├── .gitignore ├── challenge.php ├── challenge_detail.php ├── config.php ├── css ├── google-font.css └── style.css ├── database.sql ├── favicon.ico ├── flag.php ├── images ├── favicon.png ├── group.svg ├── link.svg ├── links │ ├── aurora.jpg │ ├── buuoj.gif │ ├── d0g3.jpg │ ├── hnusec.jpg │ ├── l.jpg │ ├── l3hsec.png │ ├── olnu.png │ ├── oops.jpg │ ├── time_line.png │ └── whu.jpg ├── scroll_to_top.png ├── xingmeng.png └── xingmeng2.png ├── index.php ├── js ├── global.js └── scrollreveal.min.js ├── rank.php ├── template ├── captcha.php ├── footer.php ├── header.php ├── source_footer.php └── source_header.php ├── user ├── login.php ├── login_submit.php ├── logout.php ├── profile.php ├── profile_submit.php ├── register.php ├── register_submit.php ├── writeup_delete.php ├── writeup_submit.php ├── writeups_challenge.php └── writeups_content.php └── writeups.php /.gitignore: -------------------------------------------------------------------------------- 1 | .vscode/ 2 | 3 | password.php 4 | initial.sql 5 | database.sql 6 | 7 | -------------------------------------------------------------------------------- /challenge.php: -------------------------------------------------------------------------------- 1 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | challenge 14 | 15 | 16 | 17 | 18 | 19 | 20 |
21 | 22 | 23 | 24 | 25 |
26 |

Challenge

27 |
28 | query($sql); 36 | if ($user_result->num_rows > 0) { 37 | while($row = $user_result->fetch_assoc()) { 38 | array_push($user_solved, $row['cid']); 39 | } 40 | } 41 | } 42 | $sql = "select name,times,cid from (select distinct a.name as name, count(b.sid) as times, a.cid as cid from challenge as a left join solved as b on a.cid=b.cid group by cid,a.name) as c order by times desc, cid"; 43 | $result = $conn->query($sql); 44 | $length = $result->num_rows; 45 | 46 | $conn->close(); 47 | for($i = 0; $i < ceil($length/4); $i ++){ 48 | ?> 49 |
50 | fetch_assoc()){ 53 | if($user_solved && in_array($row['cid'], $user_solved)){ 54 | echo '
'; 55 | }else{ 56 | echo '
'; 57 | } 58 | echo '

'.htmlspecialchars($row['name']).'

'; 59 | echo '
solved: '.htmlspecialchars($row['times']).' times
'; 60 | echo '
'; 61 | }else{ 62 | break; 63 | } 64 | } 65 | ?> 66 |
67 | 68 |
69 |
70 | 71 | 72 | 73 | 74 |
75 | 76 | 114 | 115 | 154 | 155 | 156 | 157 | -------------------------------------------------------------------------------- /challenge_detail.php: -------------------------------------------------------------------------------- 1 | query($sql); 15 | $row = $result->fetch_assoc(); 16 | $row['isSolved'] = "false"; 17 | 18 | if(isset($_SESSION['uid']) && isset($_SESSION['user'])){ 19 | $uid = (int)addslashes($_SESSION['uid']); 20 | $sql = "select sid from solved where uid=$uid and cid=$cid"; 21 | $result = $conn->query($sql); 22 | if($result->num_rows == 1){ 23 | $row['isSolved'] = "true"; 24 | } 25 | } 26 | 27 | echo json_encode($row); 28 | 29 | $conn->close(); 30 | ?> 31 | 32 | -------------------------------------------------------------------------------- /config.php: -------------------------------------------------------------------------------- 1 | ul,li>ol { 190 | margin-bottom:0 191 | } 192 | dl { 193 | margin-top:0; 194 | margin-bottom:24px 195 | } 196 | dt { 197 | font-weight:700 198 | } 199 | dd { 200 | margin-left:24px; 201 | margin-bottom:24px 202 | } 203 | img { 204 | height:auto; 205 | max-width:100%; 206 | vertical-align:middle 207 | } 208 | figure { 209 | margin:24px 0 210 | } 211 | figcaption { 212 | font-size:16px; 213 | line-height:30px; 214 | padding:8px 0 215 | } 216 | img,svg { 217 | display:block 218 | } 219 | table { 220 | border-collapse:collapse; 221 | margin-bottom:24px; 222 | width:100% 223 | } 224 | tr { 225 | border-bottom:1px solid #454C4C 226 | } 227 | th { 228 | text-align:left 229 | } 230 | th,td { 231 | padding:10px 16px 232 | } 233 | th:first-child,td:first-child { 234 | padding-left:0 235 | } 236 | th:last-child,td:last-child { 237 | padding-right:0 238 | } 239 | html { 240 | font-size:20px; 241 | line-height:32px 242 | } 243 | body { 244 | color:#768696; 245 | font-size:1rem 246 | } 247 | body,button,input,select,textarea { 248 | font-family:"Heebo",sans-serif 249 | } 250 | a { 251 | color:inherit; 252 | } 253 | a:hover,a:active { 254 | outline:0; 255 | text-decoration:none 256 | } 257 | h1,h2,h3,h4,h5,h6,.h1,.h2,.h3,.h4,.h5,.h6 { 258 | clear:both; 259 | color:#fff; 260 | font-family:"Titillium Web",sans-serif; 261 | font-weight:600 262 | } 263 | h1,.h1 { 264 | font-size:40px; 265 | line-height:50px; 266 | letter-spacing:-0.2px 267 | } 268 | @media (min-width:641px) { 269 | h1,.h1 { 270 | font-size:48px; 271 | line-height:58px; 272 | letter-spacing:0px 273 | } 274 | }h2,.h2 { 275 | font-size:32px; 276 | line-height:42px; 277 | letter-spacing:-0.1px 278 | } 279 | @media (min-width:641px) { 280 | h2,.h2 { 281 | font-size:40px; 282 | line-height:50px; 283 | letter-spacing:-0.2px 284 | } 285 | }h3,.h3,blockquote { 286 | font-size:24px; 287 | line-height:34px; 288 | letter-spacing:-0.1px 289 | } 290 | @media (min-width:641px) { 291 | h3,.h3,blockquote { 292 | font-size:32px; 293 | line-height:42px; 294 | letter-spacing:-0.1px 295 | } 296 | }h4,h5,h6,.h4,.h5,.h6 { 297 | font-size:20px; 298 | line-height:32px; 299 | letter-spacing:-0.1px 300 | } 301 | @media (max-width:640px) { 302 | .h1-mobile { 303 | font-size:40px; 304 | line-height:50px; 305 | letter-spacing:-0.2px 306 | } 307 | .h2-mobile { 308 | font-size:32px; 309 | line-height:42px; 310 | letter-spacing:-0.1px 311 | } 312 | .h3-mobile { 313 | font-size:24px; 314 | line-height:34px; 315 | letter-spacing:-0.1px 316 | } 317 | .h4-mobile,.h5-mobile,.h6-mobile { 318 | font-size:20px; 319 | line-height:32px; 320 | letter-spacing:-0.1px 321 | } 322 | }.text-light h1,.text-light h2,.text-light h3,.text-light h4,.text-light h5,.text-light h6,.text-light .h1,.text-light .h2,.text-light .h3,.text-light .h4,.text-light .h5,.text-light .h6 { 323 | color:#fff !important 324 | } 325 | .text-sm { 326 | font-size:18px; 327 | line-height:30px; 328 | letter-spacing:-0.1px 329 | } 330 | .text-xs { 331 | font-size:16px; 332 | line-height:30px; 333 | letter-spacing:-0.1px 334 | } 335 | h1,h2,.h1,.h2 { 336 | margin-top:48px; 337 | margin-bottom:16px 338 | } 339 | h3,.h3 { 340 | margin-top:36px; 341 | margin-bottom:12px 342 | } 343 | h4,h5,h6,.h4,.h5,.h6 { 344 | margin-top:24px; 345 | margin-bottom:4px 346 | } 347 | p { 348 | margin-top:0; 349 | margin-bottom:24px 350 | } 351 | dfn,cite,em,i { 352 | font-style:italic 353 | } 354 | blockquote { 355 | color:#9CACBC; 356 | font-style:italic; 357 | margin-top:24px; 358 | margin-bottom:24px; 359 | margin-left:24px 360 | } 361 | blockquote::before { 362 | content:"\201C" 363 | } 364 | blockquote::after { 365 | content:"\201D" 366 | } 367 | blockquote p { 368 | display:inline 369 | } 370 | address { 371 | color:#768696; 372 | border-width:1px 0; 373 | border-style:solid; 374 | border-color:#454C4C; 375 | padding:24px 0; 376 | margin:0 0 24px 377 | } 378 | pre,pre h1,pre h2,pre h3,pre h4,pre h5,pre h6,pre .h1,pre .h2,pre .h3,pre .h4,pre .h5,pre .h6 { 379 | font-family:"Courier 10 Pitch",Courier,monospace 380 | } 381 | pre,code,kbd,tt,var { 382 | background:#222424 383 | } 384 | pre { 385 | font-size:16px; 386 | line-height:30px; 387 | margin-bottom:1.6em; 388 | max-width:100%; 389 | overflow:auto; 390 | padding:24px; 391 | margin-top:24px; 392 | margin-bottom:24px 393 | } 394 | code,kbd,tt,var { 395 | font-family:Monaco,Consolas,"Andale Mono","DejaVu Sans Mono",monospace; 396 | font-size:16px; 397 | padding:2px 4px 398 | } 399 | abbr,acronym { 400 | cursor:help 401 | } 402 | mark,ins { 403 | text-decoration:none 404 | } 405 | small { 406 | font-size:18px; 407 | line-height:30px; 408 | letter-spacing:-0.1px 409 | } 410 | b,strong { 411 | font-weight:700 412 | } 413 | button,input,select,textarea,label { 414 | font-size:20px; 415 | line-height:32px 416 | } 417 | .container,.container-sm { 418 | width:100%; 419 | margin:0 auto; 420 | padding-left:16px; 421 | padding-right:16px 422 | } 423 | @media (min-width:481px) { 424 | .container,.container-sm { 425 | padding-left:24px; 426 | padding-right:24px 427 | } 428 | }.container { 429 | max-width:1128px 430 | } 431 | .container-sm { 432 | max-width:848px 433 | } 434 | .container .container-sm { 435 | max-width:800px; 436 | padding-left:0; 437 | padding-right:0 438 | } 439 | .screen-reader-text { 440 | clip:rect(1px,1px,1px,1px); 441 | position:absolute !important; 442 | height:1px; 443 | width:1px; 444 | overflow:hidden; 445 | word-wrap:normal !important 446 | } 447 | .screen-reader-text:focus { 448 | box-shadow:0 0 2px 2px rgba(0,0,0,0.6); 449 | clip:auto !important; 450 | display:block; 451 | font-size:16px; 452 | letter-spacing:-0.1px; 453 | font-weight:500; 454 | line-height:16px; 455 | text-decoration:none; 456 | background-color:#141516; 457 | color:#4353FF !important; 458 | border:none; 459 | height:auto; 460 | left:8px; 461 | padding:16px 36px; 462 | top:8px; 463 | width:auto; 464 | z-index:100000 465 | } 466 | .list-reset { 467 | list-style:none; 468 | padding:0 469 | } 470 | .text-left { 471 | text-align:left 472 | } 473 | .text-center { 474 | text-align:center 475 | } 476 | .text-right { 477 | text-align:right 478 | } 479 | .text-primary { 480 | color:#4353FF 481 | } 482 | .text-secondary { 483 | color:#43F1FF 484 | } 485 | .has-top-divider { 486 | position:relative 487 | } 488 | .has-top-divider::before { 489 | content:''; 490 | position:absolute; 491 | top:0; 492 | left:0; 493 | width:100%; 494 | display:block; 495 | height:1px; 496 | background:rgba(69,76,76,0.5) 497 | } 498 | .has-bottom-divider { 499 | position:relative 500 | } 501 | .has-bottom-divider::after { 502 | content:''; 503 | position:absolute; 504 | bottom:0; 505 | left:0; 506 | width:100%; 507 | display:block; 508 | height:1px; 509 | background:rgba(69,76,76,0.5) 510 | } 511 | .m-0 { 512 | margin:0 513 | } 514 | .mt-0 { 515 | margin-top:0 516 | } 517 | .mr-0 { 518 | margin-right:0 519 | } 520 | .mb-0 { 521 | margin-bottom:0 522 | } 523 | .ml-0 { 524 | margin-left:0 525 | } 526 | .m-8 { 527 | margin:8px 528 | } 529 | .mt-8 { 530 | margin-top:8px 531 | } 532 | .mr-8 { 533 | margin-right:8px 534 | } 535 | .mb-8 { 536 | margin-bottom:8px 537 | } 538 | .ml-8 { 539 | margin-left:8px 540 | } 541 | .m-16 { 542 | margin:16px 543 | } 544 | .mt-16 { 545 | margin-top:16px 546 | } 547 | .mr-16 { 548 | margin-right:16px 549 | } 550 | .mb-16 { 551 | margin-bottom:16px 552 | } 553 | .ml-16 { 554 | margin-left:16px 555 | } 556 | .m-24 { 557 | margin:24px 558 | } 559 | .mt-24 { 560 | margin-top:24px 561 | } 562 | .mr-24 { 563 | margin-right:24px 564 | } 565 | .mb-24 { 566 | margin-bottom:24px 567 | } 568 | .ml-24 { 569 | margin-left:24px 570 | } 571 | .m-32 { 572 | margin:32px 573 | } 574 | .mt-32 { 575 | margin-top:32px 576 | } 577 | .mr-32 { 578 | margin-right:32px 579 | } 580 | .mb-32 { 581 | margin-bottom:32px 582 | } 583 | .ml-32 { 584 | margin-left:32px 585 | } 586 | .m-40 { 587 | margin:40px 588 | } 589 | .mt-40 { 590 | margin-top:40px 591 | } 592 | .mr-40 { 593 | margin-right:40px 594 | } 595 | .mb-40 { 596 | margin-bottom:40px 597 | } 598 | .ml-40 { 599 | margin-left:40px 600 | } 601 | .m-48 { 602 | margin:48px 603 | } 604 | .mt-48 { 605 | margin-top:48px 606 | } 607 | .mr-48 { 608 | margin-right:48px 609 | } 610 | .mb-48 { 611 | margin-bottom:48px 612 | } 613 | .ml-48 { 614 | margin-left:48px 615 | } 616 | .m-56 { 617 | margin:56px 618 | } 619 | .mt-56 { 620 | margin-top:56px 621 | } 622 | .mr-56 { 623 | margin-right:56px 624 | } 625 | .mb-56 { 626 | margin-bottom:56px 627 | } 628 | .ml-56 { 629 | margin-left:56px 630 | } 631 | .m-64 { 632 | margin:64px 633 | } 634 | .mt-64 { 635 | margin-top:64px 636 | } 637 | .mr-64 { 638 | margin-right:64px 639 | } 640 | .mb-64 { 641 | margin-bottom:64px 642 | } 643 | .ml-64 { 644 | margin-left:64px 645 | } 646 | .p-0 { 647 | padding:0 648 | } 649 | .pt-0 { 650 | padding-top:0 651 | } 652 | .pr-0 { 653 | padding-right:0 654 | } 655 | .pb-0 { 656 | padding-bottom:0 657 | } 658 | .pl-0 { 659 | padding-left:0 660 | } 661 | .p-8 { 662 | padding:8px 663 | } 664 | .pt-8 { 665 | padding-top:8px 666 | } 667 | .pr-8 { 668 | padding-right:8px 669 | } 670 | .pb-8 { 671 | padding-bottom:8px 672 | } 673 | .pl-8 { 674 | padding-left:8px 675 | } 676 | .p-16 { 677 | padding:16px 678 | } 679 | .pt-16 { 680 | padding-top:16px 681 | } 682 | .pr-16 { 683 | padding-right:16px 684 | } 685 | .pb-16 { 686 | padding-bottom:16px 687 | } 688 | .pl-16 { 689 | padding-left:16px 690 | } 691 | .p-24 { 692 | padding:24px 693 | } 694 | .pt-24 { 695 | padding-top:24px 696 | } 697 | .pr-24 { 698 | padding-right:24px 699 | } 700 | .pb-24 { 701 | padding-bottom:24px 702 | } 703 | .pl-24 { 704 | padding-left:24px 705 | } 706 | .p-32 { 707 | padding:32px 708 | } 709 | .pt-32 { 710 | padding-top:32px 711 | } 712 | .pr-32 { 713 | padding-right:32px 714 | } 715 | .pb-32 { 716 | padding-bottom:32px 717 | } 718 | .pl-32 { 719 | padding-left:32px 720 | } 721 | .p-40 { 722 | padding:40px 723 | } 724 | .pt-40 { 725 | padding-top:40px 726 | } 727 | .pr-40 { 728 | padding-right:40px 729 | } 730 | .pb-40 { 731 | padding-bottom:40px 732 | } 733 | .pl-40 { 734 | padding-left:40px 735 | } 736 | .p-48 { 737 | padding:48px 738 | } 739 | .pt-48 { 740 | padding-top:48px 741 | } 742 | .pr-48 { 743 | padding-right:48px 744 | } 745 | .pb-48 { 746 | padding-bottom:48px 747 | } 748 | .pl-48 { 749 | padding-left:48px 750 | } 751 | .p-56 { 752 | padding:56px 753 | } 754 | .pt-56 { 755 | padding-top:56px 756 | } 757 | .pr-56 { 758 | padding-right:56px 759 | } 760 | .pb-56 { 761 | padding-bottom:56px 762 | } 763 | .pl-56 { 764 | padding-left:56px 765 | } 766 | .p-64 { 767 | padding:64px 768 | } 769 | .pt-64 { 770 | padding-top:64px 771 | } 772 | .pr-64 { 773 | padding-right:64px 774 | } 775 | .pb-64 { 776 | padding-bottom:64px 777 | } 778 | .pl-64 { 779 | padding-left:64px 780 | } 781 | .sr .has-animations .is-revealing { 782 | visibility:hidden 783 | } 784 | .input,.textarea { 785 | background-color:#fff; 786 | border-width:1px; 787 | border-style:solid; 788 | border-color:#454C4C; 789 | color:#768696; 790 | max-width:100%; 791 | width:100% 792 | } 793 | .input::-webkit-input-placeholder,.textarea::-webkit-input-placeholder { 794 | color:#9CACBC 795 | } 796 | .input:-ms-input-placeholder,.textarea:-ms-input-placeholder { 797 | color:#9CACBC 798 | } 799 | .input::-ms-input-placeholder,.textarea::-ms-input-placeholder { 800 | color:#9CACBC 801 | } 802 | .input::placeholder,.textarea::placeholder { 803 | color:#9CACBC 804 | } 805 | .input::-ms-input-placeholder,.textarea::-ms-input-placeholder { 806 | color:#9CACBC 807 | } 808 | .input:-ms-input-placeholder,.textarea:-ms-input-placeholder { 809 | color:#9CACBC 810 | } 811 | .input:hover,.textarea:hover { 812 | border-color:#393f3f 813 | } 814 | .input:active,.input:focus,.textarea:active,.textarea:focus { 815 | outline:none; 816 | border-color:#4353FF 817 | } 818 | .input[disabled],.textarea[disabled] { 819 | cursor:not-allowed; 820 | background-color:#222424; 821 | border-color:#222424 822 | } 823 | .input { 824 | -moz-appearance:none; 825 | -webkit-appearance:none; 826 | font-size:16px; 827 | letter-spacing:-0.1px; 828 | line-height:20px; 829 | padding:13px 16px; 830 | height:48px; 831 | box-shadow:none 832 | } 833 | .input .inline-input { 834 | display:inline; 835 | width:auto 836 | } 837 | .textarea { 838 | display:block; 839 | min-width:100%; 840 | resize:vertical 841 | } 842 | .textarea .inline-textarea { 843 | display:inline; 844 | width:auto 845 | } 846 | .field-grouped>.control:not(:last-child) { 847 | margin-bottom:8px 848 | } 849 | @media (min-width:641px) { 850 | .field-grouped { 851 | display:flex 852 | } 853 | .field-grouped>.control { 854 | flex-shrink:0 855 | } 856 | .field-grouped>.control.control-expanded { 857 | flex-grow:1; 858 | flex-shrink:1 859 | } 860 | .field-grouped>.control:not(:last-child) { 861 | margin-bottom:0; 862 | margin-right:8px 863 | } 864 | }.button { 865 | display:inline-flex; 866 | font-size:16px; 867 | letter-spacing:-0.1px; 868 | font-weight:500; 869 | line-height:16px; 870 | text-decoration:none !important; 871 | background-color:#141516; 872 | color:#4353FF !important; 873 | border:none; 874 | cursor:pointer; 875 | justify-content:center; 876 | padding:16px 36px; 877 | height:48px; 878 | text-align:center; 879 | white-space:nowrap 880 | } 881 | .button:active { 882 | outline:0 883 | } 884 | .button-shadow { 885 | position:relative 886 | } 887 | .button-shadow::before { 888 | content:''; 889 | position:absolute; 890 | top:0; 891 | right:0; 892 | bottom:0; 893 | left:0; 894 | box-shadow:0 8px 48px rgba(67,83,255,0.48); 895 | transition:box-shadow .15s ease 896 | } 897 | .button-shadow:hover::before { 898 | box-shadow:0 8px 48px rgba(67,83,255,0.6) 899 | } 900 | .button-sm { 901 | padding:8px 24px; 902 | height:32px 903 | } 904 | .button-sm.button-shadow::before { 905 | box-shadow:0 4px 32px rgba(67,83,255,0.48) 906 | } 907 | .button-sm.button-shadow:hover::before { 908 | box-shadow:0 4px 32px rgba(67,83,255,0.6) 909 | } 910 | .button-primary { 911 | color:#fff !important; 912 | transition:background .15s ease 913 | } 914 | .button-primary { 915 | background:#505fff; 916 | background:linear-gradient(65deg,#4353FF 0,#5D6AFF 100%) 917 | } 918 | .button-primary:hover { 919 | background:#5564ff; 920 | background:linear-gradient(65deg,#4858ff 0,#626fff 100%) 921 | } 922 | .button-block { 923 | display:flex 924 | } 925 | .site-header { 926 | position:relative; 927 | padding:24px 0 928 | } 929 | .site-header-inner { 930 | position:relative; 931 | display:flex; 932 | justify-content:space-between; 933 | align-items:center 934 | } 935 | .header-links { 936 | display:inline-flex 937 | } 938 | .header-links li { 939 | display:inline-flex 940 | } 941 | .header-links a:not(.button) { 942 | font-size:16px; 943 | line-height:30px; 944 | letter-spacing:-0.1px; 945 | font-weight:700; 946 | color:#768696; 947 | text-transform:uppercase; 948 | text-decoration:none; 949 | line-height:16px; 950 | padding:8px 24px 951 | } 952 | .header-links a:not(.button):hover,.header-links a:not(.button):active { 953 | color:#fff 954 | } 955 | .hero { 956 | padding-top:48px 957 | } 958 | .hero-paragraph { 959 | margin-bottom:32px 960 | } 961 | .hero-illustration { 962 | display:none; 963 | position:relative 964 | } 965 | .hero-bg,.hero-square,.hero-dots,.hero-line { 966 | position:absolute; 967 | -webkit-transform-origin:50% 50%; 968 | transform-origin:50% 50% 969 | } 970 | .hero-bg { 971 | top:-160px; 972 | left:28px 973 | } 974 | .hero-square-1 { 975 | top:-270px; 976 | left:150px 977 | } 978 | .hero-square-2 { 979 | top:-42px; 980 | left:600px 981 | } 982 | .hero-square-3 { 983 | top:46px; 984 | left:74px 985 | } 986 | .hero-square-4 { 987 | top:0; 988 | left:250px 989 | } 990 | .hero-square-5 { 991 | top:108px; 992 | left:633px 993 | } 994 | .hero-square-6 { 995 | top:140px; 996 | left:185px 997 | } 998 | .hero-square-7 { 999 | top:336px; 1000 | left:600px 1001 | } 1002 | .hero-square-8 { 1003 | top:350px; 1004 | left:193px 1005 | } 1006 | .hero-dots-1 { 1007 | top:-107px; 1008 | left:397px 1009 | } 1010 | .hero-dots-2 { 1011 | top:65px; 1012 | left:202px 1013 | } 1014 | .hero-dots-3 { 1015 | top:396px; 1016 | left:53px 1017 | } 1018 | .hero-line-1 { 1019 | top:318px; 1020 | left:229px 1021 | } 1022 | @media (min-width:641px) { 1023 | .hero { 1024 | padding-top:80px 1025 | } 1026 | .hero-inner { 1027 | display:flex 1028 | } 1029 | .hero-copy { 1030 | padding-right:48px; 1031 | min-width:512px; 1032 | width:512px 1033 | } 1034 | .hero-illustration { 1035 | display:block; 1036 | width:528px 1037 | } 1038 | }@media (max-width:640px) { 1039 | .hero-form { 1040 | margin:0 auto 1041 | } 1042 | }.feature { 1043 | padding-top:16px; 1044 | padding-bottom:16px 1045 | } 1046 | .features-wrap:first-child { 1047 | margin-top:-16px 1048 | } 1049 | .features-wrap:last-child { 1050 | margin-bottom:-16px 1051 | } 1052 | .features-inner { 1053 | max-width:400px 1054 | } 1055 | .feature-header { 1056 | display:flex; 1057 | align-items:center 1058 | } 1059 | @media (min-width:641px) { 1060 | .feature { 1061 | padding-top:24px; 1062 | padding-bottom:24px 1063 | } 1064 | .features-wrap:first-child { 1065 | margin-top:-24px 1066 | } 1067 | .features-wrap:last-child { 1068 | margin-bottom:-24px 1069 | } 1070 | }.is-boxed { 1071 | background:#1e1f21 1072 | } 1073 | .body-wrap { 1074 | background:#141516; 1075 | overflow:hidden; 1076 | display:flex; 1077 | flex-direction:column; 1078 | min-height:100vh 1079 | } 1080 | .boxed-container { 1081 | max-width:1440px; 1082 | margin:0 auto; 1083 | box-shadow:0 16px 48px rgba(20,21,22,0.5) 1084 | } 1085 | main { 1086 | flex:1 0 auto 1087 | } 1088 | .section-inner { 1089 | position:relative; 1090 | padding-top:64px; 1091 | padding-bottom:64px 1092 | } 1093 | @media (min-width:641px) { 1094 | .section-inner { 1095 | padding-top:88px; 1096 | padding-bottom:88px 1097 | } 1098 | }.site-footer { 1099 | position:relative; 1100 | font-size:14px; 1101 | line-height:20px; 1102 | letter-spacing:0px 1103 | } 1104 | .site-footer a { 1105 | color:#768696; 1106 | text-decoration:none 1107 | } 1108 | .site-footer a:hover,.site-footer a:active { 1109 | color:#fff; 1110 | text-decoration:underline 1111 | } 1112 | .footer-bg,.footer-dots { 1113 | display:none 1114 | } 1115 | .site-footer-inner { 1116 | position:relative; 1117 | display:flex; 1118 | flex-wrap:wrap; 1119 | align-items:center; 1120 | padding-top:32px; 1121 | padding-bottom:32px 1122 | } 1123 | .footer-social-links,.footer-copyright { 1124 | flex:none; 1125 | width:100%; 1126 | display:inline-flex; 1127 | justify-content:center 1128 | } 1129 | .footer-copyright { 1130 | margin-bottom:24px 1131 | } 1132 | .footer-social-links { 1133 | margin-bottom:0 1134 | } 1135 | .footer-social-links li { 1136 | display:inline-flex 1137 | } 1138 | .footer-social-links li+li { 1139 | margin-left:16px 1140 | } 1141 | .footer-social-links li a { 1142 | padding:8px 1143 | } 1144 | @media (min-width:641px) { 1145 | .site-footer::before { 1146 | height:202px 1147 | } 1148 | .footer-bg,.footer-dots { 1149 | display:block; 1150 | position:absolute 1151 | } 1152 | .footer-bg { 1153 | bottom:0; 1154 | right:0 1155 | } 1156 | .footer-dots { 1157 | bottom:124px; 1158 | right:127px 1159 | } 1160 | .site-footer-inner { 1161 | justify-content:space-between 1162 | } 1163 | .footer-social-links,.footer-copyright { 1164 | flex:50% 1165 | } 1166 | .footer-copyright { 1167 | margin-bottom:0; 1168 | justify-content:flex-start 1169 | } 1170 | .footer-social-links { 1171 | justify-content:flex-end 1172 | } 1173 | }.tlinks { 1174 | text-indent:-9999px; 1175 | height:0; 1176 | line-height:0; 1177 | font-size:0; 1178 | overflow:hidden; 1179 | } 1180 | .navbar-toggle .icon-bar{ 1181 | background-color: #e5e5e5; 1182 | } 1183 | .captcha-code{ 1184 | width:200px; 1185 | margin:0.5em; 1186 | } 1187 | #challenge-name, .modal-header h4{ 1188 | color: #393f3f; 1189 | } 1190 | 1191 | .challenge-inner{ 1192 | padding-top: 0.1em; 1193 | padding-bottom: 1.7em; 1194 | border-radius: 10%; 1195 | } 1196 | 1197 | .challenge{ 1198 | margin-bottom: 2em ; 1199 | } 1200 | 1201 | .challenge .bg-success h3, .challenge .bg-success h5{ 1202 | color: black; 1203 | } 1204 | .table{ 1205 | margin-bottom: 30em; 1206 | } 1207 | article{ 1208 | /* background-color: white; */ 1209 | border: 3px #e5e5e5 solid; 1210 | padding: 1em; 1211 | margin-bottom: 15em; 1212 | } 1213 | 1214 | article{ 1215 | color:white; 1216 | } 1217 | article pre{ 1218 | padding: 0.3em; 1219 | } 1220 | article h1, article h2, article h3, article h4, article h5, article h6, article h7, article h8{ 1221 | color: rgb(248, 251, 36); 1222 | } 1223 | .author{ 1224 | margin-right: 2em; 1225 | } 1226 | #challenge-content{ 1227 | margin-bottom: 1em; 1228 | } 1229 | .modal-header .error{ 1230 | text-align: center; 1231 | color: red; 1232 | } 1233 | .modal-header .success{ 1234 | text-align: center; 1235 | color: green; 1236 | } 1237 | .writeup-add{ 1238 | color: #ff0; 1239 | } 1240 | 1241 | .table-hover > tbody > tr:hover{ 1242 | background-color: darkblue; 1243 | } 1244 | .error-wruteup{ 1245 | color: red; 1246 | text-align: center; 1247 | margin-bottom: 6em; 1248 | } 1249 | 1250 | .links ul{ 1251 | list-style: none; 1252 | } 1253 | 1254 | .links li{ 1255 | margin-bottom: 0.6em; 1256 | } 1257 | 1258 | .link-icon{ 1259 | width: 32px; 1260 | border-radius: 90%; 1261 | float: left; 1262 | } 1263 | 1264 | .link-content{ 1265 | padding-left: 50px; 1266 | } -------------------------------------------------------------------------------- /database.sql: -------------------------------------------------------------------------------- 1 | drop table if exists `user`; 2 | create table `user`( 3 | `uid` int primary key auto_increment, 4 | `email` varchar(100) unique not null, 5 | `nickname` varchar(20) unique not null, 6 | `password` char(64) not null 7 | )charset=utf8; 8 | 9 | 10 | drop table if exists `challenge`; 11 | create table `challenge`( 12 | `cid` int primary key auto_increment, 13 | `name` varchar(100) not null, 14 | `content` Text, 15 | `file` varchar(1000) not null, 16 | `flag` varchar(1000) not null 17 | )charset=utf8; 18 | 19 | drop table if exists `solved`; 20 | create table `solved`( 21 | `sid` int primary key auto_increment, 22 | `uid` int not null, 23 | `cid` int not null, 24 | `time` char(20) not null, 25 | 26 | foreign key(`uid`) REFERENCES `user`(`uid`), 27 | foreign key(`cid`) REFERENCES `challenge`(`cid`), 28 | unique(`uid`, `cid`) 29 | )charset=utf8; 30 | 31 | drop table if exists `writeups`; 32 | create table `writeups`( 33 | `wid` int primary key auto_increment, 34 | `sid` int not null, 35 | `writeup` TEXT, 36 | `time` char(20) not null, 37 | 38 | foreign key(`sid`) REFERENCES `solved`(`sid`) 39 | )charset=utf8; -------------------------------------------------------------------------------- /favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ex-Origin/pwn/b1ef1ee4270e25d31cee3ed2f62878380b206216/favicon.ico -------------------------------------------------------------------------------- /flag.php: -------------------------------------------------------------------------------- 1 | query($sql); 18 | if ($result->num_rows == 1) { 19 | $row = $result->fetch_assoc(); 20 | 21 | if($flag === $row['flag']){ 22 | $str_time = addslashes(date("Y-m-d H:i:s")); 23 | $sql = "insert into solved (cid, uid, time)values($cid, $uid, '$str_time')"; 24 | $conn->query($sql); 25 | echo "success"; 26 | }else{ 27 | echo "failed"; 28 | } 29 | } 30 | 31 | $conn->close(); 32 | } -------------------------------------------------------------------------------- /images/favicon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ex-Origin/pwn/b1ef1ee4270e25d31cee3ed2f62878380b206216/images/favicon.png -------------------------------------------------------------------------------- /images/group.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 5 | 6 | 7 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /images/link.svg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /images/links/aurora.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ex-Origin/pwn/b1ef1ee4270e25d31cee3ed2f62878380b206216/images/links/aurora.jpg -------------------------------------------------------------------------------- /images/links/buuoj.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ex-Origin/pwn/b1ef1ee4270e25d31cee3ed2f62878380b206216/images/links/buuoj.gif -------------------------------------------------------------------------------- /images/links/d0g3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ex-Origin/pwn/b1ef1ee4270e25d31cee3ed2f62878380b206216/images/links/d0g3.jpg -------------------------------------------------------------------------------- /images/links/hnusec.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ex-Origin/pwn/b1ef1ee4270e25d31cee3ed2f62878380b206216/images/links/hnusec.jpg -------------------------------------------------------------------------------- /images/links/l.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ex-Origin/pwn/b1ef1ee4270e25d31cee3ed2f62878380b206216/images/links/l.jpg -------------------------------------------------------------------------------- /images/links/l3hsec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ex-Origin/pwn/b1ef1ee4270e25d31cee3ed2f62878380b206216/images/links/l3hsec.png -------------------------------------------------------------------------------- /images/links/olnu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ex-Origin/pwn/b1ef1ee4270e25d31cee3ed2f62878380b206216/images/links/olnu.png -------------------------------------------------------------------------------- /images/links/oops.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ex-Origin/pwn/b1ef1ee4270e25d31cee3ed2f62878380b206216/images/links/oops.jpg -------------------------------------------------------------------------------- /images/links/time_line.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ex-Origin/pwn/b1ef1ee4270e25d31cee3ed2f62878380b206216/images/links/time_line.png -------------------------------------------------------------------------------- /images/links/whu.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ex-Origin/pwn/b1ef1ee4270e25d31cee3ed2f62878380b206216/images/links/whu.jpg -------------------------------------------------------------------------------- /images/scroll_to_top.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ex-Origin/pwn/b1ef1ee4270e25d31cee3ed2f62878380b206216/images/scroll_to_top.png -------------------------------------------------------------------------------- /images/xingmeng.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ex-Origin/pwn/b1ef1ee4270e25d31cee3ed2f62878380b206216/images/xingmeng.png -------------------------------------------------------------------------------- /images/xingmeng2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ex-Origin/pwn/b1ef1ee4270e25d31cee3ed2f62878380b206216/images/xingmeng2.png -------------------------------------------------------------------------------- /index.php: -------------------------------------------------------------------------------- 1 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | PWN Challenge 14 | 15 | 16 | 17 | 18 | 19 | 20 |
21 | 22 | 23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 | 33 |
34 |
35 |
36 |
37 |
38 |

PWN Challenge

39 |

It's just like pwnable.tw for hackers to test and expand their 41 | binary exploiting skills.

42 |

This website is open source, source code: https://github.com/Ex-Origin/pwn

43 |
44 |
45 |
46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 56 | 57 |
58 |
59 | 60 | 61 | 62 | 63 | 64 | 65 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 77 | 80 | 81 | 82 |
83 |
84 | 85 | 86 | 87 | 88 | 89 | 90 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 101 | 102 | 103 |
104 |
105 | 106 | 107 | 108 | 109 | 110 | 111 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 122 | 123 | 124 |
125 |
126 | 127 | 128 | 129 | 130 | 131 | 132 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 144 | 145 | 146 | 147 | 149 | 150 | 151 | 152 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 163 | 166 | 168 | 170 | 172 | 173 | 174 |
175 |
176 | 177 | 178 | 179 | 180 | 181 | 182 | 184 | 185 | 186 | 187 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 197 | 200 | 202 | 203 | 204 |
205 |
206 | 207 | 208 | 209 | 210 | 211 | 212 | 214 | 215 | 216 | 217 | 218 | 219 | 220 | 221 | 223 | 224 | 225 | 226 | 227 | 228 | 229 | 230 | 233 | 234 | 235 | 236 | 237 |
238 |
239 | 240 | 241 | 242 | 243 | 244 | 245 | 248 | 249 | 250 | 251 | 252 | 253 | 254 | 255 | 256 | 257 | 258 | 259 | 261 | 264 | 265 | 266 |
267 |
268 | 269 | 270 | 271 | 272 | 273 | 274 | 276 | 277 | 278 | 279 | 280 | 281 | 282 | 285 | 286 | 287 |
288 |
290 | 291 | 292 | 294 | 296 | 298 | 300 | 302 | 304 | 306 | 308 | 310 | 312 | 314 | 315 | 316 |
317 |
319 | 320 | 321 | 323 | 325 | 327 | 329 | 331 | 333 | 335 | 337 | 339 | 341 | 343 | 344 | 345 |
346 |
348 | 349 | 350 | 352 | 354 | 356 | 358 | 360 | 362 | 364 | 366 | 367 | 368 |
369 |
370 | 371 | 372 | 374 | 375 | 376 | 377 | 378 | 379 | 383 | 384 |
385 |
386 |
387 |
388 |
389 | 390 | 391 |
392 |
393 |
394 |
395 |
396 |
397 |
398 |
399 | 400 | 401 | 404 | 407 | 410 | 413 | 416 | 419 | 422 | 423 | 424 |
425 |

HOW-TO

426 |
427 |
    428 |
  • Try to find out the vulnerabilities exists in the challenges, exploit the 429 | remote services to get flags.
    • 430 |
  • The flag is usually at ./flag for Linux, and .\flag.txt for Windows, but sometimes you have 431 | to get a shell to read them.
    • 432 |
  • Most of challenges are running on Ubuntu 16.04/18.04/19.04 docker 433 | image.
    • 434 |
  • You can share write-up or exploit code in your profile, only players who 435 | also solved the same challenge are able to see them.
    • 436 |
  • Windows service program: http://file.eonew.cn/pwn_challenge/tools/AppJailLauncher.exe
    • 437 |
438 |
439 |
440 |
441 |
442 |
443 |
444 | 445 | 446 | 448 | 451 | 453 | 454 | 455 |
456 |

RULES

457 |
458 |
    459 |
  • Do not DOS the infrastructures.
    • 460 |
  • Do not share the FLAGs.
    • 461 |
  • Do not share entire solution code in public.
    • 462 |
  • If you found any unintended bugs, please report to us, thanks.
    • 463 |
464 |
465 |
466 |
467 |
468 |
469 |
470 | 471 | 472 | 475 | 478 | 481 | 484 | 487 | 488 | 489 |
490 |

Contact

491 |
492 |
    493 |
  • Admin-Email: 2462148389@qq.com
    • 494 |
  • QQ group: 570295461
    • 495 |
  • Main website: www.xmcve.com
    • 496 |
497 | 498 |

Welcome all friends to join XMCVE.

499 |
500 |
501 | 502 |
503 |
504 |
505 |
506 |
507 |
508 |

Links

509 |
510 | 602 |
603 |
604 | 605 |
606 |
607 |
608 |
609 |
610 | 611 | 612 | 613 | 614 | 615 | 616 |
617 | 618 | 619 | 620 | -------------------------------------------------------------------------------- /js/global.js: -------------------------------------------------------------------------------- 1 | !function(){const t=window,e=document.documentElement;if(e.classList.remove("no-js"),e.classList.add("js"),document.body.classList.contains("has-animations")){(window.sr=ScrollReveal()).reveal(".hero-title, .hero-paragraph, .hero-form",{duration:1e3,distance:"40px",easing:"cubic-bezier(0.5, -0.01, 0, 1.005)",origin:"bottom",interval:150})}const s=document.querySelectorAll(".is-moving-object");let n=0,i=0,a=0,o=0,r=0,l=e.clientWidth,c=e.clientHeight;s&&t.addEventListener("mousemove",function(t,e){let s=null,n=e;return(...e)=>{let i=Date.now();(!s||i-s>=n)&&(s=i,t.apply(this,e))}}(function(e){!function(e,s){n=e.pageX,i=e.pageY,a=t.scrollY,o=l/2-n,r=c/2-(i-a);for(let t=0;t '){ 30 | content = content.slice(2); 31 | var txt=document.createElement("blockquote"); 32 | txt.innerHTML = content; 33 | $(this).after(txt); 34 | $(this).remove(); 35 | } 36 | }); 37 | 38 | $(document).on('show.bs.modal', '.modal', function (event) { 39 | var zIndex = 1050 + (10 * $('.modal:visible').length); 40 | $(this).css('z-index', zIndex); 41 | // setTimeout(function() { 42 | // $('.modal-backdrop').not('.modal-stack').css('z-index', zIndex - 1).addClass('modal-stack'); 43 | // }, 0); 44 | }); 45 | 46 | /* Scroll To Top */ 47 | var scrolltotop = { 48 | setting: { 49 | startline: 100, 50 | scrollto: 0, 51 | scrollduration: 1e3, 52 | fadeduration: [500, 100] 53 | }, 54 | controlHTML: '', 55 | // The offset from the bottom right corner 56 | controlattrs: { 57 | offsetx: 10, 58 | offsety: 20 59 | }, 60 | anchorkeyword: "#top", 61 | state: { 62 | isvisible: !1, 63 | shouldvisible: !1 64 | }, 65 | scrollup: function() { 66 | this.cssfixedsupport || this.$control.css({ 67 | opacity: 0 68 | }); 69 | var t = isNaN(this.setting.scrollto) ? this.setting.scrollto: parseInt(this.setting.scrollto); 70 | t = "string" == typeof t && 1 == jQuery("#" + t).length ? jQuery("#" + t).offset().top: 0, 71 | this.$body.animate({ 72 | scrollTop: t 73 | }, 74 | this.setting.scrollduration) 75 | }, 76 | keepfixed: function() { 77 | var t = jQuery(window), 78 | o = t.scrollLeft() + t.width() - this.$control.width() - this.controlattrs.offsetx, 79 | s = t.scrollTop() + t.height() - this.$control.height() - this.controlattrs.offsety; 80 | this.$control.css({ 81 | left: o + "px", 82 | top: s + "px" 83 | }) 84 | }, 85 | togglecontrol: function() { 86 | var t = jQuery(window).scrollTop(); 87 | this.cssfixedsupport || this.keepfixed(), 88 | this.state.shouldvisible = t >= this.setting.startline ? !0 : !1, 89 | this.state.shouldvisible && !this.state.isvisible ? (this.$control.stop().animate({ 90 | opacity: 0.7 91 | }, 92 | this.setting.fadeduration[0]), this.state.isvisible = !0) : 0 == this.state.shouldvisible && this.state.isvisible && (this.$control.stop().animate({ 93 | opacity: 0 94 | }, 95 | this.setting.fadeduration[1]), this.state.isvisible = !1) 96 | }, 97 | init: function() { 98 | jQuery(document).ready(function(t) { 99 | var o = scrolltotop, 100 | s = document.all; 101 | o.cssfixedsupport = !s || s && "CSS1Compat" == document.compatMode && window.XMLHttpRequest, 102 | o.$body = t(window.opera ? "CSS1Compat" == document.compatMode ? "html": "body": "html,body"), 103 | o.$control = t('
' + o.controlHTML + "
").css({ 104 | position: o.cssfixedsupport ? "fixed": "absolute", 105 | bottom: o.controlattrs.offsety, 106 | right: o.controlattrs.offsetx, 107 | opacity: 0, 108 | cursor: "pointer" 109 | }).attr({ 110 | title: "Scroll to Top" 111 | }).click(function() { 112 | return o.scrollup(), 113 | !1 114 | }).appendTo("body"), 115 | document.all && !window.XMLHttpRequest && "" != o.$control.text() && o.$control.css({ 116 | width: o.$control.width() 117 | }), 118 | o.togglecontrol(), 119 | t('a[href="' + o.anchorkeyword + '"]').click(function() { 120 | return o.scrollup(), 121 | !1 122 | }), 123 | t(window).bind("scroll resize", 124 | function(t) { 125 | o.togglecontrol() 126 | }) 127 | }) 128 | } 129 | }; 130 | scrolltotop.init(); 131 | }); 132 | -------------------------------------------------------------------------------- /js/scrollreveal.min.js: -------------------------------------------------------------------------------- 1 | /*! @license ScrollReveal v4.0.0 2 | 3 | Copyright 2018 Fisssion LLC. 4 | 5 | Licensed under the GNU General Public License 3.0 for 6 | compatible open source projects and non-commercial use. 7 | 8 | For commercial sites, themes, projects, and applications, 9 | keep your source code private/proprietary by purchasing 10 | a commercial license from https://scrollrevealjs.org/ 11 | */ 12 | var ScrollReveal=function(){"use strict";var r={delay:0,distance:"0",duration:600,easing:"cubic-bezier(0.5, 0, 0, 1)",interval:0,opacity:0,origin:"bottom",rotate:{x:0,y:0,z:0},scale:1,cleanup:!0,container:document.documentElement,desktop:!0,mobile:!0,reset:!1,useDelay:"always",viewFactor:0,viewOffset:{top:0,right:0,bottom:0,left:0},afterReset:function(){},afterReveal:function(){},beforeReset:function(){},beforeReveal:function(){}},n={clean:function(){},destroy:function(){},reveal:function(){},sync:function(){},get noop(){return!0}};function o(e){return"object"==typeof window.Node?e instanceof window.Node:null!==e&&"object"==typeof e&&"number"==typeof e.nodeType&&"string"==typeof e.nodeName}function u(e,t){if(void 0===t&&(t=document),e instanceof Array)return e.filter(o);if(o(e))return[e];if(n=e,i=Object.prototype.toString.call(n),"object"==typeof window.NodeList?n instanceof window.NodeList:null!==n&&"object"==typeof n&&"number"==typeof n.length&&/^\[object (HTMLCollection|NodeList|Object)\]$/.test(i)&&(0===n.length||o(n[0])))return Array.prototype.slice.call(e);var n,i;if("string"==typeof e)try{var r=t.querySelectorAll(e);return Array.prototype.slice.call(r)}catch(e){return[]}return[]}function s(e){return null!==e&&e instanceof Object&&(e.constructor===Object||"[object Object]"===Object.prototype.toString.call(e))}function f(n,i){if(s(n))return Object.keys(n).forEach(function(e){return i(n[e],e,n)});if(n instanceof Array)return n.forEach(function(e,t){return i(e,t,n)});throw new TypeError("Expected either an array or object literal.")}function h(e){for(var t=[],n=arguments.length-1;0=[].concat(r.body).shift())return g.call(this,n,i,-1,t),c.call(this,e,{reveal:!0,pristine:t});if(!n.blocked.foot&&i===[].concat(o.foot).shift()&&i<=[].concat(r.body).pop())return g.call(this,n,i,1,t),c.call(this,e,{reveal:!0,pristine:t})}}function v(e){var t=Math.abs(e);if(isNaN(t))throw new RangeError("Invalid sequence interval.");this.id=y(),this.interval=Math.max(t,16),this.members=[],this.models={},this.blocked={head:!1,foot:!1}}function d(e,i,r){var o=this;this.head=[],this.body=[],this.foot=[],f(e.members,function(e,t){var n=r.elements[e];n&&n[i]&&o.body.push(t)}),this.body.length&&f(e.members,function(e,t){var n=r.elements[e];n&&!n[i]&&(t 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | pwn challenge - Rank 15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 |
27 |

Rank

28 | query($sql); 32 | ?> 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | num_rows; 46 | for($i = 0; $i < $length; $i++){ 47 | $row = $result->fetch_assoc(); 48 | echo ""; 49 | echo ""; 50 | echo ""; 51 | echo ""; 52 | echo ""; 53 | echo ""; 54 | } 55 | ?> 56 | 57 |
#NicknamesolvedComment
".(string)($i + 1)."".htmlspecialchars($row['nickname'])."".htmlspecialchars($row['solved'])."".($row['comment'] ? htmlspecialchars($row['comment']) : "NULL")."
58 | 59 | 60 |
61 | 62 | 63 | 64 | 65 | 66 | 67 |
68 | 69 | 70 | 71 | -------------------------------------------------------------------------------- /template/captcha.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /template/footer.php: -------------------------------------------------------------------------------- 1 |
2 |
3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 |
13 |
14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 |
27 |
28 |
29 |
©  XMCVE
30 |
31 |
32 |
33 | -------------------------------------------------------------------------------- /template/header.php: -------------------------------------------------------------------------------- 1 | 2 | 34 | 35 | -------------------------------------------------------------------------------- /template/source_footer.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /template/source_header.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /user/login.php: -------------------------------------------------------------------------------- 1 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | pwn challenge - login 15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 |
27 |
28 |
29 |
30 |
31 |
32 | 33 |
34 | 35 |
36 |
37 |
38 | 39 |
40 | 42 |
43 |
44 | 45 |
46 | 47 |
48 | 50 |
51 | 54 |
55 |
56 |
57 | 58 |
59 |
60 |
61 |
62 |
63 |
64 | 65 |
66 | 67 | 68 | 69 | 70 | 71 | 72 |
73 | 74 | 103 | 104 | 119 | 120 | 136 | 137 | 152 | 153 | 154 | -------------------------------------------------------------------------------- /user/login_submit.php: -------------------------------------------------------------------------------- 1 | query($sql); 21 | 22 | if($result->num_rows == 1){ 23 | $row = $result->fetch_assoc(); 24 | $_SESSION['user'] = $row['nickname']; 25 | $_SESSION['uid'] = $row['uid']; 26 | echo "success"; 27 | }else{ 28 | echo "failed"; 29 | } 30 | 31 | $conn->close(); 32 | ?> -------------------------------------------------------------------------------- /user/logout.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /user/profile.php: -------------------------------------------------------------------------------- 1 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | PWN Challenge - profile 22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 | 32 | 33 |
34 |

Profile

35 |
36 |
37 | query($sql); 40 | 41 | if($result->num_rows != 1){ 42 | $conn->close(); 43 | die("Unknown Error"); 44 | } 45 | 46 | $row = $result->fetch_assoc(); 47 | $comment = htmlspecialchars($row['comment']); 48 | ?> 49 | 50 |
51 |
52 |
53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 |
Email:
Nickname:
Comment:
Register time:
Solved times:
75 |
76 |
77 | 78 | 79 |
80 | 81 |

83 |
84 | 85 |

Solved Challenge

86 |
87 | query($sql); 90 | ?> 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | num_rows; 104 | for($i = 0; $i < $length; $i++){ 105 | $row = $result->fetch_assoc(); 106 | echo ""; 107 | echo ""; 108 | echo ""; 109 | echo ""; 110 | echo '"; 111 | echo ""; 112 | } 113 | ?> 114 | 115 |
#NameSolved timewriteup
".(string)($i + 1)."".htmlspecialchars($row['name'])."".htmlspecialchars($row['time'])."'." + Add
116 | 117 |

Submited Writeup

118 |
119 | query($sql); 124 | ?> 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | num_rows; 138 | for($i = 0; $i < $length; $i++){ 139 | $row = $result->fetch_assoc(); 140 | echo ""; 141 | echo ""; 142 | echo ""; 143 | echo ""; 144 | echo ''; 147 | echo ""; 148 | } 149 | ?> 150 | 151 |
#NameSubmited timeOperator
".(string)($i + 1)."".htmlspecialchars($row['name'])."".htmlspecialchars($row['time'])."'. 145 | ' '. 146 | '
152 |
153 | 154 | 155 | 156 | 157 |
158 | 159 | 207 | 208 | 269 | 270 | 271 | 272 | 273 | close(); 275 | ?> -------------------------------------------------------------------------------- /user/profile_submit.php: -------------------------------------------------------------------------------- 1 | 200){ 22 | die("Error: The comment is too long!"); 23 | } 24 | 25 | $uid = (int)addslashes($_SESSION['uid']); 26 | 27 | $conn = get_sql_conn(); 28 | 29 | $sql = "update user set comment='$comment' where uid=$uid"; 30 | if($conn->query($sql)){ 31 | echo "Comment has been updated successfully! "; 32 | }else{ 33 | echo ("Modify comment failed! "); 34 | } 35 | 36 | 37 | if(isset($_POST['new_password']) && $_POST['new_password']){ 38 | if(strlen($_POST['new_password']) >= 8){ 39 | $current_password = addslashes(hash("sha256", $_POST['current_password'])); 40 | $new_password = addslashes(hash("sha256", $_POST['new_password'])); 41 | $sql = "select uid from user where binary password='$current_password' and uid=$uid"; 42 | $result = $conn->query($sql); 43 | 44 | if($result->num_rows == 1){ 45 | $sql = "update user set password='$new_password' where uid=$uid"; 46 | if($conn->query($sql)){ 47 | echo "Password has been updated successfully! "; 48 | }else{ 49 | echo "Modify password failed! Unknow Error! "; 50 | } 51 | }else{ 52 | echo "Modify password failed! Please enter a correct password. Note that both fields may be case-sensitive. "; 53 | } 54 | }else{ 55 | echo "Password can not be empty for at least eight! "; 56 | } 57 | 58 | } 59 | 60 | $conn->close(); 61 | ?> -------------------------------------------------------------------------------- /user/register.php: -------------------------------------------------------------------------------- 1 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | pwn challenge - login 14 | 15 | 16 | 17 | 18 | 19 | 20 |
21 | 22 | 23 | 24 | 25 |
26 |
27 |
28 |
29 |
30 |
31 | 32 |
33 | 35 |
36 |
37 |
38 | 39 |
40 | 41 |
42 |
43 |
44 | 45 |
46 | 48 |
49 |
50 |
51 | 52 |
53 | 55 |
56 | 59 |
60 |
61 |
62 | 63 |
64 |
65 |
66 |
67 |
68 |
69 | 70 |
71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 |
79 | 80 | 117 | 118 | 133 | 134 | 149 | 150 | 165 | 166 | 181 | 182 | 198 | 199 | 214 | 215 | 216 | -------------------------------------------------------------------------------- /user/register_submit.php: -------------------------------------------------------------------------------- 1 | 20 || strlen($_POST['email']) > 100){ 27 | die("Nickname or email is too long!"); 28 | } 29 | 30 | if(!preg_match('/^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*$/', $email)){ 31 | die("Email is invalid"); 32 | } 33 | 34 | $conn = get_sql_conn(); 35 | 36 | $sql = "select uid from user where binary email='$email' or binary nickname='$nickname'"; 37 | 38 | $result = $conn->query($sql); 39 | 40 | if($result->num_rows == 0){ 41 | $str_time = addslashes(date("Y-m-d H:i:s")); 42 | $sql = "insert into `user` (email, nickname, password, register_time)values('$email', '$nickname', '$password', '$str_time')"; 43 | if ($conn->query($sql) === TRUE) { 44 | echo "success"; 45 | }else{ 46 | echo "insert error!"; 47 | } 48 | }else{ 49 | echo "The nickname or email has already existed!"; 50 | } 51 | 52 | $conn->close(); 53 | ?> -------------------------------------------------------------------------------- /user/writeup_delete.php: -------------------------------------------------------------------------------- 1 | query($sql); 18 | if($result->num_rows == 0){ 19 | $conn->close(); 20 | die("false"); 21 | }else if($result->num_rows != 1){ 22 | $conn->close(); 23 | die("Unkown error!"); 24 | } 25 | 26 | $row = $result->fetch_assoc(); 27 | $wid = (int)addslashes($row['wid']); 28 | 29 | $sql = "delete from writeups where wid=$wid"; 30 | 31 | if($conn->query($sql) === TRUE){ 32 | echo "true"; 33 | }else{ 34 | echo "delete error!"; 35 | } 36 | 37 | $conn->close(); 38 | ?> -------------------------------------------------------------------------------- /user/writeup_submit.php: -------------------------------------------------------------------------------- 1 | query($sql); 26 | if($result->num_rows == 0){ 27 | die("You can share write-up or exploit code in your profile, only players who also solved the same challenge are able to see them."); 28 | $conn->close(); 29 | }else if($result->num_rows != 1){ 30 | die("Unkown error!"); 31 | $conn->close(); 32 | } 33 | 34 | $row = $result->fetch_assoc(); 35 | $sid = (int)addslashes($row['sid']); 36 | $str_time = addslashes(date("Y-m-d H:i:s")); 37 | 38 | 39 | $sql = "insert into writeups (sid, writeup, time) values ($sid, '$writeup', '$str_time')"; 40 | 41 | 42 | if($conn->query($sql) === TRUE){ 43 | echo "success"; 44 | }else{ 45 | echo "insert data failed!"; 46 | } 47 | 48 | $conn->close(); 49 | ?> -------------------------------------------------------------------------------- /user/writeups_challenge.php: -------------------------------------------------------------------------------- 1 | Error argument!"); 11 | } 12 | 13 | if(!$error && !isset($_SESSION['uid'])){ 14 | $error .= ("

You should login first!

"); 15 | } 16 | 17 | $conn = get_sql_conn(); 18 | $name = "NULL"; 19 | 20 | if(!$error && isset($_SESSION['uid']) && isset($_GET['cid'])){ 21 | $cid = (int)addslashes($_GET['cid']); 22 | $uid = (int)addslashes($_SESSION['uid']); 23 | 24 | // Check the user whether to finished the challenge. 25 | $sql = "select b.name as name from solved as a join challenge as b on a.cid=b.cid where a.uid=$uid and b.cid=$cid"; 26 | $result = $conn->query($sql); 27 | if($result->num_rows == 0){ 28 | $error .= ("

You haven't finished the challenge, so that you can't see these writeups.

"); 29 | }else if($result->num_rows != 1){ 30 | $error .= ("

Unkown error!

"); 31 | }else{ 32 | $row = $result->fetch_assoc(); 33 | $name = $row['name']; 34 | } 35 | } 36 | 37 | if ($error && isset($_GET['cid'])) { 38 | $cid = (int)addslashes($_GET['cid']); 39 | 40 | $sql = "select name from challenge where cid=$cid"; 41 | $result = $conn->query($sql); 42 | 43 | if($result->num_rows == 1){ 44 | $row = $result->fetch_assoc(); 45 | $name = $row['name']; 46 | } 47 | } 48 | 49 | 50 | ?> 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | Writeups - <?php echo $name; ?> 59 | 60 | 61 | 62 | 63 | 64 | 65 |
66 | 67 | 68 | 69 | 70 |
71 |

Writeups - - Submit

72 | 73 | 74 | 75 |
76 | 77 | 78 |
79 | 80 |
81 | 82 |
83 | 85 |
86 | 89 |
90 | 91 |
92 | 93 |
94 | 95 | 96 |

Writeups -

97 |

You can share write-up or exploit code in your profile, only players who also solved the same challenge are able to see them.

98 | query($sql); 118 | } 119 | ?> 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | num_rows; 134 | for($i = 0; $i < $length; $i++){ 135 | $row = $result->fetch_assoc(); 136 | echo ""; 137 | echo ""; 138 | echo '"; 139 | echo ""; 140 | echo '"; 141 | echo ""; 142 | } 143 | } 144 | ?> 145 | 146 |
#Nicknametime
".(string)($i + 1)."'.htmlspecialchars($row['nickname'])."".$row['time']."'."View
147 | 148 | 149 |
150 | 151 | 152 | 153 | 154 | 155 | 156 |
157 | 158 | 185 | 186 | 201 | 202 | 217 | 218 | 219 | 220 | 221 | close(); 223 | ?> -------------------------------------------------------------------------------- /user/writeups_content.php: -------------------------------------------------------------------------------- 1 | query($sql); 38 | if($result->num_rows == 0){ 39 | die("The article does not exist!"); 40 | $conn->close(); 41 | }else if($result->num_rows != 1){ 42 | die("Unkown error!"); 43 | $conn->close(); 44 | } 45 | 46 | $row = $result->fetch_assoc(); 47 | $name = $row['name']; 48 | $nickname = $row['nickname']; 49 | $time = $row['time']; 50 | $writeup = $row['writeup']; 51 | $cid = (int)addslashes($row['cid']); 52 | 53 | // Check the user whether to finished the challenge. 54 | $sql = "select b.name as name from solved as a join challenge as b on a.cid=b.cid where a.uid=$uid and b.cid=$cid"; 55 | $result = $conn->query($sql); 56 | if($result->num_rows == 0){ 57 | die("You haven't finished the challenge, so that you can't see these writeups."); 58 | $conn->close(); 59 | }else if($result->num_rows != 1){ 60 | die("Unkown error!"); 61 | $conn->close(); 62 | } 63 | 64 | $conn->close(); 65 | 66 | ?> 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | Writeups - <?php echo $name; ?> by <?php echo htmlspecialchars($nickname); ?> 75 | 76 | 77 | 78 | 79 | 80 | 81 |
82 | 83 | 84 | 85 | 86 |
87 |

Writeups -

88 |

Author:

89 |

Submit time:

90 |
91 | 92 |
93 | 94 | 95 | 96 | 97 | 98 | 99 |
100 | 101 | 102 | -------------------------------------------------------------------------------- /writeups.php: -------------------------------------------------------------------------------- 1 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | pwn challenge - writeups 15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 |
27 |

Writeups

28 |

You can share write-up or exploit code in your profile, only players who also solved the same challenge are able to see them.

29 | query($sql); 48 | $conn->close(); 49 | ?> 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | num_rows; 64 | for($i = 0; $i < $length; $i++){ 65 | $row = $result->fetch_assoc(); 66 | echo ""; 67 | echo ""; 68 | echo '"; 69 | echo ""; 70 | echo '"; 71 | echo ""; 72 | } 73 | } 74 | ?> 75 | 76 |
#NameSubmit times
".(string)($i + 1)."'.htmlspecialchars($row['name'])."".htmlspecialchars($row['writeup'])."'."View
77 | 78 | 79 |
80 | 81 | 82 | 83 | 84 | 85 | 86 |
87 | 88 | 89 | 90 | --------------------------------------------------------------------------------