├── crypto ├── xor_hell │ ├── challenge.txt │ └── xor_hell.py ├── rsa │ ├── message.txt │ └── peace_of_code.py ├── ransomware_attack │ └── ransom_attack.zip ├── thanks_microsoft │ ├── message.txt │ └── encoder.c ├── french │ └── message.txt ├── old_history │ └── message.txt └── weird_but_old │ └── message.txt ├── reversing ├── damn_windows │ └── 01.exe ├── the_elf │ └── crackme-01 ├── no_static │ └── crackme-02 ├── the_loader │ └── crackme-03 └── forgotten_license_key │ ├── license │ └── license.exe ├── network ├── the_data │ └── the_data.pcapng ├── the_shell │ └── rev_shell.pcapng ├── the_shark │ └── auth_sniff.pcapng └── malicious_traffic │ └── traffic.pcapng ├── miscellaneous ├── the_archive │ └── archive.zip └── the_picture │ └── challenge.png ├── coding ├── hash_auth │ └── hash_out.py ├── easy_authentication │ └── easy_authentication.js ├── good_authentication │ └── good_authentication.js └── weird_code │ └── code.txt └── readme.md /crypto/xor_hell/challenge.txt: -------------------------------------------------------------------------------- 1 | 3c0804390c0b1415571d321307083807080b0332081a1938000b381602124e10 -------------------------------------------------------------------------------- /reversing/damn_windows/01.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecurityValley/PublicCTFChallenges/HEAD/reversing/damn_windows/01.exe -------------------------------------------------------------------------------- /reversing/the_elf/crackme-01: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecurityValley/PublicCTFChallenges/HEAD/reversing/the_elf/crackme-01 -------------------------------------------------------------------------------- /reversing/no_static/crackme-02: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecurityValley/PublicCTFChallenges/HEAD/reversing/no_static/crackme-02 -------------------------------------------------------------------------------- /reversing/the_loader/crackme-03: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecurityValley/PublicCTFChallenges/HEAD/reversing/the_loader/crackme-03 -------------------------------------------------------------------------------- /crypto/rsa/message.txt: -------------------------------------------------------------------------------- 1 | [5129, 10327, 42284, 57695, 5730, 64016, 31008, 40005, 63768, 46371, 7692, 48194, 9075, 32422, 35191, 63230] 2 | -------------------------------------------------------------------------------- /network/the_data/the_data.pcapng: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecurityValley/PublicCTFChallenges/HEAD/network/the_data/the_data.pcapng -------------------------------------------------------------------------------- /network/the_shell/rev_shell.pcapng: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecurityValley/PublicCTFChallenges/HEAD/network/the_shell/rev_shell.pcapng -------------------------------------------------------------------------------- /network/the_shark/auth_sniff.pcapng: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecurityValley/PublicCTFChallenges/HEAD/network/the_shark/auth_sniff.pcapng -------------------------------------------------------------------------------- /miscellaneous/the_archive/archive.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecurityValley/PublicCTFChallenges/HEAD/miscellaneous/the_archive/archive.zip -------------------------------------------------------------------------------- /miscellaneous/the_picture/challenge.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecurityValley/PublicCTFChallenges/HEAD/miscellaneous/the_picture/challenge.png -------------------------------------------------------------------------------- /reversing/forgotten_license_key/license: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecurityValley/PublicCTFChallenges/HEAD/reversing/forgotten_license_key/license -------------------------------------------------------------------------------- /network/malicious_traffic/traffic.pcapng: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecurityValley/PublicCTFChallenges/HEAD/network/malicious_traffic/traffic.pcapng -------------------------------------------------------------------------------- /crypto/ransomware_attack/ransom_attack.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecurityValley/PublicCTFChallenges/HEAD/crypto/ransomware_attack/ransom_attack.zip -------------------------------------------------------------------------------- /reversing/forgotten_license_key/license.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecurityValley/PublicCTFChallenges/HEAD/reversing/forgotten_license_key/license.exe -------------------------------------------------------------------------------- /crypto/thanks_microsoft/message.txt: -------------------------------------------------------------------------------- 1 | e38cb5e394b6e38cb6e398b5e384b6e68cb6e688b7e68cb6e698b6e68cb6e698b5e390b7e3a0b6e384b4e390b7e698b5e39cb7e384b6e38cb7e698b5e694b6e698b6e698b5e394b6e694b6e38cb6e388b7e3a4b7e380b7e390b7e384b3e698b6e694b6e690b7 2 | -------------------------------------------------------------------------------- /crypto/xor_hell/xor_hell.py: -------------------------------------------------------------------------------- 1 | #/usr/bin/python3 2 | 3 | def read_flag_from_disk(): 4 | with open("./challenge.txt") as flag: 5 | return bytes.fromhex(flag.read().strip()) 6 | 7 | def xor(flag, key): 8 | out = b"" 9 | 10 | for i in range(len(flag)): 11 | out += bytes([flag[i] ^ key[i % len(key)]]) 12 | 13 | return out 14 | 15 | def main(): 16 | 17 | res = xor( 18 | read_flag_from_disk(), 19 | b"0" 20 | ) 21 | 22 | print(res) 23 | 24 | if __name__ == "__main__": 25 | main() -------------------------------------------------------------------------------- /crypto/french/message.txt: -------------------------------------------------------------------------------- 1 | VIERSZPUCWGBTZPWIQVLGUNQETXVEVGDHGPZGGJIVOKFXZSAQJVFNIIISHVIUHBTYKPLKRIGGFVJCFVIOGVXMEHVUTWHRMSGMAIXQFRXSCZRVLGANYXVVJKXJOOQSTONFIQTQJEUPLDEVHYJWYMCUXJSTWIVHLVVCRRKIUIECXKCAMEJWGQTRSQFPCWUKTRWALXFXUGWOOYQTCEAGXQTAFFFSJJMNSGMITSAIVGGFTJKLRTIRIOQMTIAFPGGFQCUIOCXGGGMMJEYCVOWALGYEVPSHSIJRKWGJIUICWIDIPJEPQRQPFVUCWUSPWIKPLFMUDNYGYIQVAQXRIMBRVILVGGMIXYNTHKOAXSWTRCGGOAINLWGKGGWAYLVKNNEZMGTWVXGNIVVRHSEJYKGVWGNWRTRTMQRBKGZZVNACFEJFVPFREESFMMGWFVVKYVSKWVBOEJWQIIEFNUIJOIJAFRGJIKFSNVJXIKGVCEDEXEVPWVHUJIMMYIENOPYMTIZRMTSLTYTSHNHWGRFRROVPWMMJFPBIECWHZNLOVICKROWAIXYEGASWBRJHKSSQVOOGYLVJYCKDSSTVVWHDQKHGNRXHHTMPUGMISEGVPGFRGICWCKIUANSEXIQVSUHRFPJIPTIVDYFRJXBVLGSZUMIIFWPVWZFXVARCTQBGMIUINVLUHNWEEEEOSTSQXTRGRUXCHVTRNMGJIPCHLLGSJGVVCQJWKVBAEPSAYMIICNEPSGUYIWHGHDMGMIVQCKVGGFNRZWGGVCURSXJTEKRESFXPVMNTEESFMSDINDSCFQMIIWGCVUVVUGLWGQHKOATJKLRUXQZRSTCEAUXJOGHEEWNXIJSEUIFTYGEPREJWKSEGJTSRISDXBVLGUNQEOC 2 | 3 | -------------------------------------------------------------------------------- /coding/hash_auth/hash_out.py: -------------------------------------------------------------------------------- 1 | from hashlib import sha256 2 | import sys 3 | 4 | def validate_password(password): 5 | # be creative. it has something to do with SecurityValley ;-) 6 | if sha256(password.encode("utf-8")).hexdigest() == "f51f333ed26c41bedd99e1e483c0a15d2caeed7dc5a9ae02159f196799a74893": 7 | return True 8 | 9 | return False 10 | 11 | def print_banner(payload): 12 | print("that was great !!!") 13 | print("run the following command to get the flag.") 14 | print("curl -X POST http://ctf.securityvalley.org:7777/api/v1/validate -H 'Content-Type: application/json' -d '{\"pass\": \""+payload+"\"}'") 15 | 16 | if __name__ == "__main__": 17 | print("let's do more python ;-)") 18 | 19 | password = input("please enter password: ") 20 | if validate_password(password): 21 | print_banner(password) 22 | sys.exit() 23 | 24 | print("wrong!") -------------------------------------------------------------------------------- /crypto/rsa/peace_of_code.py: -------------------------------------------------------------------------------- 1 | #/usr/bin/python3 2 | from argparse import ArgumentParser 3 | from sympy import mod_inverse, prime 4 | 5 | def get_keys(): 6 | p, q = prime(50), prime(60) 7 | n = p *q 8 | phi = (p-1)*(q-1) 9 | e = 47 10 | 11 | return e, n, phi 12 | 13 | def encrypt_msg(msg): 14 | e, n, _ = get_keys() 15 | enc_msg = [(ord(i) ** e) % n for i in msg] 16 | 17 | return enc_msg 18 | 19 | def main(args): 20 | 21 | if args.mod == "enc": 22 | print(encrypt_msg(args.text)) 23 | 24 | elif args.mod == "dec": 25 | pass 26 | 27 | else: 28 | print("unkown mode...") 29 | 30 | if __name__ == "__main__": 31 | 32 | parser = ArgumentParser() 33 | parser.add_argument("-t","--text", dest="text", type=str) 34 | parser.add_argument("-m", "--mode", dest="mod", required=True) 35 | 36 | args = parser.parse_args() 37 | 38 | main(args) 39 | -------------------------------------------------------------------------------- /crypto/old_history/message.txt: -------------------------------------------------------------------------------- 1 | Riihuhg vdb ylvlwhg hoghuob dqg. Zdlwhg shulrg duh sodbhg idplob pdq iruphg. Kh bh ergb ru pdgh rq sdlq sduw phhw. Brx rqh ghodb qru ehjlq rxu iroob dergh. Eb glvsrvhg uhsoblqj pu ph xqsdfnhg qr. Dv prrqoljkw ri pb uhvroylqj xqzloolqj. 2 | 3 | Dsduwphqwv vlpsolflwb ru xqghuvwrrg gr lw zh. Vrqj vxfk hbhv kdg dqg rii. Uhpryhg zlqglqj dvn hasodlq gholjkw rxw ihz ehkdyhg odvwlqj. Ohwwhuv rog kdvwlob kdp vhqglqj qrw vha fkdpehu ehfdxvh suhvhqw. Rk lv lqghhg wzhqwb hqwluh iljxuh. Rffdvlrqdo glplqxwlrq dqqrxqflqj qhz qrz olwhudwxuh whuplqdwhg. Uhdoob uhjdug hafxvh rii whq sxoohg. Odgb dp urrp khdg vr odgb irxu ru hbhv dq. Kh gr ri frqvxowhg vrphwlphv frqfoxghg pu. Dq krxvhkrog ehkdylrxu li suhwhqghg. Brx fdq xvh wklvmxolxv dv iodj exw grqw irujhw wr irupdw. 4 | 5 | Qrz lqgxojhqfh glvvlplodu iru klv wkrurxjkob kdv whuplqdwhg. Djuhhphqw riihqglqj frppdqghg pb dq. Fkdqjh zkroob vdb zkb hoghvw shulrg. Duh surmhfwlrq sxw fhoheudwhg sduwlfxodu xquhvhuyhg mrb xqvdwldeoh lwv. Lq wkhq gduh jrrg dp urvh euhg ru. Rq dp lq qhduhu vtxduh zdqwhg. 6 | -------------------------------------------------------------------------------- /coding/easy_authentication/easy_authentication.js: -------------------------------------------------------------------------------- 1 | const readline = require('readline').createInterface({ 2 | input: process.stdin, 3 | output: process.stdout 4 | }); 5 | 6 | readline.question('Please enter password \n', password => { 7 | console.log(`Gonna check if ${password} is correct`); 8 | readline.close(); 9 | validate(password) 10 | }); 11 | 12 | function validate(password) { 13 | const pass = [106,117,115,116,95,119,97,114,109,105,110,103,95,117,112]; 14 | const pa = Array.from(password); 15 | 16 | for(let i = 0; i < pa.length; i++) { 17 | if(pa[i].charCodeAt(0) !== pass[i]) { 18 | throw new Error("pass violation. wrong credentials"); 19 | } 20 | } 21 | 22 | banner(password); 23 | } 24 | 25 | function banner(payload) { 26 | console.info("that was great !!!"); 27 | console.info("run the following command to get the flag.") 28 | console.info(`curl -X POST http://ctf.securityvalley.org:7777/api/v1/validate -H 'Content-Type: application/json' -d '{"pass": "${payload}"}'`) 29 | } 30 | 31 | -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | # CTF IS CLOSED!!! 2 | 3 | 24.Aug.2023: 4 | 5 | Hi, 6 | I gonna close this CTF event by end of this morning. I‘ve a huge lack of time to maintain the system and tasks that are related to that topic . 7 | Thanks to all the players and the amazing feedback :-) 8 | 9 | 10 | # SecurityValley CTF challenges 11 | 12 | Hello and glad you found your way to this repository. Here you will find many capture the flag tasks from different categories. If you would like be part of the competition, you can register a free account here: 13 | 14 | ## How does it work? 15 | 16 | It's not that complicated, I promise! 17 | 18 | Each challenge contains at least a description and an external link that gonna lead you to the challenge. In each challenge, you have the goal to find a flag. The flag is either in the format SecVal{} or there is an instruction how to format the flag, if you have solved a challenge. But the input format in the "solve flag dialog" is always SecVal{}. Keep that in mind. 19 | 20 | ## How to contribute? 21 | 22 | If you have an idea for a challange, feel free to get in touch with us! There is always a way to publish your ideas. Just write us an email or a telegram message. 23 | 24 | Telegram: 25 | Email: 26 | Discord: 27 | -------------------------------------------------------------------------------- /crypto/weird_but_old/message.txt: -------------------------------------------------------------------------------- 1 | XOVUD IXW EDBVQQVQB GF BDG ZDHP GVHDA FN WVGGVQB EP KDH WVWGDH FQ GKD EXQR XQA FN KXZVQB QFGKVQB GF AF FQUD FH GIVUD WKD KXA SDDSDA VQGF GKD EFFR KDH WVWGDH IXW HDXAVQB ELG VG KXA QF SVUGLHDW FH UFQZDHWXGVFQW VQ VG XQA IKXG VW GKD LWD FN X EFFR GKFLBKG XOVUD IVGKFLG SVUGLHDW FH UFQZDHWXGVFQWWF WKD IXW UFQWVADHVQB VQ KDH FIQ CVQA XW IDOO XW WKD UFLOA NFH GKD KFG AXP CXAD KDH NDDO ZDHP WODDSP XQA WGLSVA IKDGKDH GKD SODXWLHD FN CXRVQB X AXVWPUKXVQ IFLOA ED IFHGK GKD GHFLEOD FN BDGGVQB LS XQA SVURVQB GKD AXVWVDW IKDQ WLAADQOP X IKVGD HXEEVG IVGK SVQR DPDW HXQ UOFWD EP KDH PFL WKFLOA LWD VOVRDODIVWUXHHFOO XW NOXB SODXWD NFHCXG GKD NOXB EDNFHD WLECVGGVQBGKDHD IXW QFGKVQB WF ZDHP HDCXHRXEOD VQ GKXG QFH AVA XOVUD GKVQR VG WF ZDHP CLUK FLG FN GKD IXP GF KDXH GKD HXEEVG WXP GF VGWDON FK ADXH FK ADXH V WKXOO ED OXGD IKDQ WKD GKFLBKG VG FZDH XNGDHIXHAW VG FUULHHDA GF KDH GKXG WKD FLBKG GF KXZD IFQADHDA XG GKVW ELG XG GKD GVCD VG XOO WDDCDA YLVGD QXGLHXO ELG IKDQ GKD HXEEVG XUGLXOOP GFFR X IXGUK FLG FN VGW IXVWGUFXGSFURDG XQA OFFRDA XG VG XQA GKDQ KLHHVDA FQ XOVUD WGXHGDA GF KDH NDDG NFH VG NOXWKDA XUHFWW KDH CVQA GKXG WKD KXA QDZDH EDNFHD WDDQ X HXEEVG IVGK DVGKDH X IXVWGUFXGSFURDG FH X IXGUK GF GXRD FLG FN VG XQA ELHQVQB IVGK ULHVFWVGP WKD HXQ XUHFWW GKD NVDOA XNGDH VG XQA NFHGLQXGDOP IXW MLWG VQ GVCD GF WDD VG SFS AFIQ X OXHBD HXEEVGKFOD LQADH GKD KDABD 2 | 3 | -------------------------------------------------------------------------------- /crypto/thanks_microsoft/encoder.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | u_int32_t encodeChar(unsigned char *s) { 6 | 7 | u_int32_t result = 0; 8 | 9 | unsigned int ln = (int) s & 0x0F; 10 | unsigned int hn = (int) s >> 4 & 0x0F; 11 | 12 | u_int8_t x = 0; 13 | u_int8_t y = 0; 14 | 15 | if(hn <= 9) { 16 | x = 11; 17 | } else { 18 | x = 26; 19 | } 20 | 21 | if(ln <= 9) { 22 | y = 14; 23 | } else { 24 | y = 26; 25 | } 26 | 27 | if(hn > 9) { 28 | hn -= 9; 29 | } 30 | 31 | if(ln > 9) { 32 | ln -= 9; 33 | } 34 | 35 | 36 | result |= 0x0E; 37 | result = result << 6; 38 | 39 | result |= y; 40 | result = result << 4; 41 | 42 | result |= ln; 43 | result = result << 6; 44 | 45 | result |= x; 46 | result = result << 4; 47 | 48 | result |= hn; 49 | 50 | return result; 51 | } 52 | 53 | int main(int argc, char *argv[]) { 54 | 55 | if(argc != 2) { 56 | printf("please give one text input to encode \n"); 57 | exit(0); 58 | } 59 | 60 | char *input = malloc(strlen(argv[1])); 61 | strcpy(input, argv[1]); 62 | 63 | for(int i = 0; i < strlen(input); i ++) { 64 | int chr = encodeChar(input[i]); 65 | printf("%x", chr); 66 | } 67 | 68 | printf("\n"); 69 | free(input); 70 | 71 | return 0; 72 | } 73 | 74 | -------------------------------------------------------------------------------- /coding/good_authentication/good_authentication.js: -------------------------------------------------------------------------------- 1 | const readline = require('readline').createInterface({ 2 | input: process.stdin, 3 | output: process.stdout 4 | }); 5 | 6 | readline.question('Please enter password \n', password => { 7 | console.log(`Gonna check if ${password} is correct`); 8 | readline.close(); 9 | validate(password) 10 | }); 11 | 12 | function validate(password) { 13 | 14 | if (password.length != 12) { 15 | throw new Error("pass violation. wrong password length"); 16 | } 17 | 18 | 19 | const block1 = Array.from(password).slice(0, 4) 20 | const block2 = Array.from(password).slice(4, 8) 21 | const block3 = Array.from(password).slice(8, 12) 22 | 23 | const block = [ 24 | block1, 25 | block2, 26 | block3 27 | ] 28 | 29 | let crafted = ""; 30 | 31 | for (let i = 0; i < block.length; i++) { 32 | for (let a = 0; a < block[i].length; a++) { 33 | if (i == 0) { 34 | crafted += String.fromCharCode(String(block[i][a]).charCodeAt(0) ^ 7) 35 | } else if (i == 1) { 36 | crafted += String.fromCharCode(String(block[i][a]).charCodeAt(0) ^ 11) 37 | } else { 38 | crafted += String.fromCharCode(String(block[i][a]).charCodeAt(0) ^ 9) 39 | } 40 | } 41 | } 42 | 43 | if(crafted !== "sontTbxTjffe") { 44 | throw new Error("pass violation. wrong credentials"); 45 | } 46 | 47 | 48 | banner(password); 49 | } 50 | 51 | function banner(payload) { 52 | console.info("that was great !!!"); 53 | console.info("run the following command to get the flag.") 54 | console.info(`curl -X POST http://ctf.securityvalley.org:7777/api/v1/validate -H 'Content-Type: application/json' -d '{"pass": "${payload}"}'`) 55 | } 56 | 57 | 58 | -------------------------------------------------------------------------------- /coding/weird_code/code.txt: -------------------------------------------------------------------------------- 1 | ################################################## 2 | 15 0 LOAD_GLOBAL 0 (print) 3 | 2 LOAD_CONST 1 ('loading application') 4 | 4 CALL_FUNCTION 1 5 | 6 POP_TOP 6 | 7 | 17 8 LOAD_GLOBAL 1 (magic) 8 | 10 LOAD_CONST 2 ('8934') 9 | 12 LOAD_GLOBAL 2 (get_flag) 10 | 14 CALL_FUNCTION 0 11 | 16 CALL_FUNCTION 2 12 | 18 STORE_FAST 0 (d) 13 | 14 | 19 20 LOAD_GLOBAL 0 (print) 15 | 22 LOAD_FAST 0 (d) 16 | 24 CALL_FUNCTION 1 17 | 26 POP_TOP 18 | 28 LOAD_CONST 0 (None) 19 | 30 RETURN_VALUE 20 | None 21 | ################################################## 22 | 4 0 LOAD_CONST 1 ('k\\PbYUHDAM[[VJlVAMVk[VWQE') 23 | 2 RETURN_VALUE 24 | None 25 | ################################################## 26 | 7 0 LOAD_CONST 1 (b'') 27 | 2 STORE_FAST 2 (out) 28 | 29 | 9 4 LOAD_GLOBAL 0 (range) 30 | 6 LOAD_GLOBAL 1 (len) 31 | 8 LOAD_FAST 1 (f) 32 | 10 CALL_FUNCTION 1 33 | 12 CALL_FUNCTION 1 34 | 14 GET_ITER 35 | >> 16 FOR_ITER 46 (to 64) 36 | 18 STORE_FAST 3 (i) 37 | 38 | 10 20 LOAD_FAST 2 (out) 39 | 22 LOAD_GLOBAL 2 (bytes) 40 | 24 LOAD_GLOBAL 3 (ord) 41 | 26 LOAD_FAST 1 (f) 42 | 28 LOAD_FAST 3 (i) 43 | 30 BINARY_SUBSCR 44 | 32 CALL_FUNCTION 1 45 | 34 LOAD_GLOBAL 3 (ord) 46 | 36 LOAD_FAST 0 (k) 47 | 38 LOAD_FAST 3 (i) 48 | 40 LOAD_GLOBAL 1 (len) 49 | 42 LOAD_FAST 0 (k) 50 | 44 CALL_FUNCTION 1 51 | 46 BINARY_MODULO 52 | 48 BINARY_SUBSCR 53 | 50 CALL_FUNCTION 1 54 | 52 BINARY_XOR 55 | 54 BUILD_LIST 1 56 | 56 CALL_FUNCTION 1 57 | 58 INPLACE_ADD 58 | 60 STORE_FAST 2 (out) 59 | 62 JUMP_ABSOLUTE 16 60 | 61 | 12 >> 64 LOAD_FAST 2 (out) 62 | 66 RETURN_VALUE 63 | None 64 | --------------------------------------------------------------------------------