | }); 18 | 19 | $('[data-toggle="tooltip"]').tooltip() 20 | }) -------------------------------------------------------------------------------- /awesome-cats/src/static/assets/temporary/stylesheets/construction.css: -------------------------------------------------------------------------------- 1 | /* 2 | TODO: Add more style to the construction pages. 3 | Maybe background of a cat sleeping? 4 | */ 5 | 6 | .construction { 7 | height: 100vh; 8 | display: flex; 9 | flex-direction: column; 10 | align-items: center; 11 | justify-content: center; 12 | } 13 | 14 | .construction__message { 15 | font-size: 20px; 16 | /* text-decoration: underline; */ 17 | font-weight: 100; 18 | } 19 | 20 | .construction__image-placeholder { 21 | margin: 16px; 22 | } -------------------------------------------------------------------------------- /dayjavous/web/js/npm.js: -------------------------------------------------------------------------------- 1 | // This file is autogenerated via the `commonjs` Grunt task. You can require() this file in a CommonJS environment. 2 | require('../../js/transition.js') 3 | require('../../js/alert.js') 4 | require('../../js/button.js') 5 | require('../../js/carousel.js') 6 | require('../../js/collapse.js') 7 | require('../../js/dropdown.js') 8 | require('../../js/modal.js') 9 | require('../../js/tooltip.js') 10 | require('../../js/popover.js') 11 | require('../../js/scrollspy.js') 12 | require('../../js/tab.js') 13 | require('../../js/affix.js') -------------------------------------------------------------------------------- /maths/solution.hs: -------------------------------------------------------------------------------- 1 | import Data.Char 2 | 3 | -- stolen prime generator 4 | primes :: [Int] 5 | primes = 2: 3: sieve (tail primes) [5,7..] 6 | where 7 | sieve (p:ps) xs = h ++ sieve ps [x | x <- t, x `rem` p /= 0] 8 | where (h,~(_:t)) = span (< p*p) xs 9 | 10 | -- gets digits from string 11 | digits :: String -> [Int] 12 | digits s = map digitToInt s 13 | 14 | -- find products of digits of the sum of ints 15 | solve :: [Int] -> Int 16 | solve p = product . digits . show $ sum p 17 | 18 | -- enjoy 19 | main = putStrLn . show . solve $ take 10000 primes 20 | -------------------------------------------------------------------------------- /Labyrinth/src/client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import socket 4 | from maze import CsvMaze 5 | import solver 6 | 7 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 8 | sock.connect(("localhost", 24001)) 9 | 10 | try: 11 | msg = "" 12 | while "\n\n" not in msg: 13 | part = sock.recv(4096) 14 | msg += part.decode() 15 | 16 | csv = "\n".join(msg.split("\n")[2:-2]) 17 | m = CsvMaze(csv) 18 | sock.sendall(f"{solver.get_path(m)}\n".encode()) 19 | print(sock.recv(4096).decode()) 20 | 21 | finally: 22 | sock.close() 23 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/res/layout/activity_information.xml: -------------------------------------------------------------------------------- 1 | 2 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /introToPE/README.md: -------------------------------------------------------------------------------- 1 | # IntroToPE 2 | 3 | > reverse 4 | 5 | Author: [jorkanofaln](https://github.com/jorkanofaln) 6 | 7 | a binary created on your friend Bill's platform 8 | 9 | 10 | ## Writeup 11 | 12 | Open the binary in _DnSpy_ 13 | 14 | Click on `IntroToPE` 15 | 16 | Go to the `IntroToPE.exe` menu 17 | 18 | Open the `IntroToPE` classes 19 | 20 | Go to the `verifyPasswd` class 21 | 22 | Analyze the `verifyPasswd` function 23 | 24 | Decode the string using [https://kt.gy/tools.html](https://kt.gy/tools.html) 25 | 26 | There you have the flag! `CFI{.NetC#_1s_@w3s0m3}` 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /assets/sticky-footer.css: -------------------------------------------------------------------------------- 1 | /* Sticky footer styles 2 | -------------------------------------------------- */ 3 | html { 4 | position: relative; 5 | min-height: 100%; 6 | } 7 | 8 | body { 9 | margin-bottom: 60px; /* Margin bottom by footer height */ 10 | } 11 | 12 | .footer { 13 | position: absolute; 14 | bottom: 1px; /* prevent scrollbars from showing on pages that don't use the full page height */ 15 | width: 100%; 16 | height: 60px; /* Set the fixed height of the footer here */ 17 | line-height: 60px; /* Vertically center the text there */ 18 | /*background-color: #f5f5f5;*/ 19 | } -------------------------------------------------------------------------------- /automated_reversing/solution.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | flag = "" 4 | for i in xrange(970): 5 | path = "binaries/binary{}".format(i) 6 | with open(path, "r") as f: 7 | binary = f.read() 8 | operator = binary[0xca] 9 | key = binary[0xcb] 10 | check = binary[0xce] 11 | 12 | if operator == "\xc2": # add 13 | flag += chr((ord(check) - ord(key)) & 0xff) 14 | 15 | elif operator == "\xea": # sub 16 | flag += chr((ord(check) + ord(key)) & 0xff) 17 | 18 | else: 19 | flag += chr(ord(check) ^ ord(key)) 20 | 21 | print flag 22 | -------------------------------------------------------------------------------- /SOHOpelesslyBroken/challenge_files/fetch.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | int main(int argc, char *argv[]) { 4 | 5 | // Headers 6 | printf("Content-Type: image/gif\n\n"); 7 | 8 | // Body 9 | char *qs = getenv("QUERY_STRING"); 10 | FILE *f = fopen(qs, "rb"); 11 | 12 | char output = 0; 13 | 14 | if (f == NULL) { 15 | printf("File does not exist."); 16 | return 0; 17 | } 18 | 19 | // Get file size 20 | fseek(f, 0L, SEEK_END); 21 | unsigned int size = ftell(f); 22 | 23 | rewind(f); 24 | for (int i = 0; i < size; ++i) { 25 | output = fgetc(f); 26 | printf("%c", output); 27 | } 28 | 29 | } 30 | -------------------------------------------------------------------------------- /awesome-cats/src/secret/journal.md: -------------------------------------------------------------------------------- 1 | # Journal 2 | 3 | ## Entry 2013-08-20 4 | 5 | Today I walk down the street to get some milk to the grocery store - I was hoping to make a friend. When suddenly I saw I cat looking at me from a window. He was so cute!!! Since that day I'm in love with cats. 6 | 7 | ## Entry 2014-12-24 8 | 9 | Today I learn about `robots.txt` and how it can block bot from crawling and indexing my website. 10 | 11 | ## Entry 2018-05-16 12 | 13 | Today I went to the park - hoping to make a friend. I made no friend, but I found a weird inscription on a bench: `CFI{nothing_sensitive_goes_in_robots.txt}`. I don't know what that means. 14 | 15 | -------------------------------------------------------------------------------- /FlagCollection/src/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "FlagCollection", 3 | "version": "0.0.1", 4 | "private": true, 5 | "scripts": { 6 | "start": "node node_modules/react-native/local-cli/cli.js start", 7 | "emulator": "$ANDROID_HOME/tools/emulator -avd PixelXL -wipe-data", 8 | "test": "jest" 9 | }, 10 | "dependencies": { 11 | "buffer": "^5.2.0", 12 | "react": "16.4.1", 13 | "react-native": "0.56.0" 14 | }, 15 | "devDependencies": { 16 | "babel-jest": "23.4.2", 17 | "babel-preset-react-native": "^5", 18 | "jest": "23.5.0", 19 | "react-test-renderer": "16.4.1" 20 | }, 21 | "jest": { 22 | "preset": "react-native" 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /awesome-cats/src/cats-best.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Best Cats | ⚠️ Under Construction 6 | 7 | 8 | 9 | 10 | 11 |
12 |
13 |

⚠️ Under Construction

14 | 15 |
16 |
17 | 18 | -------------------------------------------------------------------------------- /awesome-cats/src/secret/javascript.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | javascript playground 6 | 7 | 8 |

javascript playground

9 |

Check the console:

10 | 25 | 26 | -------------------------------------------------------------------------------- /kadyrovs_cat/README.md: -------------------------------------------------------------------------------- 1 | # Kadyrov's Cat 2 | 3 | > forensics 4 | 5 | Author: [jorkanofaln](https://github.com/jorkanofaln) 6 | 7 | A man from the soviet union has sent you two strange documents. Find the identity 8 | of the man as well as his location. 9 | 10 | Flag format is : `CFI{Firstname_Lastname_of_City}` 11 | 12 | 13 | ## Writeup 14 | 15 | Use an exif data viewer for the image and find it's location 16 | 17 | Find the geograhic coordonates and insert them in a longitude/latutude calculator 18 | 19 | Read the pdf using a pdf reader and view it's properties 20 | 21 | Then build the flag using the following Author_of_location 22 | 23 | There you have the flag! `CFI{Kotik_Kadyrov_of_Riga}` 24 | 25 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/build/intermediates/lint-cache/maven.google/com/android/support/test/group-index.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/tests/input/3: -------------------------------------------------------------------------------- 1 | twelfhyndeman 2 | gith 3 | retelling 4 | ashkoko 5 | Banyai 6 | ultraobscure 7 | ectromelus 8 | unafeard 9 | quintain 10 | preanal 11 | enage 12 | deformism 13 | dermatopathic 14 | shikimic 15 | carbonyl 16 | anconoid 17 | superformal 18 | supercharger 19 | quizzy 20 | inbringer 21 | eventration 22 | coper 23 | heckelphone 24 | resalable 25 | anarchical 26 | buyer 27 | earliness 28 | langle 29 | tapesium 30 | totemically 31 | nonfloriferous 32 | chylific 33 | Trigynia 34 | epitenon 35 | cungeboi 36 | wareroom 37 | betafite 38 | unaccording 39 | Notkerian 40 | argentamine 41 | mucedinaceous 42 | unwonted 43 | kinesthesis 44 | opposingly 45 | underided 46 | reinvolve 47 | Egyptian 48 | strabismical 49 | ophiurid 50 | rumorous 51 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/tests/output/3: -------------------------------------------------------------------------------- 1 | gith 2 | enage 3 | coper 4 | buyer 5 | Banyai 6 | langle 7 | quizzy 8 | preanal 9 | ashkoko 10 | Egyptian 11 | betafite 12 | unafeard 13 | Trigynia 14 | anconoid 15 | chylific 16 | cungeboi 17 | shikimic 18 | carbonyl 19 | epitenon 20 | ophiurid 21 | tapesium 22 | quintain 23 | wareroom 24 | unwonted 25 | rumorous 26 | resalable 27 | Notkerian 28 | underided 29 | inbringer 30 | retelling 31 | deformism 32 | earliness 33 | reinvolve 34 | anarchical 35 | ectromelus 36 | opposingly 37 | heckelphone 38 | argentamine 39 | unaccording 40 | totemically 41 | kinesthesis 42 | eventration 43 | superformal 44 | strabismical 45 | supercharger 46 | ultraobscure 47 | dermatopathic 48 | mucedinaceous 49 | twelfhyndeman 50 | nonfloriferous 51 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/tests/input/6: -------------------------------------------------------------------------------- 1 | Pythiad 2 | acertannin 3 | ballroom 4 | lairdie 5 | wagbeard 6 | lipstick 7 | posthypophyseal 8 | pingle 9 | Corriedale 10 | extemporaneous 11 | analabos 12 | fossillike 13 | townsman 14 | protovestiary 15 | theoretician 16 | regnant 17 | muggles 18 | mythologist 19 | mabolo 20 | pallet 21 | flagleaf 22 | appredicate 23 | nematognath 24 | pulpifier 25 | gurrah 26 | nopalry 27 | machinize 28 | infusile 29 | accipitrine 30 | evacuee 31 | secernment 32 | patrological 33 | Squamipinnes 34 | duskiness 35 | Bacopa 36 | hallabaloo 37 | aerobian 38 | phonolite 39 | nickelous 40 | Aghlabite 41 | hematoxic 42 | psoriasic 43 | cariacine 44 | wranglingly 45 | unallowed 46 | septum 47 | semimonastic 48 | arras 49 | doctoress 50 | frisking 51 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/tests/output/6: -------------------------------------------------------------------------------- 1 | arras 2 | Bacopa 3 | mabolo 4 | pingle 5 | pallet 6 | gurrah 7 | septum 8 | Pythiad 9 | lairdie 10 | evacuee 11 | regnant 12 | muggles 13 | nopalry 14 | flagleaf 15 | wagbeard 16 | analabos 17 | aerobian 18 | ballroom 19 | frisking 20 | infusile 21 | lipstick 22 | townsman 23 | Aghlabite 24 | cariacine 25 | machinize 26 | hematoxic 27 | unallowed 28 | nickelous 29 | psoriasic 30 | pulpifier 31 | phonolite 32 | doctoress 33 | duskiness 34 | Corriedale 35 | hallabaloo 36 | acertannin 37 | secernment 38 | fossillike 39 | appredicate 40 | accipitrine 41 | nematognath 42 | wranglingly 43 | mythologist 44 | Squamipinnes 45 | theoretician 46 | patrological 47 | semimonastic 48 | protovestiary 49 | extemporaneous 50 | posthypophyseal 51 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/tests/input/4: -------------------------------------------------------------------------------- 1 | Maureen 2 | inglutition 3 | waivod 4 | Ornithopteris 5 | plumper 6 | dutifulness 7 | copping 8 | unmammonized 9 | religionless 10 | regional 11 | trust 12 | Jerald 13 | reclearance 14 | ridder 15 | preornamental 16 | archsaint 17 | ceilometer 18 | woodburytype 19 | uprush 20 | vibex 21 | underjailer 22 | parastichy 23 | paronomasiastic 24 | cate 25 | psychosomatics 26 | Dartagnan 27 | tavers 28 | subdivine 29 | unclad 30 | nonconcurrent 31 | unemerging 32 | inanimation 33 | osteopath 34 | amania 35 | yapness 36 | Roccella 37 | psychometry 38 | Ethiopian 39 | hemihypertrophy 40 | rewin 41 | notal 42 | autocatalyze 43 | infrastapedial 44 | bromcresol 45 | ostempyesis 46 | doegling 47 | coenobioid 48 | huipil 49 | cuckoo 50 | outbrazen 51 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/tests/output/4: -------------------------------------------------------------------------------- 1 | cate 2 | vibex 3 | notal 4 | rewin 5 | trust 6 | Jerald 7 | amania 8 | unclad 9 | ridder 10 | cuckoo 11 | waivod 12 | huipil 13 | tavers 14 | uprush 15 | Maureen 16 | copping 17 | yapness 18 | plumper 19 | Roccella 20 | doegling 21 | regional 22 | Dartagnan 23 | Ethiopian 24 | archsaint 25 | subdivine 26 | osteopath 27 | outbrazen 28 | coenobioid 29 | ceilometer 30 | unemerging 31 | parastichy 32 | bromcresol 33 | reclearance 34 | underjailer 35 | inanimation 36 | inglutition 37 | dutifulness 38 | ostempyesis 39 | psychometry 40 | religionless 41 | unmammonized 42 | autocatalyze 43 | woodburytype 44 | preornamental 45 | Ornithopteris 46 | nonconcurrent 47 | infrastapedial 48 | psychosomatics 49 | paronomasiastic 50 | hemihypertrophy 51 | -------------------------------------------------------------------------------- /FlagCollection/src/android/app/proguard-rules.pro: -------------------------------------------------------------------------------- 1 | # Add project specific ProGuard rules here. 2 | # By default, the flags in this file are appended to flags specified 3 | # in /usr/local/Cellar/android-sdk/24.3.3/tools/proguard/proguard-android.txt 4 | # You can edit the include path and order by changing the proguardFiles 5 | # directive in build.gradle. 6 | # 7 | # For more details, see 8 | # http://developer.android.com/guide/developing/tools/proguard.html 9 | 10 | # Add any project specific keep options here: 11 | 12 | # If your project uses WebView with JS, uncomment the following 13 | # and specify the fully qualified class name to the JavaScript interface 14 | # class: 15 | #-keepclassmembers class fqcn.of.javascript.interface.for.webview { 16 | # public *; 17 | #} 18 | -------------------------------------------------------------------------------- /hacking-tool/src/Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | backports (3.10.3) 5 | multi_json (1.12.2) 6 | mustermann (1.0.1) 7 | rack (2.0.3) 8 | rack-protection (2.0.0) 9 | rack 10 | sinatra (2.0.0) 11 | mustermann (~> 1.0) 12 | rack (~> 2.0) 13 | rack-protection (= 2.0.0) 14 | tilt (~> 2.0) 15 | sinatra-contrib (2.0.0) 16 | backports (>= 2.0) 17 | multi_json 18 | mustermann (~> 1.0) 19 | rack-protection (= 2.0.0) 20 | sinatra (= 2.0.0) 21 | tilt (>= 1.3, < 3) 22 | tilt (2.0.8) 23 | 24 | PLATFORMS 25 | ruby 26 | 27 | DEPENDENCIES 28 | sinatra 29 | sinatra-contrib 30 | 31 | RUBY VERSION 32 | ruby 2.5.1p57 33 | 34 | BUNDLED WITH 35 | 1.16.3 36 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/tests/input/7: -------------------------------------------------------------------------------- 1 | Zeuzeridae 2 | elastica 3 | epistoma 4 | thoracopagus 5 | bromoform 6 | annullate 7 | subdichotomy 8 | quayful 9 | uncanopied 10 | thurify 11 | insultingly 12 | regimental 13 | carpal 14 | punta 15 | intravasation 16 | Ophidiidae 17 | hodening 18 | precorrespondence 19 | nympholept 20 | unpriest 21 | plop 22 | outgush 23 | golem 24 | characinoid 25 | prosilient 26 | monochordist 27 | reburial 28 | vent 29 | kidnap 30 | Sericocarpus 31 | affectable 32 | dismally 33 | valeramide 34 | poetship 35 | limequat 36 | unfunny 37 | strawwork 38 | matchsafe 39 | unsurpassableness 40 | chastity 41 | historicopolitical 42 | bimeby 43 | undry 44 | ebriate 45 | cricoarytenoid 46 | lyophobe 47 | unpresentability 48 | hemathidrosis 49 | imbed 50 | magneton 51 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/tests/input/9: -------------------------------------------------------------------------------- 1 | peridotite 2 | fret 3 | nonsubsiding 4 | lurdanism 5 | impasture 6 | barbel 7 | Maulawiyah 8 | sausagelike 9 | unfurious 10 | lifelessly 11 | lapidescent 12 | synedrion 13 | immunogenically 14 | Evea 15 | taratantarize 16 | unnutritious 17 | intext 18 | estimative 19 | supergratify 20 | palaestra 21 | animalize 22 | multungulate 23 | cathin 24 | bursiculate 25 | mythometer 26 | Calydon 27 | fatalize 28 | ephoral 29 | firer 30 | Tropidoleptus 31 | humidate 32 | callipygian 33 | strengite 34 | volunteership 35 | nymphly 36 | peltingly 37 | Mahayanism 38 | illusory 39 | jinrikiman 40 | ficoid 41 | dulwilly 42 | mesophytic 43 | accusable 44 | foreganger 45 | sachem 46 | torve 47 | euaster 48 | unrubified 49 | psychostasy 50 | communicativeness 51 | -------------------------------------------------------------------------------- /awesome-cats/src/cats-and-mouse.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Cats & Mouse | ⚠️ Under Construction 6 | 7 | 8 | 9 | 10 | 11 |
12 |
13 |

⚠️ Under Construction

14 | 15 | 17 |
18 |
19 | 20 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/tests/output/7: -------------------------------------------------------------------------------- 1 | plop 2 | vent 3 | imbed 4 | golem 5 | punta 6 | undry 7 | carpal 8 | kidnap 9 | bimeby 10 | ebriate 11 | quayful 12 | thurify 13 | outgush 14 | unfunny 15 | elastica 16 | hodening 17 | reburial 18 | magneton 19 | dismally 20 | epistoma 21 | limequat 22 | lyophobe 23 | chastity 24 | poetship 25 | unpriest 26 | matchsafe 27 | annullate 28 | bromoform 29 | Ophidiidae 30 | strawwork 31 | affectable 32 | Zeuzeridae 33 | valeramide 34 | uncanopied 35 | regimental 36 | prosilient 37 | nympholept 38 | characinoid 39 | insultingly 40 | Sericocarpus 41 | thoracopagus 42 | monochordist 43 | subdichotomy 44 | hemathidrosis 45 | intravasation 46 | cricoarytenoid 47 | unpresentability 48 | precorrespondence 49 | unsurpassableness 50 | historicopolitical 51 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/tests/output/9: -------------------------------------------------------------------------------- 1 | Evea 2 | fret 3 | firer 4 | torve 5 | barbel 6 | ficoid 7 | sachem 8 | cathin 9 | intext 10 | Calydon 11 | ephoral 12 | euaster 13 | nymphly 14 | fatalize 15 | humidate 16 | dulwilly 17 | illusory 18 | accusable 19 | animalize 20 | palaestra 21 | lurdanism 22 | strengite 23 | peltingly 24 | impasture 25 | synedrion 26 | unfurious 27 | Mahayanism 28 | Maulawiyah 29 | foreganger 30 | jinrikiman 31 | unrubified 32 | peridotite 33 | estimative 34 | lifelessly 35 | mesophytic 36 | mythometer 37 | lapidescent 38 | callipygian 39 | sausagelike 40 | bursiculate 41 | psychostasy 42 | nonsubsiding 43 | supergratify 44 | multungulate 45 | unnutritious 46 | taratantarize 47 | Tropidoleptus 48 | volunteership 49 | immunogenically 50 | communicativeness 51 | -------------------------------------------------------------------------------- /awesome-cats/src/cats-cute.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Best Cats | ⚠️ Under Construction 6 | 7 | 8 | 9 | 10 | 11 |
12 |
13 |

⚠️ Under Construction

14 | 15 |
16 | Cute cats coming soon. 17 |
18 |
19 |
20 | 21 | -------------------------------------------------------------------------------- /cheese-factory/src/application/views/home.php: -------------------------------------------------------------------------------- 1 |

The Cheese Factory

2 | 3 |

Our cheeses

4 | query('SELECT * FROM cheeses WHERE secret = 0;'); 7 | while ($result = $results->fetchArray(1)) { 8 | $cheeses[] = $result; 9 | } 10 | ?> 11 | 12 |
13 | 14 |
15 |

16 | Cheese image 17 |

18 | 19 |
20 | 21 |
22 | 23 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/tests/input/1: -------------------------------------------------------------------------------- 1 | multivalency 2 | subacuminate 3 | angico 4 | ganja 5 | chickling 6 | mutationist 7 | seduct 8 | undercause 9 | shab 10 | slaver 11 | introflex 12 | nonexultation 13 | pleurobranch 14 | Anatoly 15 | pharmacomaniacal 16 | fainting 17 | ericeticolous 18 | elutriation 19 | snowflower 20 | limer 21 | unfrightenedness 22 | neofetus 23 | honeylike 24 | unoverthrown 25 | piedness 26 | intercolonization 27 | ectocornea 28 | tyramine 29 | burnishing 30 | signpost 31 | Limosella 32 | Characinidae 33 | bombinate 34 | tubig 35 | omnify 36 | rootcap 37 | phonotypic 38 | Uro 39 | unbribableness 40 | epactal 41 | Sogdian 42 | incompliancy 43 | Pupillidae 44 | filelike 45 | nostic 46 | unexperimental 47 | misplace 48 | Oryzorictes 49 | swartrutter 50 | rompishly 51 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/tests/input/8: -------------------------------------------------------------------------------- 1 | unreflectively 2 | unidirection 3 | cornettino 4 | discordantly 5 | faithlessly 6 | trysting 7 | undistinctive 8 | Bourbonism 9 | zephyrless 10 | Zenaidinae 11 | Chorioptes 12 | encarnadine 13 | precociousness 14 | burial 15 | mediate 16 | ranselman 17 | tony 18 | rebias 19 | colonizer 20 | pseudoptosis 21 | seasider 22 | unloose 23 | lawmaker 24 | Adelphian 25 | jereed 26 | sacrum 27 | nonpurchase 28 | tinkerbird 29 | Palaeognathae 30 | ampullaceous 31 | inocular 32 | tentless 33 | pedodontist 34 | beckiron 35 | Tagakaolo 36 | unexorbitant 37 | scabrid 38 | Stone 39 | snails 40 | hyperdeify 41 | unfaultfinding 42 | architecturally 43 | playbill 44 | defedation 45 | pulka 46 | astrologer 47 | pibroch 48 | sophisticator 49 | pezizaeform 50 | aube 51 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/tests/output/1: -------------------------------------------------------------------------------- 1 | Uro 2 | shab 3 | ganja 4 | limer 5 | tubig 6 | angico 7 | seduct 8 | slaver 9 | nostic 10 | omnify 11 | Sogdian 12 | Anatoly 13 | epactal 14 | rootcap 15 | filelike 16 | misplace 17 | fainting 18 | piedness 19 | neofetus 20 | tyramine 21 | signpost 22 | Limosella 23 | chickling 24 | bombinate 25 | honeylike 26 | introflex 27 | rompishly 28 | Pupillidae 29 | ectocornea 30 | undercause 31 | burnishing 32 | phonotypic 33 | snowflower 34 | Characinidae 35 | Oryzorictes 36 | elutriation 37 | mutationist 38 | swartrutter 39 | subacuminate 40 | pleurobranch 41 | incompliancy 42 | multivalency 43 | unoverthrown 44 | ericeticolous 45 | nonexultation 46 | unbribableness 47 | unexperimental 48 | pharmacomaniacal 49 | unfrightenedness 50 | intercolonization 51 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/tests/output/8: -------------------------------------------------------------------------------- 1 | aube 2 | tony 3 | Stone 4 | pulka 5 | jereed 6 | rebias 7 | burial 8 | snails 9 | sacrum 10 | scabrid 11 | mediate 12 | pibroch 13 | unloose 14 | beckiron 15 | seasider 16 | lawmaker 17 | playbill 18 | inocular 19 | tentless 20 | trysting 21 | Adelphian 22 | Tagakaolo 23 | ranselman 24 | colonizer 25 | Zenaidinae 26 | defedation 27 | Bourbonism 28 | Chorioptes 29 | tinkerbird 30 | hyperdeify 31 | astrologer 32 | cornettino 33 | zephyrless 34 | encarnadine 35 | nonpurchase 36 | faithlessly 37 | pezizaeform 38 | pedodontist 39 | ampullaceous 40 | unidirection 41 | discordantly 42 | unexorbitant 43 | Palaeognathae 44 | pseudoptosis 45 | undistinctive 46 | sophisticator 47 | unfaultfinding 48 | unreflectively 49 | precociousness 50 | architecturally 51 | -------------------------------------------------------------------------------- /awesome-cats/src/README.md: -------------------------------------------------------------------------------- 1 | # Awesome Cats 🐈 2 | 3 | > Cats are the kings of the animal kingdom. 4 | 5 | ## instructions 6 | 7 | 1. Love ❤️ cats, and only cats. 8 | 2. Open `index.html` in your browser. 9 | 3. Enjoy! 10 | 11 | ## requirements 12 | 13 | - ruby 14 | - rubygems 15 | 16 | ## development 17 | 18 | Install gem [sass][https://rubygems.org/gems/sass]. 19 | 20 | ```bash 21 | gem install sass 22 | ``` 23 | 24 | Compile the CSS files. 25 | 26 | ```bash 27 | sass src/assets/stylesheets/style.scss static/assets/stylesheets/style.css 28 | ``` 29 | 30 | Compile the CSS files and watch for changes. 31 | 32 | ```bash 33 | sass --watch src/assets/stylesheets/style.scss:static/assets/stylesheets/style.css 34 | ``` 35 | 36 | ## license 37 | 38 | No license, but don't steal my code please. -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/tests/input/0: -------------------------------------------------------------------------------- 1 | letterer 2 | Shakeress 3 | attestator 4 | inflatedly 5 | areocentric 6 | oofy 7 | resort 8 | spectacularly 9 | trunch 10 | aminopropionic 11 | undermotion 12 | turnipwood 13 | torpor 14 | oppositeness 15 | dermatrophia 16 | dutied 17 | unsayability 18 | thrombocyst 19 | postage 20 | vage 21 | nonequivalent 22 | Acephala 23 | macrosplanchnic 24 | officiator 25 | frontopontine 26 | goffer 27 | boarwood 28 | penster 29 | kahu 30 | reutilization 31 | pentahedrous 32 | phlebographical 33 | preachingly 34 | arsheen 35 | Tsiltaden 36 | bursal 37 | tangibile 38 | trepanning 39 | aelurophobia 40 | burbank 41 | ombrograph 42 | reintegration 43 | harmonicism 44 | prepink 45 | enforcible 46 | scimitared 47 | tetanus 48 | commercialism 49 | mainpin 50 | lipophore 51 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/tests/input/5: -------------------------------------------------------------------------------- 1 | heliotherapy 2 | respirative 3 | oviscapt 4 | indulgentially 5 | hillebrandite 6 | trintle 7 | Riss 8 | membranula 9 | Arizonian 10 | tuberculated 11 | retreatment 12 | Letitia 13 | retrocolic 14 | reconciling 15 | Orthis 16 | Lenora 17 | anoplothere 18 | synoecy 19 | Maghribi 20 | demiatheism 21 | amentulum 22 | girasol 23 | unfigurable 24 | Membraniporidae 25 | drogherman 26 | abominableness 27 | branchy 28 | Siddhanta 29 | siciliana 30 | Exogenae 31 | chaukidari 32 | unextraordinary 33 | zeuzerian 34 | clouded 35 | dragsaw 36 | papillectomy 37 | finicking 38 | taenial 39 | uranometry 40 | enduement 41 | didst 42 | tillite 43 | interimistical 44 | stopple 45 | pluteiform 46 | umbellar 47 | hydrobromide 48 | winterly 49 | burmanniaceous 50 | viperling 51 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/tests/output/0: -------------------------------------------------------------------------------- 1 | vage 2 | kahu 3 | oofy 4 | goffer 5 | dutied 6 | bursal 7 | trunch 8 | resort 9 | torpor 10 | burbank 11 | arsheen 12 | mainpin 13 | postage 14 | prepink 15 | penster 16 | tetanus 17 | Acephala 18 | boarwood 19 | letterer 20 | Tsiltaden 21 | Shakeress 22 | tangibile 23 | lipophore 24 | enforcible 25 | scimitared 26 | officiator 27 | inflatedly 28 | ombrograph 29 | trepanning 30 | attestator 31 | turnipwood 32 | areocentric 33 | preachingly 34 | harmonicism 35 | undermotion 36 | thrombocyst 37 | aelurophobia 38 | dermatrophia 39 | pentahedrous 40 | unsayability 41 | oppositeness 42 | commercialism 43 | reintegration 44 | spectacularly 45 | nonequivalent 46 | reutilization 47 | frontopontine 48 | aminopropionic 49 | phlebographical 50 | macrosplanchnic 51 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/tests/output/5: -------------------------------------------------------------------------------- 1 | Riss 2 | didst 3 | Lenora 4 | Orthis 5 | Letitia 6 | taenial 7 | clouded 8 | branchy 9 | dragsaw 10 | girasol 11 | tillite 12 | trintle 13 | stopple 14 | synoecy 15 | Maghribi 16 | Exogenae 17 | umbellar 18 | oviscapt 19 | winterly 20 | Siddhanta 21 | Arizonian 22 | siciliana 23 | finicking 24 | enduement 25 | viperling 26 | amentulum 27 | zeuzerian 28 | chaukidari 29 | membranula 30 | drogherman 31 | retrocolic 32 | pluteiform 33 | uranometry 34 | demiatheism 35 | reconciling 36 | unfigurable 37 | anoplothere 38 | retreatment 39 | respirative 40 | tuberculated 41 | hydrobromide 42 | heliotherapy 43 | papillectomy 44 | hillebrandite 45 | abominableness 46 | burmanniaceous 47 | interimistical 48 | indulgentially 49 | Membraniporidae 50 | unextraordinary 51 | -------------------------------------------------------------------------------- /cheese-factory/src/application/config/config.php: -------------------------------------------------------------------------------- 1 | programming 4 | 5 | Author: [filedesless](https://github.com/filedesless) 6 | 7 | Find the product of the digits of the sum of the first 10000 prime numbers 8 | 9 | 10 | ## Writeup 11 | 12 | ```haskell 13 | import Data.Char 14 | 15 | -- stolen prime generator 16 | primes :: [Int] 17 | primes = 2: 3: sieve (tail primes) [5,7..] 18 | where 19 | sieve (p:ps) xs = h ++ sieve ps [x | x <- t, x `rem` p /= 0] 20 | where (h,~(_:t)) = span (< p*p) xs 21 | 22 | -- gets digits from string 23 | digits :: String -> [Int] 24 | digits s = map digitToInt s 25 | 26 | -- find products of digits of the sum of ints 27 | solve :: [Int] -> Int 28 | solve p = product . digits . show $ sum p 29 | 30 | -- enjoy 31 | main = putStrLn . show . solve $ take 10000 primes 32 | ``` 33 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/tests/input/2: -------------------------------------------------------------------------------- 1 | stoga 2 | withholdal 3 | incorrigible 4 | ultramicrochemist 5 | trachelotomy 6 | liquiform 7 | pontocerebellar 8 | hebetomy 9 | bottle 10 | asocial 11 | adolescence 12 | semivowel 13 | leptomedusan 14 | isobar 15 | tickbean 16 | periphrases 17 | codisjunct 18 | sibship 19 | mispunctuation 20 | potentialization 21 | shankings 22 | cockneyishly 23 | gudefather 24 | gamodesmy 25 | unterrorized 26 | varicose 27 | serotine 28 | counteralliance 29 | undisowned 30 | calcium 31 | unephemeral 32 | Draconism 33 | gaslock 34 | myogenesis 35 | ungirded 36 | discontiguous 37 | pterobranchiate 38 | cherishment 39 | sapogenin 40 | courser 41 | magnetochemistry 42 | stileman 43 | masculinize 44 | wool 45 | Dawsonia 46 | boloroot 47 | androphagous 48 | timeliine 49 | tonjon 50 | pancreatalgia 51 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/tests/output/2: -------------------------------------------------------------------------------- 1 | wool 2 | stoga 3 | isobar 4 | bottle 5 | tonjon 6 | asocial 7 | calcium 8 | gaslock 9 | sibship 10 | courser 11 | Dawsonia 12 | tickbean 13 | ungirded 14 | varicose 15 | hebetomy 16 | stileman 17 | serotine 18 | boloroot 19 | Draconism 20 | timeliine 21 | sapogenin 22 | shankings 23 | gamodesmy 24 | liquiform 25 | semivowel 26 | gudefather 27 | withholdal 28 | codisjunct 29 | undisowned 30 | myogenesis 31 | adolescence 32 | unephemeral 33 | cherishment 34 | masculinize 35 | periphrases 36 | incorrigible 37 | androphagous 38 | leptomedusan 39 | cockneyishly 40 | trachelotomy 41 | unterrorized 42 | pancreatalgia 43 | discontiguous 44 | mispunctuation 45 | counteralliance 46 | pterobranchiate 47 | pontocerebellar 48 | magnetochemistry 49 | potentialization 50 | ultramicrochemist 51 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/androidTest/java/com/sagold/cfievent/ExampleInstrumentedTest.kt: -------------------------------------------------------------------------------- 1 | package com.sagold.cfievent 2 | 3 | import android.support.test.InstrumentationRegistry 4 | import android.support.test.runner.AndroidJUnit4 5 | 6 | import org.junit.Test 7 | import org.junit.runner.RunWith 8 | 9 | import org.junit.Assert.* 10 | 11 | /** 12 | * Instrumented test, which will execute on an Android device. 13 | * 14 | * See [testing documentation](http://d.android.com/tools/testing). 15 | */ 16 | @RunWith(AndroidJUnit4::class) 17 | class ExampleInstrumentedTest { 18 | @Test 19 | fun useAppContext() { 20 | // Context of the app under test. 21 | val appContext = InstrumentationRegistry.getTargetContext() 22 | assertEquals("com.sagold.cfievent", appContext.packageName) 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /guess_the_number/src/solution.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import socket 4 | 5 | soc = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 6 | soc.connect(("127.0.0.1", 24000)) 7 | 8 | tries = 0 9 | 10 | res = soc.recv(4096).decode() 11 | print(res) 12 | l, r = 0, 2 ** 32 - 1 13 | 14 | while l <= r and "CFI" not in res: 15 | guess = l + (r - l) // 2 16 | clients_input = f"{guess}".encode() 17 | print(f"> {clients_input}") 18 | 19 | soc.send(clients_input) # we must encode the string to bytes 20 | tries += 1 21 | result_bytes = soc.recv(4096) # the number means how the response can be in bytes 22 | res = result_bytes.decode("utf8") # the return will be in bytes, so decode 23 | print(f"< {res}") 24 | 25 | if "high" in res: 26 | r = guess - 1 27 | elif "low" in res: 28 | l = guess + 1 29 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/build.gradle: -------------------------------------------------------------------------------- 1 | // Top-level build file where you can add configuration options common to all sub-projects/modules. 2 | 3 | buildscript { 4 | ext.kotlin_version = '1.2.41' 5 | repositories { 6 | google() 7 | jcenter() 8 | } 9 | dependencies { 10 | classpath 'com.android.tools.build:gradle:3.1.3' 11 | classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version" 12 | classpath 'com.google.gms:google-services:4.0.0' 13 | 14 | // NOTE: Do not place your application dependencies here; they belong 15 | // in the individual module build.gradle files 16 | } 17 | } 18 | 19 | allprojects { 20 | repositories { 21 | google() 22 | jcenter() 23 | } 24 | } 25 | 26 | task clean(type: Delete) { 27 | delete rootProject.buildDir 28 | } 29 | -------------------------------------------------------------------------------- /awesome-cats/src/old/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Emoji 6 | 7 | 17 | 18 | 19 |

Emojis

20 | 21 | 22 |

23 | 🚀 🐈 🍺 ✌🏻 🍕 🎉 🐶 🤖 24 |

25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/proguard-rules.pro: -------------------------------------------------------------------------------- 1 | # Add project specific ProGuard rules here. 2 | # You can control the set of applied configuration files using the 3 | # proguardFiles setting in build.gradle. 4 | # 5 | # For more details, see 6 | # http://developer.android.com/guide/developing/tools/proguard.html 7 | 8 | # If your project uses WebView with JS, uncomment the following 9 | # and specify the fully qualified class name to the JavaScript interface 10 | # class: 11 | #-keepclassmembers class fqcn.of.javascript.interface.for.webview { 12 | # public *; 13 | #} 14 | 15 | # Uncomment this to preserve the line number information for 16 | # debugging stack traces. 17 | #-keepattributes SourceFile,LineNumberTable 18 | 19 | # If you keep the line number information, uncomment this to 20 | # hide the original source file name. 21 | #-renamesourcefileattribute SourceFile 22 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/res/values/strings.xml: -------------------------------------------------------------------------------- 1 | 2 | CFI - Event 3 | 4 | 5 | Email 6 | Password 7 | Sign in 8 | or 9 | Connect as a guest 10 | This email address is invalid 11 | This password is too short 12 | This password is incorrect 13 | This field is required 14 | CFI - Compétition Formation Informatique 15 | 16 | -------------------------------------------------------------------------------- /powerPacker/README.md: -------------------------------------------------------------------------------- 1 | # powerPacked 2 | 3 | > reverse 4 | 5 | Author: [jorkanofaln](https://github.com/jorkanofaln) 6 | 7 | a packed powerpc 32bit compiled using anti-debugging 8 | 9 | 10 | ## Setup 11 | 12 | Add challenge to the challenge repository 13 | 14 | ## Writeup 15 | 16 | Open the binary in Hopper Disassembler in order to reverse engineer it. 17 | 18 | Try to find the _main_ function. 19 | 20 | Since the main function, doesn't exist scroll at the bottom of the disassembly page to find the packer used to obfuscate/pack the binary. 21 | 22 | Then unpack the binary using the `upx -d` command. 23 | 24 | Open the unpacked binary in Hopper. 25 | 26 | Go to the _main_ function 27 | 28 | Continue Analyzing the dissambled code 29 | 30 | find the the `0xffffe` number 31 | 32 | substract it to the first string 33 | 34 | There you have the flag! `CFI{i_love_powerpc}` 35 | 36 | -------------------------------------------------------------------------------- /magic_word/web/index.php: -------------------------------------------------------------------------------- 1 | 2 | 22 | 23 | 24 | 25 | Magic Word 26 | 27 | 28 |

Hacking is all about thinking outside the box

29 |

Try to reach get_mad_and_give_flag()

30 | View the source 31 | 32 | 33 | 34 | -------------------------------------------------------------------------------- /hacking-tool/src/tool.rb: -------------------------------------------------------------------------------- 1 | require 'base64' 2 | 3 | class Tool 4 | def self.decode_base64(message) 5 | Base64.decode64(message) 6 | end 7 | 8 | def self.encode_base64(message) 9 | Base64.encode64(message) 10 | end 11 | 12 | def self.encode_hexadecimal(message) 13 | message.unpack('H*')[0] 14 | end 15 | 16 | def self.decode_hexadecimal(message) 17 | [message].pack('H*') 18 | end 19 | 20 | def self.md5(message) 21 | Digest::MD5.hexdigest(message) 22 | end 23 | 24 | def self.sha1(message) 25 | Digest::SHA1.hexdigest(message) 26 | end 27 | 28 | def self.sha2(message) 29 | Digest::SHA2.hexdigest(message) 30 | end 31 | 32 | def self.exposed_methods 33 | %i[ 34 | encode_base64 35 | decode_base64 36 | encode_hexadecimal 37 | decode_hexadecimal 38 | md5 39 | sha1 40 | sha2 41 | ] 42 | end 43 | end 44 | -------------------------------------------------------------------------------- /FlagCollection/src/android/app/src/main/java/com/flagcollection/ValidateFlag3Package.java: -------------------------------------------------------------------------------- 1 | package com.flagcollection; 2 | 3 | import com.facebook.react.ReactPackage; 4 | import com.facebook.react.bridge.NativeModule; 5 | import com.facebook.react.bridge.ReactApplicationContext; 6 | import com.facebook.react.uimanager.ViewManager; 7 | 8 | import java.util.ArrayList; 9 | import java.util.Collections; 10 | import java.util.List; 11 | 12 | public class ValidateFlag3Package implements ReactPackage { 13 | 14 | @Override 15 | public List createViewManagers(ReactApplicationContext reactContext) { 16 | return Collections.emptyList(); 17 | } 18 | 19 | @Override 20 | public List createNativeModules(ReactApplicationContext reactContext) { 21 | List modules = new ArrayList<>(); 22 | 23 | modules.add(new ValidateFlag3(reactContext)); 24 | 25 | return modules; 26 | } 27 | 28 | } -------------------------------------------------------------------------------- /awesome-cats/src/robots.txt: -------------------------------------------------------------------------------- 1 | # http://www.robotstxt.org/ 2 | 3 | User-agent: * 4 | 5 | Allow: index.html 6 | 7 | # Add pages under construction to start indexing them. 8 | Allow: cats-best.html 9 | Allow: cats-cute.html 10 | Allow: cats-fat.html 11 | Allow: cats-and-mouse.html 12 | 13 | # Hide old versions. 14 | Disallow: /index-last.html 15 | Disallow: /index-very-last.html 16 | Disallow: /index2.html 17 | Disallow: /index3.html 18 | Disallow: /index4.html 19 | 20 | # Hide dev. stuff. 21 | Disallow: /README.md 22 | Disallow: /LICENSE 23 | Disallow: /src/assets/stylesheets/*.scss 24 | 25 | # Hide blast from the past. 26 | Disallow: /static/assets/images/dog-* 27 | Disallow: /index-old.html 28 | Disallow: /old/index.html 29 | 30 | # I don't want bots to index my private stuff. 31 | Disallow: /secret/notes.md 32 | Disallow: /secret/secret.md 33 | Disallow: /secret/todo.md 34 | Disallow: /secret/journal.md 35 | Disallow: /secret/javascript.html -------------------------------------------------------------------------------- /unix_drive/README.md: -------------------------------------------------------------------------------- 1 | # UnixDrive 2 | 3 | > forensics 4 | 5 | Author: [jorkanofaln](https://github.com/jorkanofaln) 6 | 7 | A Captured ext2 formatted drive with hidden files 8 | 9 | 10 | ## Writeup 11 | 12 | Download the archive in a Kali Linux Virtual Machine and complete the following steps as root: 13 | 14 | Extract the archive using the following command: `tar -xvf UnixDrive.tar.xz` 15 | 16 | Install the `libewf` package on kali linux: `apt install ewf-tools` 17 | 18 | Open a Terminal and type the following commands: 19 | 20 | ```shell 21 | mkdir /mnt/E01Drive/ 22 | 23 | ewfmount unixDrive.E01 /mnt/E01Drive/ 24 | 25 | cd /mnt/E01Drive/ 26 | 27 | fdisk -l ewf1 28 | 29 | mkdir /mnt/dd 30 | 31 | mount -o ro,loop,offset=1048576 ewf1 /mnt/dd/ 32 | 33 | cd /mnt/dd 34 | 35 | ls -lah 36 | 37 | cd .private 38 | 39 | ls -lah 40 | 41 | cat .flag.txt 42 | ``` 43 | 44 | There you have the flag! `FLAG: CFI{Hidden_F1l3s_F0ld3rs_D3c3pt1on}` 45 | -------------------------------------------------------------------------------- /awesome-cats/src/index-2.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 🐈 Awesome Cats 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 |
16 |
17 |

About

18 |

Cats are so awesome we decided to create this website in their honor.

19 | 20 |
21 |
22 | 23 | 24 | -------------------------------------------------------------------------------- /awesome-cats/src/secret/nodes.md: -------------------------------------------------------------------------------- 1 | # My notes 2 | 3 | ## PHP 4 | 5 | > https://learnxinyminutes.com/docs/php/ 6 | 7 | ``` 8 | https://www.w3schools.com/sql/ 28 | 29 | SQL is a standard language for storing, manipulating and retrieving data in databases. 30 | 31 | Our SQL tutorial will teach you how to use SQL in: MySQL, SQL Server, MS Access, Oracle, Sybase, Informix, Postgres, and other database systems. 32 | 33 | ```SQL 34 | SELECT * FROM Customers; 35 | ``` 36 | -------------------------------------------------------------------------------- /awesome-cats/src/cats-fat.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Best Cats | ⚠️ Under Construction 6 | 7 | 8 | 9 | 10 | 11 |
12 |
13 |

⚠️ Under Construction

14 |
15 | Chubby cats coming soon. 16 | 17 | 18 |
19 | 20 |
21 |
22 | 23 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/build/intermediates/lint-cache/maven.google/com/android/support/test/espresso/group-index.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /FlagCollection/src/.gitignore: -------------------------------------------------------------------------------- 1 | # OSX 2 | # 3 | .DS_Store 4 | 5 | # Xcode 6 | # 7 | build/ 8 | *.pbxuser 9 | !default.pbxuser 10 | *.mode1v3 11 | !default.mode1v3 12 | *.mode2v3 13 | !default.mode2v3 14 | *.perspectivev3 15 | !default.perspectivev3 16 | xcuserdata 17 | *.xccheckout 18 | *.moved-aside 19 | DerivedData 20 | *.hmap 21 | *.ipa 22 | *.xcuserstate 23 | project.xcworkspace 24 | 25 | # Android/IntelliJ 26 | # 27 | build/ 28 | .idea 29 | .gradle 30 | local.properties 31 | *.iml 32 | 33 | # node.js 34 | # 35 | node_modules/ 36 | npm-debug.log 37 | yarn-error.log 38 | 39 | # BUCK 40 | buck-out/ 41 | \.buckd/ 42 | *.keystore 43 | 44 | # fastlane 45 | # 46 | # It is recommended to not store the screenshots in the git repo. Instead, use fastlane to re-generate the 47 | # screenshots whenever they are needed. 48 | # For more information about the recommended setup visit: 49 | # https://docs.fastlane.tools/best-practices/source-control/ 50 | 51 | */fastlane/report.xml 52 | */fastlane/Preview.html 53 | */fastlane/screenshots 54 | 55 | # Bundle artifact 56 | *.jsbundle 57 | -------------------------------------------------------------------------------- /cheese-factory/generate-database.php: -------------------------------------------------------------------------------- 1 | prepare($sql); 14 | $result = $statement->execute(); 15 | var_dump($result); 16 | 17 | $raw = file_get_contents("./cheeses.json"); 18 | $cheeses = json_decode($raw, true); 19 | 20 | foreach ($cheeses as $cheese) { 21 | $sql = 'INSERT INTO cheeses (name, description, image, secret) VALUES (:name, :description, :image, :secret);'; 22 | $statement = $db->prepare($sql); 23 | $statement->bindValue(':name', $cheese['name'], SQLITE3_TEXT); 24 | $statement->bindValue(':description', $cheese['description'], SQLITE3_TEXT); 25 | $statement->bindValue(':image', $cheese['image'], SQLITE3_TEXT); 26 | $statement->bindValue(':secret', $cheese['secret'], SQLITE3_INTEGER); 27 | $result = $statement->execute(); 28 | var_dump($result); 29 | } 30 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/AndroidManifest.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 5 | 12 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 CFIUL 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /FlagCollection/src/android/app/src/main/AndroidManifest.xml: -------------------------------------------------------------------------------- 1 | 3 | 4 | 5 | 6 | 7 | 13 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /FlagCollection/src/android/build.gradle: -------------------------------------------------------------------------------- 1 | // Top-level build file where you can add configuration options common to all sub-projects/modules. 2 | 3 | buildscript { 4 | repositories { 5 | jcenter() 6 | maven { 7 | url 'https://maven.google.com/' 8 | name 'Google' 9 | } 10 | } 11 | dependencies { 12 | classpath 'com.android.tools.build:gradle:3.0.1' 13 | 14 | // NOTE: Do not place your application dependencies here; they belong 15 | // in the individual module build.gradle files 16 | } 17 | } 18 | 19 | allprojects { 20 | repositories { 21 | mavenLocal() 22 | jcenter() 23 | maven { 24 | // All of React Native (JS, Obj-C sources, Android binaries) is installed from npm 25 | url "$rootDir/../node_modules/react-native/android" 26 | } 27 | maven { 28 | url 'https://maven.google.com/' 29 | name 'Google' 30 | } 31 | } 32 | } 33 | 34 | ext { 35 | buildToolsVersion = "26.0.3" 36 | minSdkVersion = 16 37 | compileSdkVersion = 26 38 | targetSdkVersion = 26 39 | supportLibVersion = "26.1.0" 40 | } 41 | -------------------------------------------------------------------------------- /FlagCollection/src/android/gradle.properties: -------------------------------------------------------------------------------- 1 | # Project-wide Gradle settings. 2 | 3 | # IDE (e.g. Android Studio) users: 4 | # Gradle settings configured through the IDE *will override* 5 | # any settings specified in this file. 6 | 7 | # For more details on how to configure your build environment visit 8 | # http://www.gradle.org/docs/current/userguide/build_environment.html 9 | 10 | # Specifies the JVM arguments used for the daemon process. 11 | # The setting is particularly useful for tweaking memory settings. 12 | # Default value: -Xmx10248m -XX:MaxPermSize=256m 13 | # org.gradle.jvmargs=-Xmx2048m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8 14 | 15 | # When configured, Gradle will run in incubating parallel mode. 16 | # This option should only be used with decoupled projects. More details, visit 17 | # http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects 18 | # org.gradle.parallel=true 19 | 20 | android.useDeprecatedNdk=true 21 | android.enableAapt2=false 22 | MYAPP_RELEASE_STORE_FILE=my-release-key.keystore 23 | MYAPP_RELEASE_KEY_ALIAS=my-key-alias 24 | MYAPP_RELEASE_STORE_PASSWORD=cfiulrocks 25 | MYAPP_RELEASE_KEY_PASSWORD=cfiulrocks -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/google-services.json: -------------------------------------------------------------------------------- 1 | { 2 | "project_info": { 3 | "project_number": "863748069969", 4 | "firebase_url": "https://cfi-event.firebaseio.com", 5 | "project_id": "cfi-event", 6 | "storage_bucket": "cfi-event.appspot.com" 7 | }, 8 | "client": [ 9 | { 10 | "client_info": { 11 | "mobilesdk_app_id": "1:863748069969:android:1329eb2ac460e226", 12 | "android_client_info": { 13 | "package_name": "com.sagold.cfievent" 14 | } 15 | }, 16 | "oauth_client": [ 17 | { 18 | "client_id": "863748069969-b7d0spv2gm57u45e99rg90lgc2klmhbq.apps.googleusercontent.com", 19 | "client_type": 3 20 | } 21 | ], 22 | "api_key": [ 23 | { 24 | "current_key": "AIzaSyDxqGP3iBzGKPI5UDOsIIqmAFLR_Y_wXew" 25 | } 26 | ], 27 | "services": { 28 | "analytics_service": { 29 | "status": 1 30 | }, 31 | "appinvite_service": { 32 | "status": 1, 33 | "other_platform_oauth_client": [] 34 | }, 35 | "ads_service": { 36 | "status": 2 37 | } 38 | } 39 | } 40 | ], 41 | "configuration_version": "1" 42 | } -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/res/values/styles.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 12 | 13 | 17 | 18 | 23 | 24 | 26 | 27 | 28 | 29 |
30 |

Welcome to the CFI

31 |
32 |

Do you want another flag ???

33 |
34 |

I think you do! ✯⸜(ّᶿ̷ധّᶿ̷)⸝✯

35 |
36 |
37 |

Ok then... Click here to get your flag! (-o⌒)

38 |
39 | Get the flag! 40 |
41 | 42 | 43 | -------------------------------------------------------------------------------- /cheese-factory/src/README.md: -------------------------------------------------------------------------------- 1 | # The Cheese Factory 2 | 3 | Very easy to setup the website. The cheeses are stored in an SQLite database. 4 | 5 | ## Requirements 6 | 7 | - PHP 8 | 9 | ## Config 10 | 11 | The entry point of the website is `./index.php`. 12 | 13 | Modify config values in `./application/config/config.php`. 14 | 15 | - error reporting level 16 | - database path 17 | - pages 18 | - default page 19 | - security 20 | - etc. 21 | 22 | 23 | ### Current config recap 24 | 25 | 26 | 27 | $config = array(); 28 | 29 | // Environment 30 | // $config['environment'] = 'production'; 31 | $config['environment'] = 'development'; 32 | 33 | // Security 34 | $config['secure'] = true; 35 | 36 | // Error reporting. 37 | if ($config['environment'] === 'production') { 38 | ini_set('display_errors', 0); 39 | error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT & ~E_USER_NOTICE & ~E_USER_DEPRECATED); 40 | } 41 | 42 | 43 | // Database. 44 | $config['database-path'] = dirname(__FILE__) . '/../database/the-cheese-factory.db'; 45 | $config['db'] = new SQLite3($config['database-path']); 46 | 47 | // Pages 48 | $config['pages'] = array('home.php', 'about.php', 'contact.php'); 49 | $config['default-page'] = $config['pages'][0]; 50 | -------------------------------------------------------------------------------- /FlagCollection/src/solution.js: -------------------------------------------------------------------------------- 1 | function validateFlag2 (flag) { 2 | const isOdd = (number) => (number & 1) 3 | let encryptedFlag = [] 4 | let change = 2 5 | for (var i = 0; i < flag.length; i++) { 6 | if (isOdd(i)) { 7 | change += 13 8 | } else { 9 | change -= (flag.length % 9) 10 | } 11 | let value = flag.charCodeAt(i) + change 12 | encryptedFlag.push(value) 13 | } 14 | return encryptedFlag.join(',') === '64,80,78,141,124,124,123,151,144,141,134,166,146,158,148,172,158,192,166,197,176,204,190,210,209,201,206,229,204,232,228,246,220,253,234,245,258,268,250,262,282' 15 | } 16 | 17 | // console.log(validateFlag2("CFI{obfuscated_javascript_is_not_secured}")); 18 | 19 | var codes = '64,80,78,141,124,124,123,151,144,141,134,166,146,158,148,172,158,192,166,197,176,204,190,210,209,201,206,229,204,232,228,246,220,253,234,245,258,268,250,262,282'.split(',').map(function (i) { 20 | return parseInt(i) 21 | }) 22 | 23 | var flag = '' 24 | var something = 2 25 | for (var i = 0; i < codes.length; i++) { 26 | // Is odd? 27 | if (1 & i) { 28 | something += 13 29 | } else { 30 | // Flag length is the codes length. 31 | something -= codes.length % 9 32 | } 33 | var character = String.fromCharCode(codes[i] - something) 34 | flag += character 35 | } 36 | 37 | console.log(flag) 38 | -------------------------------------------------------------------------------- /equation_solving/README.md: -------------------------------------------------------------------------------- 1 | # equation_solving 2 | 3 | > programming 4 | 5 | Author: [filedesless](https://github.com/filedesless) 6 | 7 | The user is presented with an equation with missing operators. He has to find a combination of operators satisfying the given equation. 8 | 9 | 10 | ## Setup 11 | 12 | Requirements: 13 | - docker 14 | 15 | Start: 16 | 17 | ```shell 18 | docker-compose up 19 | ``` 20 | 21 | ## Writeup 22 | 23 | Example for the socket code can be found in `src/solution.py`. The "logic" is in the `solve()` function in `src/equation.py`. 24 | 25 | It's basically a brute force of all the possible operator combinations 26 | 27 | ```python 28 | from itertools import product 29 | # ... 30 | 31 | def solve(chall): 32 | s, _, goal = chall.partition(" => ") 33 | comb = product(ops.values(), repeat=s.count("?")) 34 | for guess in comb: 35 | i = iter(guess) 36 | attempt = "".join([ c if c is not "?" else next(i) for c in s ]) 37 | e = Expression.fromstring(attempt) 38 | try: 39 | if int(e) == int(goal): 40 | break 41 | except ZeroDivisionError: 42 | pass 43 | ``` 44 | 45 | Here `Expression.fromstring()` parses the string into an `Expression`, basically a binary tree where each nodes has an operator and two sub-expressions left and right. 46 | -------------------------------------------------------------------------------- /FlagCollection/src/android/app/src/main/java/com/flagcollection/MainApplication.java: -------------------------------------------------------------------------------- 1 | package com.flagcollection; 2 | 3 | import android.app.Application; 4 | 5 | import com.facebook.react.ReactApplication; 6 | import com.facebook.react.ReactNativeHost; 7 | import com.facebook.react.ReactPackage; 8 | import com.facebook.react.shell.MainReactPackage; 9 | import com.facebook.soloader.SoLoader; 10 | 11 | import java.util.Arrays; 12 | import java.util.List; 13 | 14 | public class MainApplication extends Application implements ReactApplication { 15 | 16 | private final ReactNativeHost mReactNativeHost = new ReactNativeHost(this) { 17 | @Override 18 | public boolean getUseDeveloperSupport() { 19 | return BuildConfig.DEBUG; 20 | } 21 | 22 | @Override 23 | protected List getPackages() { 24 | return Arrays.asList( 25 | new MainReactPackage(), 26 | new ValidateFlag3Package() 27 | ); 28 | } 29 | 30 | @Override 31 | protected String getJSMainModuleName() { 32 | return "index"; 33 | } 34 | }; 35 | 36 | @Override 37 | public ReactNativeHost getReactNativeHost() { 38 | return mReactNativeHost; 39 | } 40 | 41 | @Override 42 | public void onCreate() { 43 | super.onCreate(); 44 | SoLoader.init(this, /* native exopackage */ false); 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /awesome-cats/src/index-3.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 🐈 Awesome Cats 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 |
16 |
17 |

About

18 | 19 | 
20 |           /\___/\
21 |          ( o   o )
22 |          (  =^=  )
23 |          (        )
24 |          (         )
25 |          (          )))))))))))
26 |
27 |

Cats are so awesome we decided to create this website in their honor.

28 |

I only ❤️ cats

29 |

Cats are the kings of the animal kingdom.

30 | 31 | 32 |
33 |
34 | 35 | 36 | -------------------------------------------------------------------------------- /magic_word/README.md: -------------------------------------------------------------------------------- 1 | # Magic Word 2 | 3 | > web 4 | 5 | Author: [corb3nik](https://github.com/Corb3nik) 6 | 7 | Hacking is all about thinking outside the box. 8 | 9 | Can you figure out this simple puzzle? 10 | 11 | http://localhost:17001 12 | 13 | 14 | ## Setup 15 | 16 | Requirements: 17 | - docker 18 | 19 | Start: 20 | 21 | ```shell 22 | docker-compose up 23 | ``` 24 | 25 | ## Writeup 26 | 27 | This challenge demonstrates a very common bypass that you can find in webapp security. 28 | 29 | The gist of the challenge is the following : 30 | - The app takes a word from the user through the `?magic_word=` argument. 31 | - It then replaces all instances of `bumfuzzle` with an empty string 32 | - Finally, it checks if `bumfuzzle` is still there, even after the replacements. 33 | 34 | This is the behavior described above : 35 | ``` 36 | preg_replace("/bumfuzzle/", "", "hello") // Returns "hello" 37 | preg_replace("/bumfuzzle/", "", "hellobumfuzzle") // Returns "hello" 38 | preg_replace("/bumfuzzle/", "", "bumfasdfuzzle") // Returns "bumfasdfuzzle" 39 | ``` 40 | 41 | Since `bumfuzzle` is removed, a simple trick we can use is to embed `bumfuzzle` inside `bumfuzzle`. 42 | 43 | The solution is the following : 44 | ``` 45 | preg_replace("/bumfuzzle/", "", "bumfbumfuzzleuzzle") // Returns "bumfuzzle" 46 | ``` 47 | 48 | You can find the flag by visiting this URL : `http://localhost:17001/?magic_word=bumfbumfuzzleuzzle`. 49 | -------------------------------------------------------------------------------- /FlagCollection/src/src/FlagValidator.js: -------------------------------------------------------------------------------- 1 | import { NativeModules } from 'react-native'; 2 | import { Buffer } from 'buffer' 3 | 4 | function validateFlag1 (flag) { 5 | const encryptedFlag = 'Q0ZJe2Jhc2U2NF9pc19ub3Rfc2VjdXJlfQ==' 6 | const decryptedFlag = Buffer.from(encryptedFlag, 'base64').toString('ascii') 7 | return decryptedFlag === flag 8 | } 9 | 10 | function validateFlag2 (flag) { 11 | const isOdd = (number) => (number & 1) 12 | let encryptedFlag = [] 13 | let change = 2 14 | for (var i = 0; i < flag.length; i++) { 15 | if (isOdd(i)) { 16 | change += 13 17 | } else { 18 | change -= (flag.length % 9) 19 | } 20 | let value = flag.charCodeAt(i) + change 21 | encryptedFlag.push(value) 22 | } 23 | return encryptedFlag.join(',') === '64,80,78,141,124,124,123,151,144,141,134,166,146,158,148,172,158,192,166,197,176,204,190,210,209,201,206,229,204,232,228,246,220,253,234,245,258,268,250,262,282' 24 | } 25 | 26 | function validateFlag3 (flag) { 27 | return new Promise((resolve) => { 28 | NativeModules.ValidateFlag3.validate(flag, (valid) => { 29 | resolve(valid) 30 | }) 31 | }) 32 | } 33 | 34 | export function validateFlag (flag) { 35 | return validateFlag3(flag) 36 | .then((valid) => { 37 | if (valid) return true 38 | return [validateFlag1, validateFlag2].some((validationFunction) => { 39 | return validationFunction(flag) 40 | }) 41 | }) 42 | } -------------------------------------------------------------------------------- /assets/fontawesome-fonts.css: -------------------------------------------------------------------------------- 1 | @import url('https://use.fontawesome.com/releases/v5.0.9/css/all.css'); 2 | 3 | @font-face { 4 | font-family: 'Font Awesome 5 Brands Offline'; 5 | font-style: normal; 6 | font-weight: normal; 7 | src: url("webfonts/fa-brands-400.eot"); 8 | src: url("webfonts/fa-brands-400.eot?#iefix") format("embedded-opentype"), url("webfonts/fa-brands-400.woff2") format("woff2"), url("webfonts/fa-brands-400.woff") format("woff"), url("webfonts/fa-brands-400.ttf") format("truetype"), url("webfonts/fa-brands-400.svg#fontawesome") format("svg"); } 9 | 10 | @font-face { 11 | font-family: 'Font Awesome 5 Free Offline'; 12 | font-style: normal; 13 | font-weight: 400; 14 | src: url("webfonts/fa-regular-400.eot"); 15 | src: url("webfonts/fa-regular-400.eot?#iefix") format("embedded-opentype"), url("webfonts/fa-regular-400.woff2") format("woff2"), url("webfonts/fa-regular-400.woff") format("woff"), url("webfonts/fa-regular-400.ttf") format("truetype"), url("webfonts/fa-regular-400.svg#fontawesome") format("svg"); } 16 | 17 | @font-face { 18 | font-family: 'Font Awesome 5 Free Offline'; 19 | font-style: normal; 20 | font-weight: 900; 21 | src: url("webfonts/fa-solid-900.eot"); 22 | src: url("webfonts/fa-solid-900.eot?#iefix") format("embedded-opentype"), url("webfonts/fa-solid-900.woff2") format("woff2"), url("webfonts/fa-solid-900.woff") format("woff"), url("webfonts/fa-solid-900.ttf") format("truetype"), url("webfonts/fa-solid-900.svg#fontawesome") format("svg"); } -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/build.gradle: -------------------------------------------------------------------------------- 1 | apply plugin: 'com.android.application' 2 | 3 | apply plugin: 'kotlin-android' 4 | 5 | apply plugin: 'kotlin-android-extensions' 6 | 7 | android { 8 | compileSdkVersion 27 9 | defaultConfig { 10 | applicationId "com.sagold.cfievent" 11 | minSdkVersion 21 12 | targetSdkVersion 27 13 | versionCode 1 14 | versionName "1.0" 15 | testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner" 16 | } 17 | buildTypes { 18 | release { 19 | minifyEnabled false 20 | proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro' 21 | } 22 | } 23 | } 24 | 25 | dependencies { 26 | implementation fileTree(dir: 'libs', include: ['*.jar']) 27 | implementation "org.jetbrains.kotlin:kotlin-stdlib-jre7:$kotlin_version" 28 | implementation 'com.android.support:appcompat-v7:27.1.1' 29 | implementation 'com.android.support:design:27.1.1' 30 | implementation 'com.android.support.constraint:constraint-layout:1.1.0' 31 | implementation 'com.google.firebase:firebase-core:16.0.0' 32 | implementation 'com.google.firebase:firebase-firestore:17.0.4' 33 | 34 | testImplementation 'junit:junit:4.12' 35 | androidTestImplementation 'com.android.support.test:runner:1.0.2' 36 | androidTestImplementation 'com.android.support.test.espresso:espresso-core:3.0.2' 37 | } 38 | 39 | apply plugin: 'com.google.gms.google-services' 40 | -------------------------------------------------------------------------------- /dayjavous/web/index.php: -------------------------------------------------------------------------------- 1 | allowed = false; 24 | $data = encrypt(json_encode($struct)); 25 | setcookie("auth", $data); 26 | } else { 27 | $struct = json_decode(decrypt($_COOKIE['auth'])); 28 | } 29 | ?> 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 |
38 |

39 | allowed) && $struct->allowed === true) { 41 | ?> 42 |
43 | 46 |
You are not allowed to view the flag.
47 | 50 | 51 |
52 |
53 | View the source 54 |
55 | 56 | 57 | -------------------------------------------------------------------------------- /FlagCollection/src/src/FlagList.js: -------------------------------------------------------------------------------- 1 | import React, { Component } from 'react' 2 | import { FlatList, StyleSheet, View, Text } from 'react-native' 3 | import PropTypes from 'prop-types' 4 | 5 | export default class FlagList extends Component { 6 | renderItem = ({ item }) => { 7 | return ( 8 | 9 | {item} 10 | 11 | ) 12 | } 13 | 14 | ListEmptyComponent = () => { 15 | return ( 16 | 17 | You have no flag in your collection yet. 18 | 19 | ) 20 | } 21 | 22 | render () { 23 | const { flags } = this.props 24 | return ( 25 | 26 | item} 29 | renderItem={this.renderItem} 30 | ListEmptyComponent={this.ListEmptyComponent}/> 31 | 32 | ) 33 | } 34 | } 35 | 36 | FlagList.propTypes = { 37 | flags: PropTypes.array.isRequired 38 | } 39 | 40 | const styles = StyleSheet.create({ 41 | container: { 42 | flex: 1, 43 | flexDirection: 'row', 44 | backgroundColor: '#4e4e4e', 45 | margin: 16, 46 | padding: 8 47 | }, 48 | emptyListText: { 49 | textAlign: 'center', 50 | color: '#fff', 51 | fontSize: 16, 52 | marginBottom: 5, 53 | }, 54 | flag: { 55 | textAlign: 'center', 56 | color: '#fff', 57 | marginBottom: 5, 58 | fontSize: 16, 59 | fontFamily: 'monospace' 60 | }, 61 | }) -------------------------------------------------------------------------------- /FlagCollection/src/src/App.js: -------------------------------------------------------------------------------- 1 | import React, { Component } from 'react'; 2 | import { Image, StyleSheet, Text, View } from 'react-native'; 3 | import FlagList from './FlagList' 4 | import SubmitFlagButton from './SubmitFlagButton' 5 | 6 | const logoPath = '../assets/images/logo.png' 7 | 8 | export default class App extends Component { 9 | constructor (props) { 10 | super(props) 11 | 12 | this.state = { 13 | flags: [] 14 | } 15 | } 16 | 17 | onSubmitSuccess = (flag) => { 18 | this.setState({ 19 | flags: this.state.flags.concat([ flag ]) 20 | }) 21 | } 22 | 23 | render() { 24 | const { flags } = this.state 25 | return ( 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | ); 34 | } 35 | } 36 | 37 | const styles = StyleSheet.create({ 38 | container: { 39 | flex: 1, 40 | justifyContent: 'space-between', 41 | alignItems: 'center', 42 | backgroundColor: '#0e0e0e', 43 | paddingTop: 16, 44 | paddingBottom: 16 45 | }, 46 | section: { 47 | flex: 1, 48 | justifyContent: 'center', 49 | alignItems: 'center', 50 | padding: 8 51 | }, 52 | text: { 53 | textAlign: 'center', 54 | color: '#fff', 55 | marginBottom: 5, 56 | }, 57 | logo: { 58 | width: 222, 59 | height: 288 60 | } 61 | }) 62 | -------------------------------------------------------------------------------- /Labyrinth/src/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from __future__ import annotations 4 | from maze import RandomMaze 5 | import os, socketserver, threading 6 | import solver 7 | 8 | HOST, PORT = "0.0.0.0", int(os.environ.get("PORT", 24001)) 9 | flag = open('flag', 'r').readline() 10 | 11 | ''' 12 | Main componnent, presents the maze to the user and 13 | verify its answer 14 | ''' 15 | 16 | class ThreadedTCPRequestHandler(socketserver.StreamRequestHandler): 17 | def handle(self): 18 | m = RandomMaze(89, 51) 19 | self.wfile.write(b"You have 2 seconds to send back a valid path between S and E\n") 20 | self.wfile.write(b"(ex: RIGHT,RIGHT,RIGHT,DOWN,RIGHT,RIGHT,UP,UP,UP,UP,UP,LEFT)\n") 21 | self.wfile.write(f"{m}\n\n".encode()) 22 | 23 | self.data = self.rfile.readline().strip() 24 | print(f"{self.client_address[0]} wrote: {self.data.decode()}") 25 | result = solver.follow_path(m, self.data.decode()) 26 | if result is not None and result.val == "E": 27 | print("Success!") 28 | self.wfile.write(f"{flag}\n".encode()) 29 | else: 30 | print("Failure!") 31 | self.wfile.write(b"Wrong path; Try harder\n") 32 | 33 | class ThreadedTCPServer(socketserver.ThreadingMixIn, socketserver.TCPServer): 34 | pass 35 | 36 | if __name__ == "__main__": 37 | server = ThreadedTCPServer((HOST, PORT), ThreadedTCPRequestHandler) 38 | server_thread = threading.Thread(target=server.serve_forever) 39 | server_thread.start() 40 | print("Server loop running in thread:", server_thread.name) 41 | -------------------------------------------------------------------------------- /serverless_cfi_λ/solution/words: -------------------------------------------------------------------------------- 1 | imbrutement 2 | brag 3 | Fuligula 4 | affectation 5 | parisyllabic 6 | furomethyl 7 | bowet 8 | Emydinae 9 | impredicable 10 | lumbodynia 11 | northwestern 12 | specialization 13 | krausen 14 | assentation 15 | overfoolishly 16 | writhed 17 | repost 18 | wizardlike 19 | diffuseness 20 | superfibrination 21 | Glycine 22 | betulinic 23 | ascaron 24 | oocyst 25 | musily 26 | fishtail 27 | cacoeconomy 28 | unrepealable 29 | founder 30 | overfearfully 31 | Mitridae 32 | shorts 33 | Globulariaceae 34 | salvage 35 | uniformly 36 | relodge 37 | unheroically 38 | depositary 39 | freighter 40 | Ervipiame 41 | laud 42 | antidotary 43 | semisilica 44 | unlassoed 45 | parablastic 46 | pycnite 47 | brinish 48 | insectary 49 | accouter 50 | unshrine 51 | straining 52 | ashrafi 53 | undepressible 54 | unintentionalness 55 | Tiwaz 56 | nonbase 57 | akule 58 | shrog 59 | Comanche 60 | fitchee 61 | untine 62 | Sorbian 63 | megatherian 64 | presbyterially 65 | nettlebed 66 | pandemian 67 | witnesser 68 | hydrograph 69 | dicyclist 70 | deformism 71 | paranete 72 | quinoa 73 | teethless 74 | indesert 75 | Cariyo 76 | bailiffry 77 | subdepressed 78 | dhoni 79 | teethlike 80 | wocheinite 81 | credibility 82 | professively 83 | miswish 84 | chichi 85 | acromyodous 86 | Nazaritish 87 | undersluice 88 | chophouse 89 | aeolistic 90 | Barundi 91 | clubfellow 92 | archtyrant 93 | neurodendrite 94 | angioparalytic 95 | torpidly 96 | strippage 97 | unfusibleness 98 | megaprosopous 99 | marketing 100 | cancrisocial 101 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/java/com/sagold/cfievent/InformationActivity.kt: -------------------------------------------------------------------------------- 1 | package com.sagold.cfievent 2 | 3 | import android.os.Bundle 4 | import android.support.v7.app.AppCompatActivity 5 | 6 | import kotlinx.android.synthetic.main.activity_information.* 7 | import com.google.firebase.firestore.FirebaseFirestore 8 | import com.google.firebase.firestore.QueryDocumentSnapshot 9 | import kotlinx.android.synthetic.main.content_information_activity.* 10 | 11 | 12 | class InformationActivity : AppCompatActivity() { 13 | private val db = FirebaseFirestore.getInstance() 14 | 15 | companion object { 16 | const val IS_ADMIN = "IS_ADMIN" 17 | } 18 | 19 | override fun onCreate(savedInstanceState: Bundle?) { 20 | super.onCreate(savedInstanceState) 21 | setContentView(R.layout.activity_information) 22 | 23 | if (intent.getBooleanExtra(IS_ADMIN, false)) { 24 | showLoginFlag() 25 | } 26 | } 27 | 28 | private fun showLoginFlag() { 29 | db.collection("FLAG") 30 | .get() 31 | .addOnCompleteListener { 32 | if (it.isSuccessful) { 33 | for (document: QueryDocumentSnapshot in it.result) { 34 | if (document.id == "LOGIN") { 35 | showMessage(document.data["KEY"] as String) 36 | } 37 | } 38 | } else { 39 | showMessage("Error getting documents.") 40 | } 41 | } 42 | } 43 | 44 | private fun showMessage(message: String) { 45 | messageTextView.text = message 46 | } 47 | } -------------------------------------------------------------------------------- /awesome-cats/README.md: -------------------------------------------------------------------------------- 1 | # awesome-cats 🐈 2 | 3 | > web 4 | 5 | Author: [lilc4t](https://github.com/masterT) 6 | 7 | My collection of awesome cats. 8 | 9 | http://localhost:12001/ 10 | 11 | 12 | ## Setup 13 | 14 | Requirements: 15 | - docker 16 | 17 | Start: 18 | 19 | ```shell 20 | docker-compose up 21 | ``` 22 | 23 | ## Writeup 24 | 25 | Go to the `/index.html`, check the source code. 26 | 27 | Nothing interesting. 28 | 29 | Visit the other pages accessible from `/index.html`, check the source code. 30 | 31 | Nothing interesting either. 32 | 33 | Do some reconnaissance and you'll find the `robots.txt`: 34 | 35 | ``` 36 | # http://www.robotstxt.org/ 37 | 38 | User-agent: * 39 | 40 | Allow: index.html 41 | 42 | # Add pages under construction to start indexing them. 43 | Allow: cats-best.html 44 | Allow: cats-cute.html 45 | Allow: cats-fat.html 46 | Allow: cats-and-mouse.html 47 | 48 | # Hide old versions. 49 | Disallow: /index-last.html 50 | Disallow: /index-very-last.html 51 | Disallow: /index2.html 52 | Disallow: /index3.html 53 | Disallow: /index4.html 54 | 55 | # Hide dev. stuff. 56 | Disallow: /README.md 57 | Disallow: /LICENSE 58 | Disallow: /src/assets/stylesheets/*.scss 59 | 60 | # Hide blast from the past. 61 | Disallow: /static/assets/images/dog-* 62 | Disallow: /index-old.html 63 | Disallow: /old/index.html 64 | 65 | # I don't want bots to index my private stuff. 66 | Disallow: /secret/notes.md 67 | Disallow: /secret/secret.md 68 | Disallow: /secret/todo.md 69 | Disallow: /secret/journal.md 70 | Disallow: /secret/javascript.html 71 | ``` 72 | 73 | The flag is in the `/secret/journal.md`: 74 | 75 | `CFI{nothing_sensitive_goes_in_robots.txt}` 76 | -------------------------------------------------------------------------------- /fuck/README.md: -------------------------------------------------------------------------------- 1 | # Fuck 2 | 3 | > web 4 | 5 | Author: [corb3nik](https://github.com/Corb3nik) 6 | 7 | This is the most secure login form on earth. 8 | 9 | We use SECURITY BY OBSCURITY in order to prevent hackers from finding our flags. 10 | 11 | I dare you to login : http://localhost:17002 12 | 13 | ## Setup 14 | 15 | Requirements: 16 | - docker 17 | 18 | Start: 19 | 20 | ```shell 21 | docker-compose up 22 | ``` 23 | 24 | ## Writeup 25 | 26 | This challenge requires us to find the username/password used in the login form. 27 | 28 | When checking the source code of the HTML page, you'll see the following function. 29 | 30 | ``` 31 | function validate() { 32 | [][(![]+[])[+[]]+([![]] ... 33 | } 34 | ``` 35 | 36 | At first, this doesn't seem like valid JavaScript. In fact, this is obfuscated 37 | JavaScript resulting directly from a tool called [JSFuck](http://www.jsfuck.com/). 38 | 39 | The gist of JSFuck is : using only 6 characters, we can create any character/string. It is also possible to obtain various objects/constructors through these same 40 | 6 characters. This allows us to create full working JavaScript scripts using only 6 chars. 41 | 42 | You can see how its done here : https://github.com/aemkei/jsfuck/blob/master/jsfuck.js 43 | 44 | To solve the challenge, we can paste the challenge script 45 | into [JSUnfuck](http://codertab.com/JsUnFuck), revealing the following code : 46 | 47 | ``` 48 | if (document.forms[0].username.value == "corb3nik" && document.forms[0].password.value == "chickenachos") document.location = "4d4932602a75414640946d38ea6fefbf.php" 49 | ``` 50 | 51 | The flag is located at http://localhost:17002/4d4932602a75414640946d38ea6fefbf.php 52 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/res/layout/content_information_activity.xml: -------------------------------------------------------------------------------- 1 | 2 | 10 | 11 | 12 | 23 | 24 | 36 | 37 | 38 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/app.py: -------------------------------------------------------------------------------- 1 | from flask import Flask, render_template, request 2 | from tempfile import NamedTemporaryFile, TemporaryDirectory 3 | from subprocess import run 4 | from json import dumps 5 | 6 | app = Flask(__name__) 7 | 8 | @app.route('/', methods = ['GET', 'POST']) 9 | def index(): 10 | if request.method == "GET": 11 | return render_template("index.html") 12 | 13 | code = request.form['code'] 14 | with TemporaryDirectory() as d: 15 | with NamedTemporaryFile(suffix=".hs", dir=d, delete=False) as f: 16 | f.write(code.encode()) 17 | f.flush() 18 | out = run(["ghc", "-o", f"{d}/out", f.name], capture_output=True, cwd=d) 19 | if out.returncode != 0: 20 | ret = {"returncode": out.returncode, "stdout": out.stdout.decode(), "stderr": out.stderr.decode()} 21 | return dumps(ret, indent=4) 22 | 23 | for i in range(10): 24 | test = open(f"tests/input/{i}") 25 | out = run(f"{d}/out", capture_output=True, stdin=test, cwd=d) 26 | expected = "".join(open(f"tests/output/{i}").readlines()) 27 | if out.stdout.decode().strip() != expected.strip(): 28 | test.seek(0) 29 | ret = { 30 | "returncode": out.returncode, 31 | "stdin": "".join(test.readlines()), 32 | "stdout": out.stdout.decode(), 33 | "stderr": out.stderr.decode(), 34 | "expected": expected 35 | } 36 | return dumps(ret, indent=4) 37 | 38 | return dumps(open('flag').readline()) 39 | 40 | 41 | if __name__ == '__main__': 42 | app.run(host="0.0.0.0") 43 | -------------------------------------------------------------------------------- /FlagCollection/src/android/app/src/main/java/com/flagcollection/ValidateFlag3.java: -------------------------------------------------------------------------------- 1 | package com.flagcollection; 2 | 3 | import com.facebook.react.bridge.NativeModule; 4 | import com.facebook.react.bridge.ReactApplicationContext; 5 | import com.facebook.react.bridge.ReactContext; 6 | import com.facebook.react.bridge.ReactContextBaseJavaModule; 7 | import com.facebook.react.bridge.ReactMethod; 8 | import com.facebook.react.bridge.Callback; 9 | 10 | import android.util.Base64; 11 | import android.util.Log; 12 | 13 | public class ValidateFlag3 extends ReactContextBaseJavaModule { 14 | private static final String[] compositeKey = new String[]{ 15 | "hUZAf9gFIARRFTAvKRDs8A==", "gp9jPELztMsd51Ih81gO0Q==" 16 | }; 17 | private static final String flag3 = "RJ9qOOqa7pAinT19vyuQRHOGSi3FnPW5La0BYb4tnw=="; 18 | 19 | public ValidateFlag3(ReactApplicationContext reactContext) { 20 | super(reactContext); 21 | } 22 | 23 | @Override 24 | public String getName() { 25 | return "ValidateFlag3"; 26 | } 27 | 28 | public byte[] getKey () { 29 | byte[] parts0 = Base64.decode(compositeKey[0], Base64.NO_WRAP); 30 | byte[] parts1 = Base64.decode(compositeKey[1], Base64.NO_WRAP); 31 | byte[] key = new byte[parts0.length]; 32 | for (int i = 0; i < parts1.length; i++) { 33 | key[i] = (byte) (parts0[i] ^ parts1[i]); 34 | } 35 | return key; 36 | } 37 | 38 | @ReactMethod 39 | public void validate(String flag, Callback callback) { 40 | byte[] key = getKey(); 41 | byte[] encryptedFlag = flag.getBytes(); 42 | for (int i = 0; i < encryptedFlag.length; i++){ 43 | int keyOffset = i % key.length; 44 | encryptedFlag[i] = (byte) (encryptedFlag[i] ^ key[keyOffset]); 45 | } 46 | Boolean valid = flag3.equals(Base64.encodeToString(encryptedFlag, Base64.NO_WRAP)); 47 | callback.invoke(valid); 48 | } 49 | } -------------------------------------------------------------------------------- /FlagCollection/src/android/app/BUCK: -------------------------------------------------------------------------------- 1 | # To learn about Buck see [Docs](https://buckbuild.com/). 2 | # To run your application with Buck: 3 | # - install Buck 4 | # - `npm start` - to start the packager 5 | # - `cd android` 6 | # - `keytool -genkey -v -keystore keystores/debug.keystore -storepass android -alias androiddebugkey -keypass android -dname "CN=Android Debug,O=Android,C=US"` 7 | # - `./gradlew :app:copyDownloadableDepsToLibs` - make all Gradle compile dependencies available to Buck 8 | # - `buck install -r android/app` - compile, install and run application 9 | # 10 | 11 | lib_deps = [] 12 | 13 | for jarfile in glob(['libs/*.jar']): 14 | name = 'jars__' + jarfile[jarfile.rindex('/') + 1: jarfile.rindex('.jar')] 15 | lib_deps.append(':' + name) 16 | prebuilt_jar( 17 | name = name, 18 | binary_jar = jarfile, 19 | ) 20 | 21 | for aarfile in glob(['libs/*.aar']): 22 | name = 'aars__' + aarfile[aarfile.rindex('/') + 1: aarfile.rindex('.aar')] 23 | lib_deps.append(':' + name) 24 | android_prebuilt_aar( 25 | name = name, 26 | aar = aarfile, 27 | ) 28 | 29 | android_library( 30 | name = "all-libs", 31 | exported_deps = lib_deps, 32 | ) 33 | 34 | android_library( 35 | name = "app-code", 36 | srcs = glob([ 37 | "src/main/java/**/*.java", 38 | ]), 39 | deps = [ 40 | ":all-libs", 41 | ":build_config", 42 | ":res", 43 | ], 44 | ) 45 | 46 | android_build_config( 47 | name = "build_config", 48 | package = "com.flagcollection", 49 | ) 50 | 51 | android_resource( 52 | name = "res", 53 | package = "com.flagcollection", 54 | res = "src/main/res", 55 | ) 56 | 57 | android_binary( 58 | name = "app", 59 | keystore = "//android/keystores:debug", 60 | manifest = "src/main/AndroidManifest.xml", 61 | package_type = "debug", 62 | deps = [ 63 | ":app-code", 64 | ], 65 | ) 66 | -------------------------------------------------------------------------------- /cheese-factory/cheeses.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "name": "Roquefort", 4 | "description": "Roquefort is a sheep milk cheese from the south of France, and together with Bleu d'Auvergne, Stilton, and Gorgonzola is one of the world's best known blue cheeses.", 5 | "image": "https://upload.wikimedia.org/wikipedia/commons/thumb/b/bf/Wikicheese_-_Roquefort_-_20150417_-_003.jpg/1920px-Wikicheese_-_Roquefort_-_20150417_-_003.jpg", 6 | "secret": 0 7 | }, 8 | { 9 | "name": "Camembert", 10 | "description": "Camembert is a moist, soft, creamy, surface-ripened cow's milk cheese. It was first made in the late 18th century at Camembert, Normandy, in northern France.", 11 | "image": "https://upload.wikimedia.org/wikipedia/commons/4/4d/Camembert_%28Cheese%29.jpg", 12 | "secret": 0 13 | }, 14 | { 15 | "name": "Mozzarella", 16 | "description": "Mozzarella is a traditionally southern Italian cheese made from Italian buffalo's milk by the pasta filata method. Mozzarella received a Traditional Specialities Guaranteed certification from the European Union in 1998.", 17 | "image": "https://upload.wikimedia.org/wikipedia/commons/5/57/Mozzarella_di_bufala3.jpg", 18 | "secret": 0 19 | }, 20 | { 21 | "name": "Gouda", 22 | "description": "Gouda is a mild, yellow cheese made from cow's milk. It is one of the most popular cheeses worldwide. The name is used today as a general term for numerous similar cheeses produced in the traditional Dutch manner.", 23 | "image": "https://upload.wikimedia.org/wikipedia/commons/thumb/f/fb/Smoked_gouda_cheese.jpg/800px-Smoked_gouda_cheese.jpg", 24 | "secret": 0 25 | }, 26 | { 27 | "name": "Secret Cheese", 28 | "description": "The most delicious cheese. Made with the secret ingredient CFI{local_file_inclusion_tastes_so_good}.", 29 | "image": "https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Red_flag_waving.svg/249px-Red_flag_waving.svg.png", 30 | "secret": 1 31 | } 32 | ] 33 | -------------------------------------------------------------------------------- /cheese-factory/db.sqlite: -------------------------------------------------------------------------------- 1 | SQLite format 3@ .Y 2 | ����P++Ytablesqlite_sequencesqlite_sequenceCREATE TABLE sqlite_sequence(name,seq)�A�YtablecheesescheesesCREATE TABLE cheeses ( 3 | id INTEGER PRIMARY KEY AUTOINCREMENT, 4 | name TEXT NOT NULL UNIQUE, 5 | description TEXT NOT NULL, 6 | image TEXT NOT NULL, 7 | secret TINYINT NOT NULL 8 | )-Aindexsqlite_autoindex_cheeses_1cheeses 9 |  10 | �� 11 | � t 12 | ��'A�c Secret CheeseThe most delicious cheese.https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Red_flag_waving.svg/249px-Red_flag_waving.svg.png�Q�7�kGoudaGouda is a mild, yellow cheese made from cow's milk. It is one of the most popular cheeses worldwide. The name is used today as a general term for numerous similar cheeses produced in the traditional Dutch manner.https://upload.wikimedia.org/wikipedia/commons/thumb/f/fb/Smoked_gouda_cheese.jpg/800px-Smoked_gouda_cheese.jpg�:!�C�'MozzarellaMozzarella is a traditionally southern Italian cheese made from Italian buffalo's milk by the pasta filata method. Mozzarella received a Traditional Specialities Guaranteed certification from the European Union in 1998.https://upload.wikimedia.org/wikipedia/commons/5/57/Mozzarella_di_bufala3.jpg�|�G�)CamembertCamembert is a moist, soft, creamy, surface-ripened cow's milk cheese. It was first made in the late 18th century at Camembert, Normandy, in northern France.https://upload.wikimedia.org/wikipedia/commons/4/4d/Camembert_%28Cheese%29.jpg�M�U�=RoquefortRoquefort is a sheep milk cheese from the south of France, and together with Bleu d'Auvergne, Stilton, and Gorgonzola is one of the world's best known blue cheeses.https://upload.wikimedia.org/wikipedia/commons/thumb/b/bf/Wikicheese_-_Roquefort_-_20150417_-_003.jpg/1920px-Wikicheese_-_Roquefort_-_20150417_-_003.jpg 13 | ������'Secret Cheese Gouda!Mozzarella 14 | Camembert  Roquefort 15 | �� cheeses 16 | -------------------------------------------------------------------------------- /windows_xp_mem_part1/README.md: -------------------------------------------------------------------------------- 1 | # Windows_XP_mem_part_1 2 | 3 | > forensics 4 | 5 | Author: [jorkanofaln](https://github.com/jorkanofaln) 6 | 7 | A Windows XP SP3 memory capture with some secrets. 8 | 9 | 10 | ## Writeup 11 | 12 | Use `tar -xvf memSecret.tar.xz` to extract the memory capture file 13 | 14 | Use the volatility to find out which profile to use: `volatility imageinfo -f winxpMem.mem` 15 | 16 | ``` 17 | Output: 18 | Volatility Foundation Volatility Framework 2.6 19 | INFO : volatility.debug : Determining profile based on KDBG search... 20 | Suggested Profile(s) : WinXPSP2x86, WinXPSP3x86 (Instantiated with WinXPSP2x86) 21 | AS Layer1 : IA32PagedMemoryPae (Kernel AS) 22 | AS Layer2 : FileAddressSpace (/home/jorkano/Data/winxpMem.mem) 23 | PAE type : PAE 24 | DTB : 0x334000L 25 | KDBG : 0x80545ae0L 26 | Number of Processors : 1 27 | Image Type (Service Pack) : 3 28 | KPCR for CPU 0 : 0xffdff000L 29 | KUSER_SHARED_DATA : 0xffdf0000L 30 | Image date and time : 2018-05-20 21:32:21 UTC+0000 31 | Image local date and time : 2018-05-20 17:32:21 -0400 32 | 33 | Use the notepad plugin to extract the image's secrets: 34 | Output: 35 | Volatility Foundation Volatility Framework 2.6 36 | Process: 3740 37 | Text: 38 | Ask Commander Shepperd for help 39 | Steal a clone, from a rich and powerful person 40 | Here is my secret: 41 | Volatility Foundation Volatility Framework 2.6 42 | Process: 3740 43 | Text: 44 | ? 45 | 46 | Text: 47 | d 48 | 49 | Text: 50 |  51 | 52 | Text: 53 | ? 54 | 55 | Text: 56 | Ask Commander Shepperd for help 57 | Steal a clone, from a rich and powerful person 58 | Here is my secret: 59 | CFI{Notepad_0riana_secret_is_ins3cur3} 60 | ``` 61 | 62 | There you have the flag! `CFI{Notepad_0riana_secret_is_ins3cur3}` 63 | -------------------------------------------------------------------------------- /Congolexicomatisation/README.md: -------------------------------------------------------------------------------- 1 | # Congolexicomatisation 2 | 3 | Me and my friends are testing out that new crypto system. 4 | It is RSA based but use that super duper prime number generator made by the first congolese scholar. 5 | Just like Eddy Malou, this prime generator repeats itself, **a lot**. Maybe too much for cryptographic applications? 6 | 7 | In order to make sure it's secure, I encrypted 50 variants of our secret message using 50 public keys. 8 | Can you find the two vulnerable keys, retrieve their private key and decrypt their message? 9 | 10 | > crypto 11 | 12 | ## Setup 13 | 14 | If you want to generate random challenge, randomize the seed. 15 | 1. Run challenge.py to generate 50 ciphers and their 50 public keys 16 | 2. Zip the challenge folder and upload it. Two of the public keys share a prime. Which one does is random. 17 | For the current seed, it is key35 and key39 18 | 19 | ## Writeup 20 | 21 | We are provided with many cipher texts and the public keys used to encrypt them. 22 | There is a good hint in the challenge description stating that the number generator repeats itself. 23 | If it repeats primes used in the keypair, we can break two keys that share this repeated prime. 24 | By using the Euclidean algorithm for GCD (greater common divisor), if we find two factors between two public keys modulus that are not `1`, we definitively know that they share this prime. 25 | 26 | We load all modulus into an array and try to find a GCD that is not one. Pretty fast, we find this prime that is used in key35 and key39 27 | 28 | `230017159194752100203407138276965345342141092280537395159590297592543645444449` 29 | 30 | By dividing both modulus by this prime, we find the respective other prime. From there, we just have to generate a new keypair to find both private keys. 31 | 32 | We decrypt both messages and find the flag, padded with random characters. 33 | 34 | `CFI{yo_mama_never_told_you_to_use_decent_prng_boy??}` 35 | 36 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 2018 CFI CTF 2 | 3 | > September 24 00:01 to October 1 23:59 4 | 5 | Source code files and writeups of the **2018 CFI CTF**'s challenges. 6 | 7 | :triangular_flag_on_post: Flag format: `CFI\{[a-zA-Z0-9_]+\}` 8 | 9 | 10 | ## Scoreboard 11 | 12 | [http://cfiul.ca/2018-CFI-CTF/](http://cfiul.ca/2018-CFI-CTF/) 13 | 14 | 15 | ## Challenges by category 16 | 17 | - Programming 18 | - [Maths](./maths/) 19 | - [Guess the Number](./guess_the_number/) 20 | - [Labyrinth](./Labyrinth/) 21 | - [Serverless CFI λ](./serverless_cfi_λ/) 22 | - [Equation Solving](./equation_solving/) 23 | 24 | - Web 25 | - [Awesome Cats](./awesome-cats/) 26 | - [Hacking Tool](./hacking-tool/) 27 | - [EZ Flag](./ez_flag_cfi/) 28 | - [Magic Word](./magic_word/) 29 | - [Fuck](./fuck/) 30 | - [Cheese Factory](./cheese-factory/) 31 | 32 | - Mobile 33 | - [CFI-in-Kotlin](./CFI-in-Kotlin/) 34 | - [FlagCollection Part 1](./FlagCollection/) 35 | - [FlagCollection Part 2](./FlagCollection/) 36 | - [FlagCollection Part 3](./FlagCollection/) 37 | 38 | - Crypto 39 | - [Hercule](./hercule/) 40 | - [Dayjavous](./dayjavous/) 41 | - [Congolexicomatisation](./Congolexicomatisation/) 42 | - [Chinese Food](./Chinese_Food/) 43 | - [Thirteen Steps](./thirteen-steps/) 44 | 45 | - Forensics 46 | - [Web Logon Capture](./WebLogon-capture/) 47 | - [Kadyrov's Cat](./kadyrov_cat/) 48 | - [Windows XP Memory Part 1](./windows_xp_mem_part1/) 49 | - [Windows XP Memory Part 2](./windows_xp_mem_part2/) 50 | - [Unix Drive](./unix_drive/) 51 | 52 | - Reverse 53 | - [Intro to PE](./introToPe/) 54 | - [PowerPacker](./powerPacker/) 55 | - [Automated Reversing](./automated_reversing/) 56 | 57 | - Reverse 58 | - [Intro to PE](./introToPe/) 59 | - [PowerPacker](./powerPacker/) 60 | - [Automated Reversing](./automated_reversing/) 61 | 62 | - Final 63 | - [SOHOpelesslyBroken](./SOHOpelesslyBroken/) 64 | 65 | 66 | ## License 67 | 68 | MIT 69 | -------------------------------------------------------------------------------- /serverless_cfi_λ/README.md: -------------------------------------------------------------------------------- 1 | # serverless\_cfi\_λ 2 | 3 | > programming 4 | 5 | Author: [filedesless](https://github.com/filedesless) 6 | 7 | This is a Haskell programming challenge. The user is required to make a small program that sorts given words (line by line, from stdin) by the sum of their characters' ASCII values, and output them line by line to stdout. You can test your code in the web interface by pressing `submit` and the input, expected output, and actual output of your program will be sent back to you, or any compilation error that might have occured. 8 | 9 | 10 | ## Setup 11 | 12 | Requirements: 13 | - docker 14 | 15 | Start: 16 | 17 | ```shell 18 | docker-compose up 19 | ``` 20 | 21 | ## Writeup 22 | 23 | Here's an example solution: 24 | 25 | ```haskell 26 | import Data.List( sortOn ) 27 | 28 | -- computes the value of a given string 29 | value :: String -> Int 30 | value line = sum $ map fromEnum line 31 | 32 | -- sort input lines by their value 33 | main = interact $ unlines . sortOn value . lines 34 | ``` 35 | 36 | Uses the `interact` function which takes a `String -> String` function as a parameters, and applies it to stdin before outputting its result to stdout. The function passed to it (via the `$` right-associative function application operator) is the composition (via the `.` operator) `unlines . sortOn value . lines`. 37 | 38 | `unlines` and `lines` are opposite functions, of respective types `[String] -> String` and `String -> [String]`, and are equivalent to `join` and `split` in other languages. 39 | 40 | `sortOn` of type `Ord b => (a -> b) -> [a] -> [a]` from the module `Data.List` sorts a given list based on the application of a given function to all elements of the given list, provided said function returns an orderable. 41 | 42 | The function used to sort here is `value`, it does the required task of computing the sum of the ASCII values of the characthers composing a given word. 43 | 44 | 45 | refs: 46 | 47 | * https://www.haskell.org/hoogle/ 48 | * http://learnyouahaskell.com/chapters 49 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/app/src/main/res/drawable-v24/ic_launcher_foreground.xml: -------------------------------------------------------------------------------- 1 | 7 | 12 | 13 | 19 | 22 | 25 | 26 | 27 | 28 | 34 | 35 | -------------------------------------------------------------------------------- /automated_reversing/generator.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | from pwn import * 4 | from random import * 5 | 6 | text = """ 7 | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim. Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu. In enim justo, rhoncus ut, imperdiet a, venenatis vitae, justo. Nullam dictum felis eu pede mollis pretium. Integer tincidunt. Cras dapibus. The flag is CFI{1s_th1s_4_pr0g_ch4ll_0r_4_r3ve3se_ch4ll?}. Aenean vulputate eleifend tellus. Aenean leo ligula, porttitor eu, consequat vitae, eleifend ac, enim. I stole this idea directly from Defcon Quals 2016. Phasellus viverra nulla ut metus varius laoreet. Quisque rutrum. Aenean imperdiet. Etiam ultricies nisi vel augue. Curabitur ullamcorper ultricies nisi. Nam eget dui. Etiam rhoncus. Maecenas tempus, tellus eget condimentum rhoncus, sem quam semper libero, sit amet adipiscing sem neque sed ipsum. 8 | """ 9 | 10 | context(arch='amd64') 11 | 12 | for i, c in enumerate(text): 13 | operator = ["xor", "sub", "add"][randint(0, 2)] 14 | key = randint(1, 100) 15 | 16 | if operator == "xor": 17 | check = (ord(c) ^ key) & 0xff 18 | 19 | if operator == "sub": 20 | check = (ord(c) - key) & 0xff 21 | 22 | if operator == "add": 23 | check = (ord(c) + key) & 0xff 24 | 25 | code = """ 26 | push 0 27 | push 5 28 | mov rdi, rsp 29 | mov rax, 0x23 30 | syscall 31 | pop rax 32 | pop rax 33 | mov rax, [rsp + 0x10] 34 | mov dl, byte ptr [rax] 35 | {} dl, {} 36 | cmp dl, {} 37 | jne error 38 | mov rdi, 0 39 | mov rax, 0x3c 40 | syscall 41 | error: 42 | mov rdi, 1 43 | mov rax, 0x3c 44 | syscall 45 | """.format(operator, key, check) 46 | 47 | with open("binaries/binary{}".format(i), "w") as f: 48 | elf = make_elf(asm(code)) 49 | f.write(elf) 50 | 51 | -------------------------------------------------------------------------------- /SOHOpelesslyBroken/challenge_files/login.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | #define ToHex(Y) (Y>='0'&&Y<='9'?Y-'0':Y-'A'+10) 6 | 7 | const char *html = "

%s

"; 8 | char query_string[4096] = { 0 }; 9 | int login_enabled = 0; 10 | 11 | 12 | void getParam(const char *name, char *value) { 13 | char *pos1 = strstr(query_string, name); 14 | 15 | if (pos1) { 16 | pos1 += strlen(name); 17 | 18 | if (*pos1 == '=') { // Make sure there is an '=' where we expect it 19 | pos1++; 20 | 21 | while (*pos1 && *pos1 != '&') { 22 | 23 | // Convert it to a single ASCII character and store at our Valueination 24 | if (*pos1 == '%') { 25 | *value++ = (char)ToHex(pos1[1]) * 16 + ToHex(pos1[2]); 26 | pos1 += 3; 27 | } else if ( *pos1=='+' ) { 28 | // If it's a '+', store a space at our Valueination 29 | *value++ = ' '; 30 | pos1++; 31 | } else { 32 | // Otherwise, just store the character at our Valueination 33 | *value++ = *pos1++; } 34 | } 35 | 36 | *value++ = '\0'; 37 | return; 38 | } 39 | } 40 | strcpy(value, "undefined"); // If param not found, then use default parameter 41 | return; 42 | } 43 | 44 | 45 | int main(int argc, char *argv[]) { 46 | 47 | int is_valid = 0; 48 | char username[0x20] = { 0 }; 49 | char password[0x20] = { 0 }; 50 | 51 | // Headers 52 | printf("Content-Type: text/html\n\n"); 53 | 54 | strncpy(query_string, getenv("QUERY_STRING"), 4095); 55 | getParam("username", username); 56 | getParam("password", password); 57 | 58 | if (login_enabled == 1) { 59 | if (strcmp(username, "admin") == 0 && strcmp(password, "password") == 0) { 60 | is_valid = 0x41424344; 61 | } 62 | } 63 | 64 | if (is_valid == 0x41424344) { 65 | printf(html, "Login successful. Here is your flag : "); 66 | fflush(stdout); 67 | system("/print_flag"); 68 | } else { 69 | printf(html, "Login incorrect."); 70 | } 71 | 72 | return 0; 73 | } 74 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/README.md: -------------------------------------------------------------------------------- 1 | # CFI-in-Kotlin 2 | 3 | > mobile 4 | 5 | Author: [sagold](https://github.com/Sag0ld) 6 | 7 | Q-Q-Q-Q-uack? 8 | CFI has is first mobile Apppp! 9 | Try to get his se-se-se-cret 10 | Try to be M-M-Me 11 | To wi-n-n-n... Experieeence? 12 | QUACKKKK! 13 | 14 | 15 | ## Writeup 16 | 17 | For the CFI-in-Kotlin challenge, 18 | you need a tool to extract data from cfi-event.apk 19 | You can use jadx or apktool to extract your data, but I prefer jadx for his simplicity. 20 | 21 | ``` bash 22 | jadx -d cfi-event cfi-event.apk 23 | ``` 24 | 25 | When you're done extracting the .apk, you can navigate into your folder to find the source code. 26 | If you are use to mobile application, the standard package name always begin with: 27 | > com... 28 | 29 | With that being said, it's easy to find the main source code. 30 | 31 | There, we see something that we're not use to. Extracting apk is rarely clean as when we develop an application. 32 | - Kotlin have many feature to reduce the number of code we write. 33 | - jadx split inner classes and anonymous classes into $$. 34 | 35 | method-name: refer to the method containing anonymous or innerClass. 36 | number: is to specified which class it's. 37 | 38 | Whit that being said, in this challenge we see LoginActivity and InformationActivity as mainClass. 39 | 40 | As the challenge description say, « Try to be Me », we can assume that we need to do something related to the creator. 41 | Like we said earlier we have a LoginActivity... ~~Odd isn't it ?~~ 42 | 43 | If we read the LoginActivity, we can find some errors of extracting data, but you can also see the logic behind the app. 44 | And most important, variable! We have dummy credential! 45 | 46 | > Email: alerionMascot@CFIUL.com 47 | > Password: HappyFirstYear 48 | 49 | With those email and password you can maybe... be the creator!? 50 | 51 | Now, install the cfi-event app in you emulator or phone. (You can see in the androidManisfest.xml file which version you need to run the app.) 52 | Let's sign in with the cred we found in the LoginActivity. 53 | 54 | With a internet connection, the flag will appear under the CFI logo. 55 | 56 | > Flag: CFI{DOUMMY_creeeeeddddd_issSoFriENDlieee_QUACKKKK} 57 | 58 | I hope you liked this challenge. 59 | -------------------------------------------------------------------------------- /assets/utils.js: -------------------------------------------------------------------------------- 1 | //http://stackoverflow.com/a/1186309 2 | $.fn.serializeObject = function() 3 | { 4 | var o = {}; 5 | var a = this.serializeArray(); 6 | $.each(a, function() { 7 | if (o[this.name] !== undefined) { 8 | if (!o[this.name].push) { 9 | o[this.name] = [o[this.name]]; 10 | } 11 | o[this.name].push(this.value || ''); 12 | } else { 13 | o[this.name] = this.value || ''; 14 | } 15 | }); 16 | return o; 17 | }; 18 | 19 | 20 | //http://stackoverflow.com/a/2648463 - wizardry! 21 | String.prototype.format = String.prototype.f = function() { 22 | var s = this, 23 | i = arguments.length; 24 | 25 | while (i--) { 26 | s = s.replace(new RegExp('\\{' + i + '\\}', 'gm'), arguments[i]); 27 | } 28 | return s; 29 | }; 30 | 31 | //http://stackoverflow.com/a/7616484 32 | String.prototype.hashCode = function() { 33 | var hash = 0, i, chr, len; 34 | if (this.length == 0) return hash; 35 | for (i = 0, len = this.length; i < len; i++) { 36 | chr = this.charCodeAt(i); 37 | hash = ((hash << 5) - hash) + chr; 38 | hash |= 0; // Convert to 32bit integer 39 | } 40 | return hash; 41 | }; 42 | 43 | function colorhash(str) { 44 | var hash = 0; 45 | for (var i = 0; i < str.length; i++) { 46 | hash = str.charCodeAt(i) + ((hash << 5) - hash); 47 | } 48 | var colour = '#'; 49 | for (var i = 0; i < 3; i++) { 50 | var value = (hash >> (i * 8)) & 0xFF; 51 | colour += ('00' + value.toString(16)).substr(-2); 52 | } 53 | return colour; 54 | } 55 | 56 | function htmlentities(string) { 57 | return $('
').text(string).html(); 58 | } 59 | 60 | // http://stepansuvorov.com/blog/2014/04/jquery-put-and-delete/ 61 | jQuery.each(["patch", "put", "delete"], function(i, method) { 62 | jQuery[method] = function(url, data, callback, type) { 63 | if (jQuery.isFunction(data)) { 64 | type = type || callback; 65 | callback = data; 66 | data = undefined; 67 | } 68 | 69 | return jQuery.ajax({ 70 | url: url, 71 | type: method, 72 | dataType: type, 73 | data: data, 74 | success: callback 75 | }); 76 | }; 77 | }); 78 | -------------------------------------------------------------------------------- /serverless_cfi_λ/frontend/templates/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | serverless_cfi_λ 5 | 6 | 7 | 16 | 17 | 18 | 19 |

Serverless CFI λ

20 | 21 |

Your goal is to make a simple haskell program that sorts line separated words received from the standard input by the sum of the ascii value of the characters composing them, and outputs the sorted words on the standard output

22 | 23 |
24 | 25 | 27 |
28 | 29 |
30 | 31 |
32 | 33 |
34 |
35 | 36 | 37 | 38 | 39 | 58 | 59 | 60 | -------------------------------------------------------------------------------- /assets/ezq.js: -------------------------------------------------------------------------------- 1 | var modal = ''; 18 | 19 | var progress = '
' + 20 | '
' + 21 | '
' + 22 | '
'; 23 | 24 | function ezal(args){ 25 | var res = modal.format(args.title, args.body); 26 | var obj = $(res); 27 | var button = ''.format(args.button); 28 | 29 | obj.find('.modal-footer').append(button); 30 | $('main').append(obj); 31 | 32 | obj.modal('show'); 33 | 34 | $(obj).on('hidden.bs.modal', function (e) { 35 | $(this).modal('dispose'); 36 | }); 37 | 38 | return obj; 39 | } 40 | 41 | function ezq(args){ 42 | var res = modal.format(args.title, args.body); 43 | var obj = $(res); 44 | var deny = ''; 45 | var confirm = $(''); 46 | 47 | obj.find('.modal-footer').append(deny); 48 | obj.find('.modal-footer').append(confirm); 49 | 50 | $('main').append(obj); 51 | 52 | $(obj).on('hidden.bs.modal', function (e) { 53 | $(this).modal('dispose'); 54 | }); 55 | 56 | $(confirm).click(function(){ 57 | args.success(); 58 | }); 59 | 60 | obj.modal('show'); 61 | 62 | return obj; 63 | } 64 | 65 | function ezpg(args){ 66 | var bar = progress.format(args.width); 67 | var res = modal.format(args.title, bar); 68 | 69 | var obj = $(res); 70 | $('main').append(obj); 71 | 72 | return obj.modal('show'); 73 | } -------------------------------------------------------------------------------- /equation_solving/src/equation.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from operator import add, sub, mul, mod, floordiv as div 4 | from random import choice, randrange 5 | from itertools import product 6 | 7 | ops = { 8 | add: "+", 9 | sub: "-", 10 | mul: "*", 11 | div: "/", 12 | mod: "%" 13 | } 14 | 15 | class Expression: 16 | def __init__(self, op, x, y): 17 | self.x = x 18 | self.y = y 19 | self.op = op 20 | self.value = None 21 | 22 | def __repr__(self): 23 | return f"({self.x} {ops[self.op]} {self.y})" 24 | 25 | def __int__(self): 26 | return self.op(int(self.x), int(self.y)) 27 | 28 | def level(self): 29 | l = self.x.level() if isinstance(self.x, Expression) else 1 30 | r = self.y.level() if isinstance(self.y, Expression) else 1 31 | assert l == r # ensure tree is balanced 32 | return 1 + l 33 | 34 | def fromstring(exp): 35 | mid = len(exp) // 2 36 | if mid is 0: 37 | return int(exp) 38 | op = [ k for k, v in ops.items() if v == exp[mid] ][0] 39 | left = Expression.fromstring(exp[1:mid-1]) 40 | right = Expression.fromstring(exp[mid+2:-1]) 41 | return Expression(op, left, right) 42 | 43 | def exp_tree(depth): 44 | op = choice(list(ops.keys())) 45 | 46 | if depth is 0: 47 | return randrange(10) 48 | 49 | a, b = exp_tree(depth - 1), exp_tree(depth - 1) 50 | while (op is mod or op is div) and int(b) is 0: 51 | b = exp_tree(depth - 1) 52 | 53 | return Expression(op, a, b) 54 | 55 | def challenge(): 56 | e = 0 57 | while int(e) == 0: 58 | e = exp_tree(4) 59 | 60 | s = str(e) 61 | for op in ops.values(): 62 | s = s.replace(op, "?") 63 | 64 | return f"{s} => {int(e)}" 65 | 66 | def solve(chall): 67 | s, _, goal = chall.partition(" => ") 68 | comb = product(ops.values(), repeat=s.count("?")) 69 | for guess in comb: 70 | i = iter(guess) 71 | attempt = "".join([ c if c is not "?" else next(i) for c in s ]) 72 | e = Expression.fromstring(attempt) 73 | try: 74 | if int(e) == int(goal): 75 | break 76 | except ZeroDivisionError: 77 | pass 78 | return e 79 | 80 | if __name__ == "__main__": 81 | chal = challenge() 82 | print(chal) 83 | sol = solve(chal) 84 | print(sol) 85 | -------------------------------------------------------------------------------- /FlagCollection/src/.flowconfig: -------------------------------------------------------------------------------- 1 | [ignore] 2 | ; We fork some components by platform 3 | .*/*[.]android.js 4 | 5 | ; Ignore "BUCK" generated dirs 6 | /\.buckd/ 7 | 8 | ; Ignore unexpected extra "@providesModule" 9 | .*/node_modules/.*/node_modules/fbjs/.* 10 | 11 | ; Ignore duplicate module providers 12 | ; For RN Apps installed via npm, "Libraries" folder is inside 13 | ; "node_modules/react-native" but in the source repo it is in the root 14 | .*/Libraries/react-native/React.js 15 | 16 | ; Ignore polyfills 17 | .*/Libraries/polyfills/.* 18 | 19 | ; Ignore metro 20 | .*/node_modules/metro/.* 21 | 22 | [include] 23 | 24 | [libs] 25 | node_modules/react-native/Libraries/react-native/react-native-interface.js 26 | node_modules/react-native/flow/ 27 | node_modules/react-native/flow-github/ 28 | 29 | [options] 30 | emoji=true 31 | 32 | module.system=haste 33 | module.system.haste.use_name_reducers=true 34 | # get basename 35 | module.system.haste.name_reducers='^.*/\([a-zA-Z0-9$_.-]+\.js\(\.flow\)?\)$' -> '\1' 36 | # strip .js or .js.flow suffix 37 | module.system.haste.name_reducers='^\(.*\)\.js\(\.flow\)?$' -> '\1' 38 | # strip .ios suffix 39 | module.system.haste.name_reducers='^\(.*\)\.ios$' -> '\1' 40 | module.system.haste.name_reducers='^\(.*\)\.android$' -> '\1' 41 | module.system.haste.name_reducers='^\(.*\)\.native$' -> '\1' 42 | module.system.haste.paths.blacklist=.*/__tests__/.* 43 | module.system.haste.paths.blacklist=.*/__mocks__/.* 44 | module.system.haste.paths.blacklist=/node_modules/react-native/Libraries/Animated/src/polyfills/.* 45 | module.system.haste.paths.whitelist=/node_modules/react-native/Libraries/.* 46 | 47 | munge_underscores=true 48 | 49 | module.name_mapper='^[./a-zA-Z0-9$_-]+\.\(bmp\|gif\|jpg\|jpeg\|png\|psd\|svg\|webp\|m4v\|mov\|mp4\|mpeg\|mpg\|webm\|aac\|aiff\|caf\|m4a\|mp3\|wav\|html\|pdf\)$' -> 'RelativeImageStub' 50 | 51 | module.file_ext=.js 52 | module.file_ext=.jsx 53 | module.file_ext=.json 54 | module.file_ext=.native.js 55 | 56 | suppress_type=$FlowIssue 57 | suppress_type=$FlowFixMe 58 | suppress_type=$FlowFixMeProps 59 | suppress_type=$FlowFixMeState 60 | 61 | suppress_comment=\\(.\\|\n\\)*\\$FlowFixMe\\($\\|[^(]\\|(\\(\\)? *\\(site=[a-z,_]*react_native[a-z,_]*\\)?)\\) 62 | suppress_comment=\\(.\\|\n\\)*\\$FlowIssue\\((\\(\\)? *\\(site=[a-z,_]*react_native[a-z,_]*\\)?)\\)?:? #[0-9]+ 63 | suppress_comment=\\(.\\|\n\\)*\\$FlowFixedInNextDeploy 64 | suppress_comment=\\(.\\|\n\\)*\\$FlowExpectedError 65 | 66 | [version] 67 | ^0.75.0 68 | -------------------------------------------------------------------------------- /awesome-cats/src/index-old.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 🐕 Awesome Dogs 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 |
17 |
18 |

Awesome Dogs

19 |
20 |
21 |
22 |
23 | 24 |
25 | Pug picture. 26 |
27 | 28 |
29 | Dog with baby picture. 30 |
31 | 32 |
33 | Doge picture. 34 |
35 | 36 |
37 | Cute dog picture. 38 |
39 |
40 |
41 |
42 |
43 | 44 |
45 |
46 | 
47 |               |\_/|                  
48 |               | @ @   Woof! 
49 |               |   <>              _  
50 |               |  _/\------____ ((| |))
51 |               |               `--' |   
52 |           ____|_       ___|   |___.' 
53 |           /_/_____/____/_______|
54 |
55 | 56 | 57 |
58 |
59 | 60 | 61 | -------------------------------------------------------------------------------- /equation_solving/src/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from equation import challenge, solve, Expression, ops 4 | import os, socketserver, threading, traceback 5 | 6 | HOST, PORT = "0.0.0.0", int(os.environ.get("PORT", 24003)) 7 | flag = open('flag', 'r').readline() 8 | 9 | class ThreadedTCPRequestHandler(socketserver.StreamRequestHandler): 10 | def handle(self): 11 | self.request.settimeout(2) 12 | chal, _, sol = challenge().partition(" => ") 13 | self.wfile.write(b"You have to send back a valid expression solving the given equation\n") 14 | self.wfile.write(b"ex: Given ((((5 ? 1) ? (2 ? 9)) ? ((3 ? 5) ? (0 ? 6))) ? (((3 ? 9) ? (6 ? 3)) ? ((7 ? 1) ? (9 ? 3)))) => -1\n") 15 | self.wfile.write(b"ex: Reply ((((5 + 1) + (2 + 9)) + ((3 + 5) + (0 + 6))) + (((3 + 9) - (6 + 3)) - ((7 + 1) + (9 * 3))))\n") 16 | self.wfile.write(f"{chal} => {sol}\n\n".encode()) 17 | 18 | self.data = self.rfile.readline().strip() 19 | print(f"{self.client_address[0]} wrote: {self.data.decode()}") 20 | try: 21 | result = Expression.fromstring(self.data.decode()) 22 | exp = solve(f"{chal} => {sol}") 23 | assert exp.level() == result.level() 24 | except Exception as e: 25 | traceback.print_exc() 26 | self.wfile.write(b"Invalid expression; Try harder\n") 27 | else: 28 | n1, n2 = len(chal), len(str(result)) 29 | if n1 != n2: 30 | self.wfile.write(b"Invalid expression; Input has wrong size\n") 31 | return 32 | for c1, c2 in zip(str(exp), str(result)): 33 | if c1 != c2 and c2 not in ops.values(): 34 | self.wfile.write(b"Invalid expression; Input mismatch\n") 35 | return 36 | if int(result) == int(sol): 37 | print("Success!") 38 | self.wfile.write(f"Congratulations! {flag}\n".encode()) 39 | else: 40 | print("Failure!") 41 | self.wfile.write(f"Wrong answer ({int(result)} != {int(sol)}); Try harder!\n".encode()) 42 | 43 | class ThreadedTCPServer(socketserver.ThreadingMixIn, socketserver.TCPServer): 44 | allow_reuse_address = True 45 | 46 | if __name__ == "__main__": 47 | server = ThreadedTCPServer((HOST, PORT), ThreadedTCPRequestHandler) 48 | server_thread = threading.Thread(target=server.serve_forever) 49 | server_thread.start() 50 | print("Server loop running in thread:", server_thread.name) 51 | -------------------------------------------------------------------------------- /CFI-in-Kotlin/cfiEvent/gradlew.bat: -------------------------------------------------------------------------------- 1 | @if "%DEBUG%" == "" @echo off 2 | @rem ########################################################################## 3 | @rem 4 | @rem Gradle startup script for Windows 5 | @rem 6 | @rem ########################################################################## 7 | 8 | @rem Set local scope for the variables with windows NT shell 9 | if "%OS%"=="Windows_NT" setlocal 10 | 11 | set DIRNAME=%~dp0 12 | if "%DIRNAME%" == "" set DIRNAME=. 13 | set APP_BASE_NAME=%~n0 14 | set APP_HOME=%DIRNAME% 15 | 16 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 17 | set DEFAULT_JVM_OPTS= 18 | 19 | @rem Find java.exe 20 | if defined JAVA_HOME goto findJavaFromJavaHome 21 | 22 | set JAVA_EXE=java.exe 23 | %JAVA_EXE% -version >NUL 2>&1 24 | if "%ERRORLEVEL%" == "0" goto init 25 | 26 | echo. 27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 28 | echo. 29 | echo Please set the JAVA_HOME variable in your environment to match the 30 | echo location of your Java installation. 31 | 32 | goto fail 33 | 34 | :findJavaFromJavaHome 35 | set JAVA_HOME=%JAVA_HOME:"=% 36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 37 | 38 | if exist "%JAVA_EXE%" goto init 39 | 40 | echo. 41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 42 | echo. 43 | echo Please set the JAVA_HOME variable in your environment to match the 44 | echo location of your Java installation. 45 | 46 | goto fail 47 | 48 | :init 49 | @rem Get command-line arguments, handling Windows variants 50 | 51 | if not "%OS%" == "Windows_NT" goto win9xME_args 52 | 53 | :win9xME_args 54 | @rem Slurp the command line arguments. 55 | set CMD_LINE_ARGS= 56 | set _SKIP=2 57 | 58 | :win9xME_args_slurp 59 | if "x%~1" == "x" goto execute 60 | 61 | set CMD_LINE_ARGS=%* 62 | 63 | :execute 64 | @rem Setup the command line 65 | 66 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 67 | 68 | @rem Execute Gradle 69 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% 70 | 71 | :end 72 | @rem End local scope for the variables with windows NT shell 73 | if "%ERRORLEVEL%"=="0" goto mainEnd 74 | 75 | :fail 76 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 77 | rem the _cmd.exe /c_ return code! 78 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 79 | exit /b 1 80 | 81 | :mainEnd 82 | if "%OS%"=="Windows_NT" endlocal 83 | 84 | :omega 85 | -------------------------------------------------------------------------------- /Labyrinth/src/solver.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from __future__ import annotations 4 | from typing import Optional 5 | from maze import Maze, RandomMaze, Cell 6 | import os 7 | import time 8 | 9 | ''' 10 | module solver: 11 | Simple demonstration of a maze solving algorithm 12 | using iterative depth-first search 13 | ''' 14 | 15 | def solve(m: Maze) -> List[Cell]: 16 | start = [ c for c in m.cells() if c.val is "S" ][0] 17 | stack = [ start ] 18 | 19 | cell = stack.pop() 20 | while cell.val is not "E": 21 | cell.visited = True 22 | neighbors = [ c for c in m.neighbors(cell, 1) 23 | if c.val is not "+" and not c.visited ] 24 | 25 | if len(neighbors) > 0: 26 | stack.append(cell) 27 | stack.append(neighbors[0]) 28 | 29 | cell = stack.pop() 30 | 31 | return stack 32 | 33 | # return the path to solve a maze 34 | def get_path(m: Maze) -> str: 35 | stack, res = solve(m), "" 36 | for i in range(1, len(stack)): 37 | if stack[i].x > stack[i - 1].x: 38 | direction = "RIGHT" 39 | elif stack[i].x < stack[i - 1].x: 40 | direction = "LEFT" 41 | elif stack[i].y < stack[i - 1].y: 42 | direction = "UP" 43 | else: 44 | direction = "DOWN" 45 | res += f"{direction}," 46 | return res + "RIGHT" 47 | 48 | # returns the end cell after following a path or None if the path is invalid 49 | def follow_path(m: Maze, path: str) -> Optional[Cell]: 50 | current = [ c for c in m.cells() if c.val is "S" ][0] 51 | for direction in path.split(','): 52 | if direction == "RIGHT": 53 | x, y = current.x + 1, current.y 54 | elif direction == "LEFT": 55 | x, y = current.x - 1, current.y 56 | elif direction == "UP": 57 | x, y = current.x, current.y - 1 58 | elif direction == "DOWN": 59 | x, y = current.x, current.y + 1 60 | else: 61 | return None 62 | 63 | if current.val == "+" or not m.in_bounds(x, y, 0): 64 | return None 65 | 66 | current = m.cols[x][y] 67 | 68 | return current 69 | 70 | if __name__ == "__main__": 71 | m = RandomMaze(89, 53) 72 | end = follow_path(m, get_path(m)) 73 | assert end is not None and end.val == "E" 74 | 75 | m = RandomMaze(89, 53) 76 | stack = solve(m) 77 | 78 | for cell in stack: 79 | os.system('clear') 80 | m.cols[cell.x][cell.y].val = "-" 81 | print(m) 82 | time.sleep(0.01) 83 | -------------------------------------------------------------------------------- /guess_the_number/README.md: -------------------------------------------------------------------------------- 1 | # Guess the number 2 | 3 | > programming 4 | 5 | Author: [filedesless](https://github.com/filedesless) 6 | 7 | `localhost:24000` 8 | 9 | I'm thinking of a number between 0 and 4294967296 10 | You have 40 tries to guess it 11 | 12 | Here are some interesting reads: 13 | 14 | - https://docs.python.org/3/library/socket.html 15 | - https://en.wikipedia.org/wiki/Algorithm 16 | 17 | 18 | ## Setup 19 | 20 | Requirements: 21 | - docker 22 | 23 | Start: 24 | 25 | ```shell 26 | docker-compose up 27 | ``` 28 | 29 | ## Writeup 30 | 31 | The challenge is a service running on port 24000, the user have to connect to it with a tool like netcat. 32 | 33 | ``` 34 | λ $ nc localhost 24000 35 | I'm thinking of a number x such that 0 <= x <= 4294967296 36 | You have 40 tries to guess it :) 37 | ``` 38 | 39 | A binary search in a range `n = 2**32` can be ran in about `log_2(n)` operations. The idea is to always cut the search space in half like the following pseudo-code1: 40 | 41 | ``` 42 | function binary_search(A, n, T): 43 | L := 0 44 | R := n − 1 45 | while L <= R: 46 | m := floor((L + R) / 2) 47 | if A[m] < T: 48 | L := m + 1 49 | else if A[m] > T: 50 | R := m - 1 51 | else: 52 | return m 53 | return unsuccessful 54 | ``` 55 | 56 | Here's an example of a working python solution; we basically connect to the server, and start guessing in the middle of the search space, lower bound at 0 and upper bound at 2 ** 32. Then we increase the lower bound or decrease the upper bound by half the remaining search space size per iteration. 57 | 58 | ```python 59 | #!/usr/bin/env python3 60 | 61 | import socket 62 | 63 | soc = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 64 | soc.connect(("127.0.0.1", 24000)) 65 | 66 | tries = 0 67 | 68 | res = soc.recv(4096).decode() 69 | print(res) 70 | l, r = 0, 2 ** 32 - 1 71 | 72 | while l <= r and "CFI" not in res: 73 | guess = l + (r - l) // 2 74 | clients_input = f"{guess}".encode() 75 | print(f"> {clients_input}") 76 | 77 | soc.send(clients_input) # we must encode the string to bytes 78 | tries += 1 79 | result_bytes = soc.recv(4096) # the number means how the response can be in bytes 80 | res = result_bytes.decode("utf8") # the return will be in bytes, so decode 81 | print(f"< {res}") 82 | 83 | if "high" in res: 84 | r = guess - 1 85 | elif "low" in res: 86 | l = guess + 1 87 | ``` 88 | 89 | 90 | Here's a flag for your trouble :) 91 | 92 | `CFI{9F1B64A9D28E47B89A110CB360AADABD}` 93 | 94 | 95 | refs: 96 | 97 | 1. https://en.wikipedia.org/wiki/Binary\_search\_algorithm -------------------------------------------------------------------------------- /Chinese_Food/README.md: -------------------------------------------------------------------------------- 1 | # Chinese_Food 2 | 3 | I've sent a few of my friends the secret location of my birthday party. I really don't want the evil Eve to come and crash the party you see. 4 | I sure hope it was a good idea to send the message without any *padding* or *armoring*. 5 | 6 | The three messages are the same. Find a way to retrieve the message without breaking the key. (You can try to break the key if you want, but chances are against you :D) 7 | 8 | > crypto 9 | 10 | ## Setup 11 | 12 | If you want to generate random challenge, randomize the seed. 13 | 14 | Run challenge.py to generate 3 ciphers and their 3 public keys 15 | Zip the challenge folder and upload it. The message is the same in all cipher. 16 | 17 | ## Writeup 18 | 19 | The challenge tells us that all messages are the same, without any armoring. 20 | Furthermore, our public exponent is 3 and we have 3 messages. 21 | This is probably vulnerable to the Chinese Remainder Attack. 22 | 23 | The theorem states that provided you have `n` coprime divisor (the public moduli) and `n` remainder, you can find the base which satisfies the system for all cases. 24 | 25 | This means that by having 3 copies of the same message, encrypted with 3 different public key using 3 as the public exponent, we can decrypt the message. 26 | 27 | This is mostly mathematical, but using the implementation from https://mail.python.org/pipermail/edu-sig/2001-August/001665.html, we can find the value of message^3. 28 | We then only need to find the cube root of the integer to find the decrypted value of the block. 29 | 30 | Since the numbers are big, we can use this simple algorithm to find the integer part of the root as we know it's a perfect cube. 31 | ```python 32 | def root(x,n): 33 | """Finds the integer component of the n'th root of x, 34 | an integer such that y ** n <= x < (y + 1) ** n. 35 | """ 36 | high = 1 37 | while high ** n < x: 38 | high *= 2 39 | low = high/2 40 | while low < high: 41 | mid = (low + high) // 2 42 | if low < mid and mid**n < x: 43 | low = mid 44 | elif high > mid and mid**n > x: 45 | high = mid 46 | else: 47 | return mid 48 | return mid + 1``` 49 | 50 | We then obtain the integer value of the hex encoded ASCII. We can retrieve the original message by doing 51 | `bytearray.fromhex(hex(value)[2:]).decode() 52 | 53 | And we get b'Good job, here is your flag : CFI{this_is_the_reason_we_either_armor_our_message_or_dont_use_3_as_the_public_exponent}. Want a side of dumpling with it?\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c\x1c' 54 | 55 | -------------------------------------------------------------------------------- /FlagCollection/src/android/gradlew.bat: -------------------------------------------------------------------------------- 1 | @if "%DEBUG%" == "" @echo off 2 | @rem ########################################################################## 3 | @rem 4 | @rem Gradle startup script for Windows 5 | @rem 6 | @rem ########################################################################## 7 | 8 | @rem Set local scope for the variables with windows NT shell 9 | if "%OS%"=="Windows_NT" setlocal 10 | 11 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 12 | set DEFAULT_JVM_OPTS= 13 | 14 | set DIRNAME=%~dp0 15 | if "%DIRNAME%" == "" set DIRNAME=. 16 | set APP_BASE_NAME=%~n0 17 | set APP_HOME=%DIRNAME% 18 | 19 | @rem Find java.exe 20 | if defined JAVA_HOME goto findJavaFromJavaHome 21 | 22 | set JAVA_EXE=java.exe 23 | %JAVA_EXE% -version >NUL 2>&1 24 | if "%ERRORLEVEL%" == "0" goto init 25 | 26 | echo. 27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 28 | echo. 29 | echo Please set the JAVA_HOME variable in your environment to match the 30 | echo location of your Java installation. 31 | 32 | goto fail 33 | 34 | :findJavaFromJavaHome 35 | set JAVA_HOME=%JAVA_HOME:"=% 36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 37 | 38 | if exist "%JAVA_EXE%" goto init 39 | 40 | echo. 41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 42 | echo. 43 | echo Please set the JAVA_HOME variable in your environment to match the 44 | echo location of your Java installation. 45 | 46 | goto fail 47 | 48 | :init 49 | @rem Get command-line arguments, handling Windowz variants 50 | 51 | if not "%OS%" == "Windows_NT" goto win9xME_args 52 | if "%@eval[2+2]" == "4" goto 4NT_args 53 | 54 | :win9xME_args 55 | @rem Slurp the command line arguments. 56 | set CMD_LINE_ARGS= 57 | set _SKIP=2 58 | 59 | :win9xME_args_slurp 60 | if "x%~1" == "x" goto execute 61 | 62 | set CMD_LINE_ARGS=%* 63 | goto execute 64 | 65 | :4NT_args 66 | @rem Get arguments from the 4NT Shell from JP Software 67 | set CMD_LINE_ARGS=%$ 68 | 69 | :execute 70 | @rem Setup the command line 71 | 72 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 73 | 74 | @rem Execute Gradle 75 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% 76 | 77 | :end 78 | @rem End local scope for the variables with windows NT shell 79 | if "%ERRORLEVEL%"=="0" goto mainEnd 80 | 81 | :fail 82 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 83 | rem the _cmd.exe /c_ return code! 84 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 85 | exit /b 1 86 | 87 | :mainEnd 88 | if "%OS%"=="Windows_NT" endlocal 89 | 90 | :omega 91 | -------------------------------------------------------------------------------- /thirteen-steps/src/challenge.py: -------------------------------------------------------------------------------- 1 | import logging 2 | from base64 import a85encode, a85decode 3 | from typing import List 4 | 5 | STEPS_AMT: int = 13 6 | 7 | logging.getLogger(__name__).setLevel(logging.DEBUG) 8 | 9 | 10 | def step_encode(text_string: str): 11 | text_bytes: bytes = bytes(text_string, encoding="ascii") 12 | a85_bytes: bytearray = a85encode(text_bytes) 13 | logging.debug(f"Encoded : {a85_bytes}") 14 | encoded_bytes_array: List(int) = [_steps_up(byte) for byte in a85_bytes] 15 | encoded_bytes = bytes(encoded_bytes_array) 16 | logging.debug(f"Encoded + shifted : {encoded_bytes}") 17 | return str(encoded_bytes, encoding="ascii") 18 | 19 | 20 | def step_decode(text_string: str): 21 | encoded_bytes = bytes(text_string, encoding="ascii") 22 | logging.debug(f"Sanity : {encoded_bytes}") 23 | decoded_bytes_array = [_steps_down(byte) for byte in encoded_bytes] 24 | decoded_bytes = bytes(decoded_bytes_array) 25 | logging.debug(f"Decoded + unshifted : {decoded_bytes}") 26 | text_bytes = a85decode(decoded_bytes) 27 | return str(text_bytes, encoding="ascii") 28 | 29 | 30 | def _steps_up(byte: int): 31 | return ((byte - 33 + STEPS_AMT) % 85) + 33 32 | 33 | 34 | def _steps_down(byte: int): 35 | return ((byte - 33 - STEPS_AMT) % 85) + 33 36 | 37 | 38 | def badstep(byte): 39 | return (byte - STEPS_AMT) % 85 40 | 41 | 42 | if __name__ == "__main__": 43 | futureflag = """Early binary repertoires include Bacon's cipher, Braille, International maritime signal flags, and the 4-digit encoding of Chinese characters for a Chinese telegraph code (Hans Schjellerup, 1869). Common examples of character encoding systems include Morse code, the Baudot code, the American Standard Code for Information Interchange (ASCII) and Unicode. 44 | Morse code was introduced in the 1840s and is used to encode each letter of the Latin alphabet, each Arabic numeral, and some other characters via a series of long and short presses of a telegraph key. Representations of characters encoded using Morse code varied in length. 45 | The Baudot code, a five-bit encoding, was created by Emile Baudot in 1870, patented in 1874, modified by Donald Murray in 1901, and standardized by CCITT as International Telegraph Alphabet No. 2 (ITA2) in 1930. 46 | Fieldata, a six- or seven-bit code, was introduced by the U.S. Army Signal Corps in the late 1950s. 47 | 48 | Here is a flag for you : CFI{ascii85_is_more_space_efficient_than_mere_base64_encoding}""" 49 | 50 | encoded = step_encode(futureflag) 51 | print(f"Encoded flag : {encoded}") 52 | decoded = step_decode(encoded) 53 | print(f"Verified : {decoded}") 54 | 55 | print(f"Step 1 : {bytes(a85decode(encoded))}") 56 | temp = [_steps_down(byte) for byte in bytes(encoded, encoding="ascii")] 57 | print(f"Step 2 : {a85decode(bytes((temp)))}") 58 | -------------------------------------------------------------------------------- /hercule/README.md: -------------------------------------------------------------------------------- 1 | # hercule 2 | 3 | They say you should never implement your own crypto algorithms. 4 | This challenge displays one of the many implementation flaws you can find in a custom RSA. 5 | 6 | Here is the flag. But it's encrypted with RSA. The padding algorithm is PKCS#5 with . 7 | I'll provide you with the Public key : `Public key created : exp=65537, modulus=53528742297626831` 8 | 9 | And here is the encrypted string : `[48944927437833612, 16618833042310571, 5184494133895961, 34925820981208595, 32624945606321423, 23493881996355757, 26922771394119503, 39459212340002548, 30566210251065891, 21336317446368629, 39157017037329648, 4769341917225250, 44809893317200587]` 10 | 11 | Can you retrieve the secret key and decrypt the message? 12 | 13 | > crypto 14 | 15 | ## Setup 16 | 17 | Just run `pip install .` to install dependencies. 18 | 19 | Then run `challenge.py` to generate an encrypted flag and the associated Public and Private keys 20 | 21 | ## Writeup 22 | 23 | Looking at the Public key, we immediately notice the modulus is quite small for an asymmetric cryptography scheme. 24 | We could probably bruteforce the `p` and `q` values used to create the modulus and recreate the private key. 25 | 26 | We could use fancy factorisation algorithms like the general number field Sieve, but if the key is small enough, a simple trial division algorithm might suffice. 27 | We use the following algorithm : 28 | 29 | def bruteforce(modulus: int) -> (int, int): 30 | radius = math.floor(math.sqrt(modulus)) 31 | if radius % 2 == 0: 32 | radius -= 1 33 | while radius >= 3: 34 | if modulus % radius == 0: 35 | assert (modulus // radius) * radius == modulus 36 | print(f"Found a factorisation : {modulus//radius} * {radius} = {modulus}") 37 | return modulus // radius, radius 38 | radius -= 2 39 | 40 | Using the square root saves time as we assume both number are probably of similar length which mean they must be under the square root of the result. 41 | 42 | Quickly, the algorithm spits out the two primes factor of the modulus : `Found a factorisation : 235811647 * 226997873 = 53528742297626831` 43 | 44 | Using those values, we can create the private key using the extended enclidian algorithm to find the modular inverse of the public exponent within the modulus 45 | 46 | Turns out the secret is `secret=7597606795359425`. Decrypting the first value with this private key (using RSA formula `message = cipher^secret mod modulus`) 47 | gives us the value `1128679803` which converted in hexadecimal gives `4346497b`. Decoded as ASCII we get `CFI{`, which indeed seems like the first part of the flag. 48 | 49 | Decrypting every values gives us : `CFI{there_is_a_good_reason_why_rsa_keys_are_huge}\x03\x03\x03`. We then remove the padding and obtain our flag. 50 | 51 | -------------------------------------------------------------------------------- /FlagCollection/src/src/SubmitFlagButton.js: -------------------------------------------------------------------------------- 1 | import React, { Component,Fragment } from 'react' 2 | import { 3 | Modal, 4 | View, 5 | Text, 6 | TextInput, 7 | Button, 8 | StyleSheet, 9 | ToastAndroid 10 | } from 'react-native' 11 | import { validateFlag } from './FlagValidator' 12 | import PropTypes from 'prop-types' 13 | 14 | export default class SubmitFlagButton extends Component { 15 | constructor (props) { 16 | super(props) 17 | 18 | this.state = { flag: '', displayModal: false } 19 | } 20 | 21 | hideModal = () => { 22 | this.setState({ displayModal: false }) 23 | } 24 | 25 | showModal = () => { 26 | this.setState({ displayModal: true }) 27 | } 28 | 29 | submitFlag = () => { 30 | const { flag } = this.state 31 | validateFlag(flag).then((valid) => { 32 | if (valid) { 33 | ToastAndroid.show( 34 | 'Good job!', 35 | ToastAndroid.SHORT 36 | ) 37 | this.props.onSubmitSuccess(flag) 38 | this.hideModal() 39 | } else { 40 | ToastAndroid.show( 41 | 'Invalid flag! Try harder!', 42 | ToastAndroid.SHORT 43 | ) 44 | } 45 | this.setState({ flag: '' }) 46 | }) 47 | } 48 | 49 | render () { 50 | const { flag, displayModal } = this.state 51 | return ( 52 | 53 |