30 | 31 | 32 | The flag is: 33 | 34 | ``` 35 | csictf{m0r3_huMaN_than_Y0u} 36 | ``` -------------------------------------------------------------------------------- /miscellaneous/No DIStractions/challenge.yml: -------------------------------------------------------------------------------- 1 | name: "No DIStractions" 2 | author: "Shiv10" 3 | 4 | 5 | category: Miscellaneous 6 | 7 | description: | 8 | I see all, I read all, but I shall not speak until I am 'commanded' to do so. Ask me, and thou shall recieve. 9 | 10 | value: 500 11 | type: dynamic 12 | 13 | decay: 450 14 | 15 | minimum: 100 16 | 17 | 18 | flags: 19 | - csictf{m0r3_huMaN_than_Y0u} 20 | 21 | 22 | tags: 23 | - discord 24 | 25 | 26 | state: hidden 27 | 28 | version: "0.1" -------------------------------------------------------------------------------- /miscellaneous/Prime Roll/challenge.yml: -------------------------------------------------------------------------------- 1 | name: "Prime Roll" 2 | author: "harsoh" 3 | 4 | category: Miscellaneous 5 | 6 | description: | 7 | We built a random number generator and it just rolls dice in the background and prints the result of the roll. We love prime numbers so a dice with (10^9)+7 (a famous prime number) sides is used. To simulate random behaviour, the machine rolls the dice n number of times, where n equals the 2^((10^9)+7) (th) prime number. We want to know the probability of the largest result among all these rolls being a prime number too. You can stop the machine from rolling dices till the Heat Death of the universe by telling us the answer beforehand. Calculate the first 10 digits after the decimal place. 8 | 9 | The flag will look like -> csictf{first_10_digits_after_the_decimal_point} 10 | 11 | value: 500 12 | type: dynamic 13 | 14 | decay: 450 15 | 16 | minimum: 100 17 | 18 | flags: 19 | - csictf{9999999999} 20 | 21 | tags: 22 | - miscellaneous 23 | - algo 24 | 25 | state: hidden 26 | 27 | version: "0.1" 28 | -------------------------------------------------------------------------------- /miscellaneous/Prison Break/.dockerignore: -------------------------------------------------------------------------------- 1 | Dockerfile 2 | README.md 3 | challenge.yml 4 | -------------------------------------------------------------------------------- /miscellaneous/Prison Break/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:2.7-slim 2 | 3 | RUN apt-get update && apt-get install -y \ 4 | xinetd \ 5 | && rm -rf /var/lib/apt/lists/* 6 | 7 | RUN mkdir /ctf 8 | WORKDIR /ctf 9 | RUN useradd -M -d /ctf ctf 10 | 11 | RUN echo "Connection blocked" > /etc/banner_fail 12 | COPY ctf.xinetd /etc/xinetd.d/ctf 13 | COPY ./src /ctf/ 14 | 15 | RUN chown -R root:ctf /ctf && \ 16 | chmod -R 750 /ctf && \ 17 | chmod 740 /ctf/flag.txt 18 | 19 | ENTRYPOINT [] 20 | CMD ["/usr/sbin/xinetd", "-dontfork"] 21 | 22 | EXPOSE 9999 23 | -------------------------------------------------------------------------------- /miscellaneous/Prison Break/challenge.yml: -------------------------------------------------------------------------------- 1 | name: "Prison Break" 2 | author: "roerohan" 3 | category: Miscellaneous 4 | 5 | description: | 6 | I saw them put someone in jail. Can you find out who it is? 7 | They said this is the best prison ever built. You sure can't break it, can you? 8 | 9 | nc chall.csivit.com 30407 10 | 11 | value: 500 12 | type: dynamic 13 | 14 | decay: 450 15 | minimum: 100 16 | 17 | flags: 18 | - csictf{m1ch34l_sc0fi3ld_fr0m_pr1s0n_br34k} 19 | 20 | tags: 21 | - miscellaneous 22 | - jail 23 | 24 | state: hidden 25 | version: "0.1" 26 | 27 | replicas: 2 28 | containers: 29 | server: 30 | build: . 31 | ports: 32 | - containerPort: 9999 33 | 34 | expose: 35 | - containerPort: 9999 36 | nodePort: 30407 37 | -------------------------------------------------------------------------------- /miscellaneous/Prison Break/ctf.xinetd: -------------------------------------------------------------------------------- 1 | service ctf 2 | { 3 | disable = no 4 | socket_type = stream 5 | protocol = tcp 6 | wait = no 7 | user = ctf 8 | type = UNLISTED 9 | port = 9999 10 | bind = 0.0.0.0 11 | server = /bin/sh 12 | server_args = /ctf/start.sh 13 | banner_fail = /etc/banner_fail 14 | # safety options 15 | per_source = 10 # the maximum instances of this service per source IP address 16 | rlimit_cpu = 1 # the maximum number of CPU seconds that the service may use 17 | #rlimit_as = 1024M # the Address Space resource limit for the service 18 | } -------------------------------------------------------------------------------- /miscellaneous/Prison Break/src/flag.txt: -------------------------------------------------------------------------------- 1 | The flag is in the source code. -------------------------------------------------------------------------------- /miscellaneous/Prison Break/src/jail.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import sys 4 | 5 | class Sandbox(object): 6 | def execute(self, code_string): 7 | exec(code_string) 8 | sys.stdout.flush() 9 | 10 | sandbox = Sandbox() 11 | 12 | _raw_input = raw_input 13 | 14 | main = sys.modules["__main__"].__dict__ 15 | orig_builtins = main["__builtins__"].__dict__ 16 | 17 | builtins_whitelist = set(( 18 | #exceptions 19 | 'ArithmeticError', 'AssertionError', 'AttributeError', 'Exception', 20 | 21 | #constants 22 | 'False', 'None', 'True', 23 | 24 | #types 25 | 'basestring', 'bytearray', 'bytes', 'complex', 'dict', 26 | 27 | #functions 28 | 'abs', 'bin', 'dir', 'help' 29 | 30 | # blocked: eval, execfile, exit, file, quit, reload, import, etc. 31 | )) 32 | 33 | for builtin in orig_builtins.keys(): 34 | if builtin not in builtins_whitelist: 35 | del orig_builtins[builtin] 36 | 37 | print("Find the flag.") 38 | sys.stdout.flush() 39 | 40 | def flag_function(): 41 | flag = "csictf{m1ch34l_sc0fi3ld_fr0m_pr1s0n_br34k}" 42 | 43 | while 1: 44 | try: 45 | sys.stdout.write(">>> ") 46 | sys.stdout.flush() 47 | code = _raw_input() 48 | sandbox.execute(code) 49 | 50 | except Exception: 51 | print("You have encountered an error.") 52 | sys.stdout.flush() 53 | -------------------------------------------------------------------------------- /miscellaneous/Prison Break/src/start.sh: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | cd /ctf 4 | /usr/local/bin/python jail.py -------------------------------------------------------------------------------- /miscellaneous/README.md: -------------------------------------------------------------------------------- 1 | # Miscellaneous 2 | 3 | This directory consists of challenges that are `Miscellaneous`. Please follow the guidelines mentioned in the [template](../README.md) while making contributions. -------------------------------------------------------------------------------- /osint/Commitment/README.md: -------------------------------------------------------------------------------- 1 | # Commitment 2 | Author: [ashikka](https://github.com/ashikka) 3 | 4 | ## Description 5 | 6 | General github knowledge and Sherlock 7 | 8 | ## Requirements 9 | 10 | - Github 11 | - Sherlock 12 | 13 | ## Sources 14 | 15 | - [hoshimaseok](https://github.com/hoshimaseok) 16 | 17 | 18 | ``` 19 | hoshimaseok is up to no good. Track him down. 20 | ``` 21 | 22 | 23 | ## Exploit 24 | 25 | You need to search all accounts on the internet using the username `hoshimaseok` using the tool [Sherlock](https://github.com/sherlock-project/sherlock). Once you land on the github account, you see there is one repository named `SomethingFishy`. In this repository, on the branch `dev`, there are many folders, full of random code, that doesn't really make any sense. On scouring through the commit history, you stumble across something unsual. The `.gitignore` file has been updated twice. 26 |
27 | 28 | Now, when you open this commit, you find out that the user had mistakenly pushed his `.env` file with the flag and had forgotten to add `.env` to the `.gitignore` file. 29 |
30 | 31 | 32 | The flag is: 33 | 34 | ``` 35 | csictf{sc4r3d_0f_c0mm1tm3nt} 36 | ``` 37 | -------------------------------------------------------------------------------- /osint/Commitment/challenge.yml: -------------------------------------------------------------------------------- 1 | name: "Commitment" 2 | author: "ashikka" 3 | category: OSINT 4 | 5 | description: hoshimaseok is up to no good. Track him down. 6 | 7 | value: 500 8 | type: dynamic 9 | 10 | decay: 450 11 | minimum: 100 12 | 13 | flags: 14 | - csictf{sc4r3d_0f_c0mm1tm3nt} 15 | 16 | tags: 17 | - osint 18 | 19 | state: hidden 20 | version: "0.1" -------------------------------------------------------------------------------- /osint/Flying Places/Flight.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/osint/Flying Places/Flight.jpg -------------------------------------------------------------------------------- /osint/Flying Places/README.md: -------------------------------------------------------------------------------- 1 | # Flying Places 2 | 3 | Author: [parthkgh24](https://github.com/parthkgh24) 4 | 5 | ## Description 6 | This is an osint challenge. 7 | 8 | ## Requirements 9 | 10 | - None 11 | 12 | ## Sources 13 | ``` 14 | A reporter wanted to know where this flight is headed. Where does he (the reporter) live? 15 | ``` 16 | 17 | 18 | ## Exploit 19 | 20 | This picture is from Jack Ma's Twitter account which shows a flight carrying masks to be sent to the US. On going through the comments, someone named Sergio Quintana asks where the flight is headed. On going through his account, we can see that he lives in San Francisco. 21 | 22 | The flag is: 23 | 24 | ``` 25 | csictf{san_francisco} 26 | ``` 27 | 28 | -------------------------------------------------------------------------------- /osint/Flying Places/challenge.yml: -------------------------------------------------------------------------------- 1 | name: "Flying Places" 2 | author: :"Parth" 3 | category: "OSINT" 4 | 5 | description: | 6 | A reporter wanted to know where this flight is headed. Where does he (the reporter) live? 7 | 8 | value: 500 9 | type: dynamic 10 | 11 | 12 | decay: 450 13 | 14 | 15 | minimum: 100 16 | 17 | flags: 18 | - csictf{san_francisco} 19 | 20 | tags: 21 | - "osint" 22 | - "research" 23 | 24 | files: 25 | - "osint/Flying Places/Flight.jpg" 26 | 27 | state: hidden 28 | 29 | version: "0.1" -------------------------------------------------------------------------------- /osint/Lo Scampo/README.md: -------------------------------------------------------------------------------- 1 | # Lo Scampo 2 | 3 | Author: [SrishtiGohain](https:github.com/SrishtiGohain) 4 | 5 | ## Description 6 | 7 | This is a simple OSINT challenge. 8 | 9 | ## Requirements 10 | 11 | - none 12 | 13 | ## Sources 14 | 15 | ``` 16 | Malcolm X took Broiestevane to a Day of the Dead themed party but she never returned. Her only friends, Mr Bean and the Pink Panther realised that she was missing when she didn't show up for an exam. Broistevane liked posting pictures, where was the party held? 17 | (Don't forget to wrap your answer in csictf{}) 18 | ``` 19 | 20 | ## Exploit 21 | 22 | Go to Mr Bean's Instagram account. Go through the posts until you come across [this](https://www.instagram.com/p/CBBAgC9ohzT/), a video of Mr Bean and the Pink Panther giving an exam. In the comments section of this post, you'll find people asking if Mr Bean has found Broiestevane yet, with links to her account. Go to her [account](https://www.instagram.com/broiestevane/?hl=en), you'll see that her final posts are from a party (apparently). In her bio, there is a [link](https://www.instagram.com/p/B3pJE1CgMvI/) to the Day of the Dead party held at The Liberty Hotel. 23 | 24 | The flag is: 25 | ``` 26 | csictf{liberty_hotel} 27 | ``` 28 | -------------------------------------------------------------------------------- /osint/Lo Scampo/challenge.yml: -------------------------------------------------------------------------------- 1 | name: "Lo Scampo" 2 | author: "SrishtiGohain" 3 | category: OSINT 4 | 5 | description: | 6 | 'Malcolm X took Broiestevane to a Day of the Dead themed party but she never returned. Her only friends, Mr Bean and the Pink Panther realised that she was missing when she didn't show up for an exam. Broiestevane liked posting pictures, where was the party held? 7 | (Don't forget to wrap your answer in csictf{})' 8 | 9 | value: 500 10 | type: dynamic 11 | 12 | decay: 450 13 | minimum: 100 14 | 15 | flags: 16 | - csictf{liberty_hotel} 17 | - csictf{liberty_hotel_boston} 18 | 19 | tags: 20 | - osint 21 | 22 | state: hidden 23 | version: "0.1" -------------------------------------------------------------------------------- /osint/Pirates of the Memorial/README.md: -------------------------------------------------------------------------------- 1 | # Pirates of the Memorial 2 | 3 | Author: [roerohan](https://github.com/roerohan) 4 | 5 | ## Description 6 | 7 | An OSINT challenge where you scour the internet to find the owner of this image. 8 | 9 | ## Requirements 10 | 11 | - Internet 12 | 13 | ## Sources 14 | 15 | - [storm.jpeg](./storm.jpeg) 16 | 17 | ``` 18 | The original photographer of this picture commented the flag on his post. Find the flag. 19 | ``` 20 | 21 | ## Exploit 22 | 23 | When you search the image on `Google`, you find out that it's a picture of `Victoria Memorial`. Then you see some tweets with that picture by `Rishi Bargee`. When you open it, you see there's a comment asking who took this picture, and someone has replied that it was taken by `Arunopal Banerjee`. When you search him up, you find his `Facebook` and `Instagram`, etc. You can see that he's mostly active and posting on his instagram channel. 24 |
25 | 26 | Now, when you search through his channel, you find the same picture, in [this](https://www.instagram.com/p/B3oKrLQgpko/?utm_source=ig_web_copy_link) post. Scrolling through the comments, you find the flag. 27 |
28 | 29 | The flag is: 30 | 31 | ``` 32 | csictf{pl4g14r1sm_1s_b4d} 33 | ``` -------------------------------------------------------------------------------- /osint/Pirates of the Memorial/challenge.yml: -------------------------------------------------------------------------------- 1 | name: "Pirates of the Memorial" 2 | author: "roerohan" 3 | category: OSINT 4 | 5 | description: | 6 | The original photographer of this picture commented the flag on his post. Find the flag. 7 | 8 | value: 500 9 | type: dynamic 10 | 11 | decay: 450 12 | minimum: 100 13 | 14 | flags: 15 | - csictf{pl4g14r1sm_1s_b4d} 16 | 17 | files: 18 | - "osint/Pirates of the Memorial/storm.jpeg" 19 | 20 | tags: 21 | - osint 22 | 23 | state: hidden 24 | version: "0.1" 25 | -------------------------------------------------------------------------------- /osint/Pirates of the Memorial/storm.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/osint/Pirates of the Memorial/storm.jpeg -------------------------------------------------------------------------------- /osint/README.md: -------------------------------------------------------------------------------- 1 | # OSINT (Open Source Intelligence) 2 | 3 | This directory consists of challenges related to `OSINT`. Please follow the guidelines mentioned in the [template](../README.md) while making contributions. -------------------------------------------------------------------------------- /osint/Shaken/300 M.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/osint/Shaken/300 M.jpg -------------------------------------------------------------------------------- /osint/Shaken/README.md: -------------------------------------------------------------------------------- 1 | # Flying Places 2 | 3 | Author: [parthkgh24](https://github.com/parthkgh24) 4 | 5 | ## Description 6 | This is an osint challenge. 7 | 8 | ## Requirements 9 | 10 | - None 11 | 12 | ## Sources 13 | ``` 14 | I love this watch. It's been with me all over the world, from Istanbul to Shanghai to Macau.I wear it with suits quite a lot. My boss liked it too. I remember wearing it when she died. What is her successor's name? 15 | ``` 16 | 17 | 18 | ## Exploit 19 | 20 | The question mentions wearing the watch in Istanbul, Shanghai and Macau. On searching these locations, the results all show flight tickets but on moving in a few more pages, results for Skyfall start to appear. Even quicker if you put the word movie as part of the search history. The suits, along with the death of the boss all point toward James Bond, namely in Skyfall. Once the person is recognized as James Bond, it becomes easy to find his boss in Skyfall (M), and her successor. 21 | 22 | The flag is: 23 | 24 | ``` 25 | csictf{gareth_mallory} 26 | ``` 27 | 28 | -------------------------------------------------------------------------------- /osint/Shaken/challenge.yml: -------------------------------------------------------------------------------- 1 | name: "Shaken" 2 | author: "Parth" 3 | category: "OSINT" 4 | 5 | description: | 6 | I love this watch. It's been with me all over the world, from Istanbul to Shanghai to Macau.I wear it with suits quite a lot. My boss liked it too. I remember wearing it when she died. What is her successor's name? 7 | 8 | value: 500 9 | type: dynamic 10 | 11 | 12 | decay: 450 13 | 14 | 15 | minimum: 100 16 | 17 | flags: 18 | - csictf{gareth_mallory} 19 | 20 | tags: 21 | - "osint" 22 | - "research" 23 | 24 | state: hidden 25 | 26 | version: "0.1" 27 | -------------------------------------------------------------------------------- /osint/Stalin for time/challenge.yml: -------------------------------------------------------------------------------- 1 | name: "Stalin for time" 2 | author: :"Parth" 3 | category: "OSINT" 4 | 5 | description: | 6 | "There are 3 parts to this challenge. Who took it? What was "taken"? 7 | Note The format of the flag is csictf{answer1_answer2}" 8 | 9 | value: 500 10 | type: dynamic 11 | 12 | 13 | decay: 450 14 | 15 | 16 | minimum: 100 17 | 18 | flags: 19 | - csictf{yevgeny_khaldei_adrianov_compass} 20 | 21 | tags: 22 | - "osint" 23 | - "research" 24 | 25 | files: 26 | - "osint/Stalin for time/Stalinfortimewebpage.html" 27 | - "osint/Stalin for time/dwayneanddavid.jpg" 28 | 29 | state: hidden 30 | 31 | version: "0.1" 32 | -------------------------------------------------------------------------------- /osint/Stalin for time/dwayneanddavid.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/osint/Stalin for time/dwayneanddavid.jpg -------------------------------------------------------------------------------- /pwn/Global Warming/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:16.04 2 | 3 | RUN apt-get update -y && apt-get install -y \ 4 | lib32z1 xinetd 5 | 6 | RUN useradd -m ctf 7 | 8 | WORKDIR /home/ctf 9 | 10 | RUN cp -R /lib* /home/ctf && \ 11 | cp -R /usr/lib* /home/ctf 12 | 13 | RUN mkdir /home/ctf/dev && \ 14 | mknod /home/ctf/dev/null c 1 3 && \ 15 | mknod /home/ctf/dev/zero c 1 5 && \ 16 | mknod /home/ctf/dev/random c 1 8 && \ 17 | mknod /home/ctf/dev/urandom c 1 9 && \ 18 | chmod 666 /home/ctf/dev/* 19 | 20 | RUN mkdir /home/ctf/bin && \ 21 | cp /bin/sh /home/ctf/bin && \ 22 | cp /bin/ls /home/ctf/bin && \ 23 | cp /bin/cat /home/ctf/bin 24 | 25 | COPY ./ctf.xinetd /etc/xinetd.d/ctf 26 | COPY ./start.sh /start.sh 27 | RUN echo "Blocked by ctf_xinetd" > /etc/banner_fail 28 | 29 | RUN chmod +x /start.sh 30 | 31 | COPY ./bin/ /home/ctf/ 32 | RUN chown -R root:ctf /home/ctf && \ 33 | chmod -R 750 /home/ctf && \ 34 | chmod 740 /home/ctf/flag.txt 35 | 36 | CMD ["/start.sh"] 37 | 38 | EXPOSE 9999 -------------------------------------------------------------------------------- /pwn/Global Warming/bin/flag.txt: -------------------------------------------------------------------------------- 1 | csictf{n0_5tr1ng5_@tt@ch3d} -------------------------------------------------------------------------------- /pwn/Global Warming/bin/global-warming: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/pwn/Global Warming/bin/global-warming -------------------------------------------------------------------------------- /pwn/Global Warming/bin/global-warming.c: -------------------------------------------------------------------------------- 1 | #include
31 | 32 | The flag is: 33 | 34 | ``` 35 | csivit{Bu!!er_e3pl01ts_ar5_5asy} 36 | ``` 37 | -------------------------------------------------------------------------------- /pwn/Secret Society/bin/flag.txt: -------------------------------------------------------------------------------- 1 | csivit{Bu!!er_e3pl01ts_ar5_5asy} 2 | -------------------------------------------------------------------------------- /pwn/Secret Society/bin/prob.c: -------------------------------------------------------------------------------- 1 | #include
Character Count as a Service
28 | 33 | The Character Count is: " . exec('printf \'' . $text . '\' | wc -c') . ""; 37 | } 38 | ?> 39 | 40 | 41 | -------------------------------------------------------------------------------- /web/CCC/.dockerignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | package-lock.json 3 | README.md 4 | Dockerfile 5 | challenge.yml 6 | -------------------------------------------------------------------------------- /web/CCC/.env: -------------------------------------------------------------------------------- 1 | JWT_SECRET=Th1sSECr3TMu5TN0Tb3L43KEDEv3RRRRRR!!1 2 | -------------------------------------------------------------------------------- /web/CCC/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:12-buster-slim 2 | 3 | WORKDIR /app 4 | COPY package.json . 5 | 6 | ENV NODE_ENV production 7 | ENV PORT 9999 8 | RUN npm install 9 | 10 | COPY . . 11 | 12 | EXPOSE 9999 13 | 14 | CMD ["node", "/app/server.js"] 15 | -------------------------------------------------------------------------------- /web/CCC/challenge.yml: -------------------------------------------------------------------------------- 1 | name: "CCC" 2 | author: "roerohan" 3 | category: Web 4 | 5 | description: | 6 | You can steal a car if you steal its key. 7 | 8 | http://chall.csivit.com:30215 9 | 10 | value: 500 11 | type: dynamic 12 | 13 | decay: 450 14 | minimum: 100 15 | 16 | flags: 17 | - csictf{1n_th3_3nd_1t_d0esn't_3v3n_m4tt3r} 18 | 19 | tags: 20 | - web 21 | 22 | state: hidden 23 | version: "0.1" 24 | 25 | replicas: 2 26 | containers: 27 | server: 28 | build: . 29 | ports: 30 | - containerPort: 9999 31 | 32 | expose: 33 | - containerPort: 9999 34 | nodePort: 30215 -------------------------------------------------------------------------------- /web/CCC/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "auth", 3 | "version": "1.0.0", 4 | "description": "// JWT // Traversal", 5 | "main": "server.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1", 8 | "start": "node server.js" 9 | }, 10 | "author": "", 11 | "license": "ISC", 12 | "dependencies": { 13 | "body-parser": "^1.19.0", 14 | "dotenv": "^8.2.0", 15 | "express": "^4.17.1", 16 | "jsonwebtoken": "^8.5.1" 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /web/CCC/public/admins: -------------------------------------------------------------------------------- 1 | csivitu/authorized_users/blob/master/ -------------------------------------------------------------------------------- /web/CCC/public/font/FuturaPTBold.otf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/font/FuturaPTBold.otf -------------------------------------------------------------------------------- /web/CCC/public/font/FuturaPTBook.otf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/font/FuturaPTBook.otf -------------------------------------------------------------------------------- /web/CCC/public/font/FuturaPTHeavy.otf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/font/FuturaPTHeavy.otf -------------------------------------------------------------------------------- /web/CCC/public/font/FuturaPTLight.otf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/font/FuturaPTLight.otf -------------------------------------------------------------------------------- /web/CCC/public/font/FuturaPTMedium.otf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/font/FuturaPTMedium.otf -------------------------------------------------------------------------------- /web/CCC/public/images/android-icon-144x144.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/android-icon-144x144.png -------------------------------------------------------------------------------- /web/CCC/public/images/android-icon-192x192.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/android-icon-192x192.png -------------------------------------------------------------------------------- /web/CCC/public/images/android-icon-36x36.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/android-icon-36x36.png -------------------------------------------------------------------------------- /web/CCC/public/images/android-icon-48x48.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/android-icon-48x48.png -------------------------------------------------------------------------------- /web/CCC/public/images/android-icon-72x72.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/android-icon-72x72.png -------------------------------------------------------------------------------- /web/CCC/public/images/android-icon-96x96.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/android-icon-96x96.png -------------------------------------------------------------------------------- /web/CCC/public/images/apple-icon-114x114.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/apple-icon-114x114.png -------------------------------------------------------------------------------- /web/CCC/public/images/apple-icon-120x120.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/apple-icon-120x120.png -------------------------------------------------------------------------------- /web/CCC/public/images/apple-icon-144x144.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/apple-icon-144x144.png -------------------------------------------------------------------------------- /web/CCC/public/images/apple-icon-152x152.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/apple-icon-152x152.png -------------------------------------------------------------------------------- /web/CCC/public/images/apple-icon-180x180.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/apple-icon-180x180.png -------------------------------------------------------------------------------- /web/CCC/public/images/apple-icon-57x57.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/apple-icon-57x57.png -------------------------------------------------------------------------------- /web/CCC/public/images/apple-icon-60x60.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/apple-icon-60x60.png -------------------------------------------------------------------------------- /web/CCC/public/images/apple-icon-72x72.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/apple-icon-72x72.png -------------------------------------------------------------------------------- /web/CCC/public/images/apple-icon-76x76.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/apple-icon-76x76.png -------------------------------------------------------------------------------- /web/CCC/public/images/apple-icon-precomposed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/apple-icon-precomposed.png -------------------------------------------------------------------------------- /web/CCC/public/images/apple-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/apple-icon.png -------------------------------------------------------------------------------- /web/CCC/public/images/bearbrand.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/bearbrand.jpg -------------------------------------------------------------------------------- /web/CCC/public/images/blog-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/blog-icon.png -------------------------------------------------------------------------------- /web/CCC/public/images/brandname.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/brandname.jpg -------------------------------------------------------------------------------- /web/CCC/public/images/designer.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/designer.jpg -------------------------------------------------------------------------------- /web/CCC/public/images/digital-marketing.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/digital-marketing.jpg -------------------------------------------------------------------------------- /web/CCC/public/images/ds-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/ds-logo.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicon-16x16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicon-16x16.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicon-32x32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicon-32x32.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicon-96x96.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicon-96x96.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicon.ico -------------------------------------------------------------------------------- /web/CCC/public/images/favicons/android-icon-144x144.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicons/android-icon-144x144.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicons/android-icon-192x192.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicons/android-icon-192x192.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicons/android-icon-36x36.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicons/android-icon-36x36.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicons/android-icon-48x48.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicons/android-icon-48x48.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicons/android-icon-72x72.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicons/android-icon-72x72.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicons/android-icon-96x96.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicons/android-icon-96x96.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicons/apple-icon-114x114.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicons/apple-icon-114x114.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicons/apple-icon-120x120.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicons/apple-icon-120x120.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicons/apple-icon-144x144.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicons/apple-icon-144x144.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicons/apple-icon-152x152.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicons/apple-icon-152x152.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicons/apple-icon-180x180.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicons/apple-icon-180x180.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicons/apple-icon-57x57.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicons/apple-icon-57x57.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicons/apple-icon-60x60.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicons/apple-icon-60x60.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicons/apple-icon-72x72.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicons/apple-icon-72x72.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicons/apple-icon-76x76.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicons/apple-icon-76x76.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicons/apple-icon-precomposed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicons/apple-icon-precomposed.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicons/apple-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/csivitu/ctf-challenges/33ef02b4ecec332c6e7d5f5511a930747645ba8f/web/CCC/public/images/favicons/apple-icon.png -------------------------------------------------------------------------------- /web/CCC/public/images/favicons/browserconfig.xml: -------------------------------------------------------------------------------- 1 | 2 |23 | 24 | The flag is: 25 | 26 | ``` 27 | csictf{w3lc0me_t0_csictf} 28 | ``` -------------------------------------------------------------------------------- /web/Cascade/challenge.yml: -------------------------------------------------------------------------------- 1 | name: "Cascade" 2 | author: "roerohan" 3 | category: Web 4 | 5 | description: | 6 | Welcome to csictf. 7 | 8 | http://chall.csivit.com:30203 9 | 10 | value: 500 11 | type: dynamic 12 | 13 | decay: 450 14 | minimum: 100 15 | 16 | flags: 17 | - csictf{w3lc0me_t0_csictf} 18 | 19 | tags: 20 | - web 21 | 22 | state: hidden 23 | version: "0.1" 24 | 25 | replicas: 1 26 | containers: 27 | server: 28 | build: . 29 | ports: 30 | - containerPort: 9999 31 | 32 | expose: 33 | - containerPort: 9999 34 | nodePort: 30203 -------------------------------------------------------------------------------- /web/Cascade/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "cascade", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "server.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1", 8 | "start": "node server.js" 9 | }, 10 | "author": "", 11 | "license": "ISC", 12 | "dependencies": { 13 | "express": "^4.17.1" 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /web/Cascade/public/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 |
Welcome to csictf
12 |ctftime: https://ctftime.org/event/1081
13 | csictf: https://ctf.csivit.com
14 |
15 |
--------------------------------------------------------------------------------
/web/Cascade/public/style.css:
--------------------------------------------------------------------------------
1 | body {
2 | background-color: purple;
3 | text-align: center;
4 | display: flex;
5 | align-items: center;
6 | flex-direction: column;
7 | }
8 |
9 | h1, div, a {
10 | /* csictf{w3lc0me_t0_csictf} */
11 | color: white;
12 | font-size: 3rem;
13 | }
--------------------------------------------------------------------------------
/web/Cascade/server.js:
--------------------------------------------------------------------------------
1 | const express = require('express');
2 | const path = require('path');
3 |
4 | const app = express();
5 | const PORT = process.env.PORT || 3000;
6 |
7 | app.listen(PORT, () => {
8 | console.log(`Listening on PORT ${PORT}`)
9 | })
10 |
11 | app.use('/static', express.static(path.join(__dirname, 'public')));
12 |
13 | app.use('/', (req, res) => {
14 | res.sendFile(path.join(__dirname, 'public', 'index.html'));
15 | });
16 |
--------------------------------------------------------------------------------
/web/File Library/.dockerignore:
--------------------------------------------------------------------------------
1 | node_modules
2 | package-lock.json
3 | README.md
4 | Dockerfile
5 | challenge.yml
6 |
--------------------------------------------------------------------------------
/web/File Library/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM node:12-buster-slim
2 |
3 | WORKDIR /app
4 | COPY package.json .
5 |
6 | ENV NODE_ENV production
7 | ENV PORT 9999
8 | RUN npm install
9 |
10 | COPY . .
11 |
12 | EXPOSE 9999
13 |
14 | CMD ["node", "/app/server.js"]
15 |
--------------------------------------------------------------------------------
/web/File Library/a.cpp:
--------------------------------------------------------------------------------
1 | #include 28 | 29 | When you open the website, it serves the `index.html` file, which has content written about `Brobot`, again trying to put across `robots.txt`. When you visit `robots.txt`, you see: 30 | 31 | ``` 32 | # Hey there, you're not a robot, yet I see you sniffing through this file. 33 | # SEO you later! 34 | # Now get off my lawn. 35 | 36 | Disallow: /fade/to/black 37 | ``` 38 | 39 | When you visit the disallowed route, you get the flag! 40 |
41 | 42 | The flag is: 43 | 44 | ``` 45 | csictf{br0b0t_1s_pr3tty_c00l_1_th1nk} 46 | ``` 47 | -------------------------------------------------------------------------------- /web/Mr Rami/challenge.yml: -------------------------------------------------------------------------------- 1 | name: "Mr Rami" 2 | author: "roerohan" 3 | category: Web 4 | 5 | description: | 6 | "People who get violent get that way because they can’t communicate." 7 | 8 | http://chall.csivit.com:30231 9 | 10 | value: 500 11 | type: dynamic 12 | 13 | decay: 450 14 | minimum: 100 15 | 16 | flags: 17 | - csictf{br0b0t_1s_pr3tty_c00l_1_th1nk} 18 | 19 | tags: 20 | - web 21 | 22 | state: hidden 23 | version: "0.1" 24 | 25 | replicas: 2 26 | containers: 27 | server: 28 | build: . 29 | ports: 30 | - containerPort: 9999 31 | 32 | expose: 33 | - containerPort: 9999 34 | nodePort: 30231 -------------------------------------------------------------------------------- /web/Mr Rami/flag.txt: -------------------------------------------------------------------------------- 1 | csictf{br0b0t_1s_pr3tty_c00l_1_th1nk} -------------------------------------------------------------------------------- /web/Mr Rami/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 |
BroBot
13 |
15 | 16 |
18 |
19 |
20 | It's not a bot, it's BroBot! BroBot is a telegram chatbot developed in Python which serves a single platform for
21 | various functions. This bot isn't just like your regular bots, it can be sarcastic and funny too. It can bring
22 | you updates on COVID-19 with just a single command. Not only does it send you memes, it can also run shell
23 | commands from the chat. Feeling lazy? BroBot can also help you solve your math homework! You can use this
24 | customised bot to get updates from future CSI events too.
25 |
26 | 27 | Checkout BroBot here: https://github.com/csivitu/BroBot 28 |
29 |
30 |
31 |
--------------------------------------------------------------------------------
/web/Mr Rami/requirements.txt:
--------------------------------------------------------------------------------
1 | flask
--------------------------------------------------------------------------------
/web/Mr Rami/robots.txt:
--------------------------------------------------------------------------------
1 | # Hey there, you're not a robot, yet I see you sniffing through this file.
2 | # SEO you later!
3 | # Now get off my lawn.
4 |
5 | Disallow: /fade/to/black
--------------------------------------------------------------------------------
/web/Mr Rami/server.py:
--------------------------------------------------------------------------------
1 | from flask import Flask, send_from_directory
2 | from os import getenv
3 | app = Flask(__name__)
4 |
5 | @app.route('/')
6 | def home():
7 | return send_from_directory('.', 'index.html')
8 |
9 | @app.route('/robots.txt')
10 | def static_from_root():
11 | return send_from_directory('.', 'robots.txt')
12 |
13 | @app.route('/fade/to/black')
14 | def flag():
15 | return send_from_directory('.', 'flag.txt')
16 |
17 | if __name__ == '__main__':
18 | app.run(host='0.0.0.0', port=getenv('PORT'))
19 |
--------------------------------------------------------------------------------
/web/Oreo/.dockerignore:
--------------------------------------------------------------------------------
1 | challenge.yml
2 | node_modules
3 | package-lock.json
4 | README.md
5 | Dockerfile
--------------------------------------------------------------------------------
/web/Oreo/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM node:12-buster-slim
2 |
3 | WORKDIR /app
4 | COPY package.json .
5 |
6 | ENV NODE_ENV production
7 | ENV PORT 9999
8 | RUN npm install
9 |
10 | COPY . .
11 |
12 | EXPOSE 9999
13 |
14 | CMD ["node", "/app/server.js"]
15 |
--------------------------------------------------------------------------------
/web/Oreo/README.md:
--------------------------------------------------------------------------------
1 | # Oreo
2 |
3 | Author: [AJ1479](https://github.com/AJ1479)
4 |
5 | ## Description
6 |
7 | This is a simple cookie-changing web challenge.
8 |
9 | ## Requirements
10 |
11 | - [Dockerfile](./Dockerfile)
12 |
13 | ## Sources
14 |
15 | ```
16 | My nephew is a fussy eater and is only willing to eat chocolate oreo. Any other flavour and he throws a tantrum.
17 | ```
18 |
19 | ## Exploit
20 |
21 | You just need to change the cookie value to the base64 value of "chocolate".
22 |
23 | 26 | 27 | Checkout BroBot here: https://github.com/csivitu/BroBot 28 |
24 | 25 | The flag is: 26 | 27 | ``` 28 | csictf{1ick_twi5t_dunk} 29 | ``` -------------------------------------------------------------------------------- /web/Oreo/challenge.yml: -------------------------------------------------------------------------------- 1 | name: "Oreo" 2 | author: "AJ1479" 3 | category: Web 4 | 5 | description: | 6 | My nephew is a fussy eater and is only willing to eat chocolate oreo. Any other flavour and he throws a tantrum. 7 | 8 | http://chall.csivit.com:30243 9 | 10 | 11 | value: 500 12 | type: dynamic 13 | 14 | decay: 450 15 | minimum: 100 16 | 17 | flags: 18 | - csictf{1ick_twi5t_dunk} 19 | 20 | tags: 21 | - web 22 | 23 | state: hidden 24 | version: "0.1" 25 | 26 | replicas: 2 27 | containers: 28 | server: 29 | build: . 30 | ports: 31 | - containerPort: 9999 32 | 33 | expose: 34 | - containerPort: 9999 35 | nodePort: 30243 -------------------------------------------------------------------------------- /web/Oreo/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "oreo", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "server.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1", 8 | "start": "node server.js" 9 | }, 10 | "author": "", 11 | "license": "ISC", 12 | "dependencies": { 13 | "cookie-parser": "^1.4.5", 14 | "express": "^4.17.1" 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /web/Oreo/public/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 |
My nephew is a fussy eater and is only willing to eat chocolate oreo. Any other flavour and he throws a tantrum.
10 |
11 |
--------------------------------------------------------------------------------
/web/Oreo/server.js:
--------------------------------------------------------------------------------
1 | const express = require('express');
2 | const path = require('path');
3 | const cookieParser = require('cookie-parser');
4 |
5 | const app = express();
6 |
7 | const PORT = process.env.PORT || 3000;
8 |
9 | app.use(cookieParser());
10 |
11 | app.listen(PORT, () => {
12 | console.log(`Listening on port ${PORT}`);
13 | });
14 |
15 | app.get('/', (req, res) => {
16 | const cookie = req.cookies.flavour;
17 | if (cookie === 'Y2hvY29sYXRl') {
18 | res.send('csictf{1ick_twi5t_dunk}');
19 | return;
20 | }
21 | res.cookie('flavour','c3RyYXdiZXJyeQ==');
22 | res.sendFile(path.join(__dirname, 'public', 'index.html'));
23 | });
24 |
--------------------------------------------------------------------------------
/web/README.md:
--------------------------------------------------------------------------------
1 | # Web
2 |
3 | This directory consists of challenges related to `Web`. Please follow the guidelines mentioned in the [template](../README.md) while making contributions.
--------------------------------------------------------------------------------
/web/Secure Portal/.dockerignore:
--------------------------------------------------------------------------------
1 | node_modules
2 | package-lock.json
3 | README.md
4 | Dockerfile
5 | challenge.yml
6 |
--------------------------------------------------------------------------------
/web/Secure Portal/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM node:12-buster-slim
2 |
3 | WORKDIR /app
4 | COPY package.json .
5 |
6 | ENV NODE_ENV production
7 | ENV PORT 9999
8 | RUN npm install
9 |
10 | COPY . .
11 |
12 | EXPOSE 9999
13 |
14 | CMD ["node", "/app/server.js"]
15 |
--------------------------------------------------------------------------------
/web/Secure Portal/challenge.yml:
--------------------------------------------------------------------------------
1 | name: "Secure Portal"
2 | author: "ashikka"
3 | category: Web
4 |
5 | description: |
6 | This is a super secure portal with a really unusual HTML file. Try to login.
7 |
8 | http://chall.csivit.com:30281
9 |
10 | value: 500
11 | type: dynamic
12 |
13 | decay: 450
14 | minimum: 100
15 |
16 | flags:
17 | - csictf{l3t_m3_c0nfus3_y0u}
18 |
19 | tags:
20 | - web
21 |
22 | state: hidden
23 | version: "0.1"
24 |
25 | replicas: 2
26 | containers:
27 | server:
28 | build: .
29 | ports:
30 | - containerPort: 9999
31 |
32 | expose:
33 | - containerPort: 9999
34 | nodePort: 30281
--------------------------------------------------------------------------------
/web/Secure Portal/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "portal",
3 | "version": "1.0.0",
4 | "description": "",
5 | "main": "index.js",
6 | "scripts": {
7 | "test": "echo \"Error: no test specified\" && exit 1",
8 | "serve": "nodemon server.js"
9 | },
10 | "author": "",
11 | "license": "ISC",
12 | "dependencies": {
13 | "body-parser": "^1.19.0",
14 | "ejs": "^3.1.3",
15 | "express": "^4.17.1"
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/web/Secure Portal/server.js:
--------------------------------------------------------------------------------
1 | const express = require('express');
2 | const bodyParser = require('body-parser');
3 |
4 | const app = express();
5 | app.use(bodyParser.urlencoded({extended: true}));
6 |
7 | app.set("view engine", "ejs");
8 | app.use('/static', express.static('public'));
9 |
10 | app.get('/', (req, res) => {
11 | res.render('index');
12 | })
13 |
14 | app.post('/', (req, res) => {
15 | var password = req.body.password;
16 | if (password === '5W$Fbb=+nBE*pg4t^7M') {
17 | res.send('csictf{l3t_m3_c0nfus3_y0u}');
18 | } else {
19 | res.send('Failed! Try again.')
20 | }
21 | });
22 |
23 | app.listen(process.env.PORT || 3000, (req, res) => {
24 | console.log(`Listening on port ${
25 | process.env.PORT || 3000
26 | }`);
27 | })
28 |
--------------------------------------------------------------------------------
/web/The Confused Deputy/.dockerignore:
--------------------------------------------------------------------------------
1 | node_modules
2 | package-lock.json
3 | README.md
4 | Dockerfile
5 | challenge.yml
--------------------------------------------------------------------------------
/web/The Confused Deputy/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM node:12-buster-slim
2 |
3 | RUN mkdir /ctf
4 | WORKDIR /ctf
5 | RUN useradd -M -d /ctf ctf
6 |
7 | RUN apt-get update \
8 | && apt-get install -y wget gnupg ca-certificates \
9 | && wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
10 | && sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' \
11 | && apt-get update \
12 | # We install Chrome to get all the OS level dependencies, but Chrome itself
13 | # is not actually used as it's packaged in the node puppeteer library.
14 | # Alternatively, we could could include the entire dep list ourselves
15 | # (https://github.com/puppeteer/puppeteer/blob/master/docs/troubleshooting.md#chrome-headless-doesnt-launch-on-unix)
16 | # but that seems too easy to get out of date.
17 | && apt-get install -y google-chrome-stable \
18 | && rm -rf /var/lib/apt/lists/* \
19 | && wget --quiet https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh -O /usr/sbin/wait-for-it.sh \
20 | && chmod +x /usr/sbin/wait-for-it.sh
21 |
22 | COPY package.json .
23 |
24 | ENV NODE_ENV production
25 | # ENV DOMAIN chall.csivit.com:20000
26 | ENV FLAG csictf{cssxss}
27 | ENV PORT 9999
28 | RUN npm install
29 |
30 | COPY . .
31 |
32 | EXPOSE 9999
33 |
34 | USER ctf
35 |
36 | CMD ["node", "/ctf/server.js"]
37 |
--------------------------------------------------------------------------------
/web/The Confused Deputy/challenge.yml:
--------------------------------------------------------------------------------
1 | name: "The Confused Deputy"
2 | author: "roerohan"
3 | category: Web
4 |
5 | description: |
6 | Wow that's a pretty color! Don't you think? Pick your favourite and show it to the admin on /admin.
7 |
8 | http://chall.csivit.com:30256
9 |
10 | value: 500
11 | type: dynamic
12 |
13 | decay: 450
14 | minimum: 100
15 |
16 | flags:
17 | - csictf{cssxss}
18 |
19 | tags:
20 | - web
21 |
22 | state: hidden
23 | version: "0.1"
24 |
25 | replicas: 2
26 | containers:
27 | server:
28 | build: .
29 | ports:
30 | - containerPort: 9999
31 | resources:
32 | limits:
33 | cpu: 500m
34 | memory: 1000Mi
35 | requests:
36 | cpu: 10m
37 | memory: 30Mi
38 |
39 | expose:
40 | - containerPort: 9999
41 | nodePort: 30256
--------------------------------------------------------------------------------
/web/The Confused Deputy/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "xss",
3 | "version": "1.0.0",
4 | "description": "",
5 | "main": "server.js",
6 | "scripts": {
7 | "test": "echo \"Error: no test specified\" && exit 1",
8 | "start": "node server.js"
9 | },
10 | "author": "",
11 | "license": "ISC",
12 | "dependencies": {
13 | "express": "^4.17.1",
14 | "puppeteer": "^5.0.0"
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/web/The Confused Deputy/views/admin.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 | csictf Admin
11 |The admin would love to see your favourite color! You can send it to him via this form.
12 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /web/The Confused Deputy/visitor.js: -------------------------------------------------------------------------------- 1 | const puppeteer = require('puppeteer'); 2 | 3 | const FLAG = process.env.FLAG || 'csictf{fake_flag}'; 4 | async function run(url, host, color) { 5 | const { hostname, port } = new URL(url); 6 | 7 | if (`${hostname}:${port}` !== host) { 8 | return false; 9 | } 10 | 11 | const browser = await puppeteer.launch(); 12 | try { 13 | const page = await browser.newPage(); 14 | await page.setCookie({ 15 | 'name': 'password', 16 | 'value': FLAG, 17 | 'domain': hostname, 18 | }); 19 | await page.goto(url); 20 | 21 | await page.waitFor('input[type=password]'); 22 | await page.waitForSelector('#colorize'); 23 | await page.waitForSelector('#submit'); 24 | await page.evaluate((color) => { 25 | document.getElementsByTagName('input')[1].value = color; 26 | document.getElementById('submit').click(); 27 | }, color); 28 | await page.waitFor(1000); 29 | return true; 30 | } catch (e) { 31 | return false; 32 | } finally { 33 | await browser.close(); 34 | } 35 | } 36 | 37 | module.exports = run; 38 | -------------------------------------------------------------------------------- /web/The Usual Suspects/.dockerignore: -------------------------------------------------------------------------------- 1 | Dockerfile 2 | README.md 3 | challenge.yml 4 | -------------------------------------------------------------------------------- /web/The Usual Suspects/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:3.7-slim 2 | RUN pip install tornado 3 | WORKDIR /ctf 4 | COPY . . 5 | RUN useradd -M ctf 6 | RUN chown -R root:root /ctf 7 | RUN chmod -R 700 /ctf 8 | CMD ["python", "server.py"] 9 | EXPOSE 9999 -------------------------------------------------------------------------------- /web/The Usual Suspects/challenge.yml: -------------------------------------------------------------------------------- 1 | name: "The Usual Suspects" 2 | author: "SrishtiGohain" 3 | category: Web 4 | 5 | description: | 6 | You may think I walk with no 'name' because it can be changed whenever I want. I am a 'person' whose 'secret' can never be found. Can you find this 'person's 'secret'? 7 | 8 | http://chall.csivit.com:30279 9 | 10 | 11 | value: 500 12 | type: dynamic 13 | 14 | decay: 450 15 | minimum: 100 16 | 17 | flags: 18 | - csictf{h3r3_i_4m} 19 | 20 | tags: 21 | - web 22 | 23 | state: hidden 24 | version: "0.1" 25 | 26 | replicas: 2 27 | containers: 28 | server: 29 | build: . 30 | ports: 31 | - containerPort: 9999 32 | 33 | expose: 34 | - containerPort: 9999 35 | nodePort: 30279 -------------------------------------------------------------------------------- /web/The Usual Suspects/cs.txt: -------------------------------------------------------------------------------- 1 | MangoDB 2 | -------------------------------------------------------------------------------- /web/The Usual Suspects/rf.txt: -------------------------------------------------------------------------------- 1 | csictf{h3r3_i_4m} -------------------------------------------------------------------------------- /web/Warm Up/.dockerignore: -------------------------------------------------------------------------------- 1 | README.md 2 | Dockerfile 3 | challenge.yml -------------------------------------------------------------------------------- /web/Warm Up/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:7.4-apache 2 | 3 | # Use the default production configuration 4 | RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini" 5 | COPY . /var/www/html -------------------------------------------------------------------------------- /web/Warm Up/challenge.yml: -------------------------------------------------------------------------------- 1 | name: "Warm Up" 2 | author: "roerohan" 3 | category: Web 4 | 5 | description: | 6 | If you know, you know; otherwise you might waste a lot of time. 7 | 8 | http://chall.csivit.com:30272 9 | 10 | value: 500 11 | type: dynamic 12 | 13 | decay: 450 14 | minimum: 100 15 | 16 | flags: 17 | - csictf{typ3_juggl1ng_1n_php} 18 | 19 | tags: 20 | - web 21 | 22 | state: hidden 23 | version: "0.1" 24 | 25 | replicas: 2 26 | containers: 27 | server: 28 | build: . 29 | ports: 30 | - containerPort: 80 31 | 32 | expose: 33 | - containerPort: 80 34 | nodePort: 30272 35 | -------------------------------------------------------------------------------- /web/Warm Up/flag.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /web/Warm Up/index.php: -------------------------------------------------------------------------------- 1 | 21 | --------------------------------------------------------------------------------