├── README.md
├── crypto
├── babyrng
│ ├── challenge-handout
│ │ ├── Dockerfile
│ │ ├── output.txt
│ │ └── source.hs
│ ├── challenge-solution
│ │ ├── solution.md
│ │ └── solve.py
│ ├── challenge-src
│ └── challenge.yaml
├── curved-mvm
│ ├── challenge-handout
│ ├── challenge-solution
│ │ ├── server.py
│ │ └── solve.sage
│ ├── challenge-src
│ │ ├── Dockerfile
│ │ ├── fast.py
│ │ └── server.py
│ └── challenge.yaml
├── fastcrypto
│ ├── challenge-handout
│ │ ├── CMakeLists.txt
│ │ ├── Makefile
│ │ ├── chall.py
│ │ └── nttmul.cpp
│ ├── challenge-solution
│ │ ├── soln.md
│ │ └── solve.py
│ ├── challenge-src
│ │ ├── CMakeLists.txt
│ │ ├── Dockerfile
│ │ ├── Makefile
│ │ ├── SECRET.py
│ │ ├── chall.py
│ │ └── nttmul.cpp
│ └── challenge.yaml
├── man_vs_matrix
│ ├── challenge-handout
│ ├── challenge-solution
│ │ └── solution.sage
│ ├── challenge-src
│ │ └── challenge.py
│ └── challenge.yaml
├── much-vulnerable-machine-1
│ ├── challenge-handout
│ │ ├── .gitignore
│ │ ├── api
│ │ │ ├── Dockerfile
│ │ │ ├── mvmcryption
│ │ │ │ ├── __init__.py
│ │ │ │ ├── app.py
│ │ │ │ ├── auth.py
│ │ │ │ ├── crypto
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── cipher.py
│ │ │ │ │ ├── ecdsa.py
│ │ │ │ │ └── jwt.py
│ │ │ │ ├── db
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── db.py
│ │ │ │ │ └── users.py
│ │ │ │ ├── environ.py
│ │ │ │ ├── resp.py
│ │ │ │ ├── routers
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── auth.py
│ │ │ │ │ ├── crypto.py
│ │ │ │ │ └── users.py
│ │ │ │ └── utils.py
│ │ │ ├── poetry.lock
│ │ │ ├── pyproject.toml
│ │ │ └── tests
│ │ │ │ ├── __init__.py
│ │ │ │ ├── test_cipher.py
│ │ │ │ └── test_ecdsa.py
│ │ └── compose.yaml
│ ├── challenge-solution
│ │ ├── solve.py
│ │ └── solve.sh
│ ├── challenge-src
│ │ ├── .gitignore
│ │ ├── api
│ │ │ ├── Dockerfile
│ │ │ ├── README.md
│ │ │ ├── mvmcryption
│ │ │ │ ├── __init__.py
│ │ │ │ ├── app.py
│ │ │ │ ├── auth.py
│ │ │ │ ├── crypto
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── cipher.py
│ │ │ │ │ ├── ecdsa.py
│ │ │ │ │ └── jwt.py
│ │ │ │ ├── db
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── db.py
│ │ │ │ │ └── users.py
│ │ │ │ ├── environ.py
│ │ │ │ ├── resp.py
│ │ │ │ ├── routers
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── auth.py
│ │ │ │ │ ├── crypto.py
│ │ │ │ │ └── users.py
│ │ │ │ └── utils.py
│ │ │ ├── poetry.lock
│ │ │ ├── pyproject.toml
│ │ │ └── tests
│ │ │ │ ├── __init__.py
│ │ │ │ ├── test_cipher.py
│ │ │ │ └── test_ecdsa.py
│ │ └── compose.yaml
│ └── challenge.yaml
├── much-vulnerable-machine-2
│ ├── challenge-handout
│ │ ├── .gitignore
│ │ ├── api
│ │ │ ├── Dockerfile
│ │ │ ├── mvmcryption
│ │ │ │ ├── __init__.py
│ │ │ │ ├── app.py
│ │ │ │ ├── auth.py
│ │ │ │ ├── crypto
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── cipher.py
│ │ │ │ │ ├── ecdsa.py
│ │ │ │ │ ├── jwt.py
│ │ │ │ │ └── rsa.py
│ │ │ │ ├── db
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── db.py
│ │ │ │ │ └── users.py
│ │ │ │ ├── environ.py
│ │ │ │ ├── resp.py
│ │ │ │ ├── routers
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── auth.py
│ │ │ │ │ ├── crypto.py
│ │ │ │ │ └── users.py
│ │ │ │ └── utils.py
│ │ │ ├── poetry.lock
│ │ │ ├── pyproject.toml
│ │ │ └── tests
│ │ │ │ ├── __init__.py
│ │ │ │ ├── test_cipher.py
│ │ │ │ └── test_ecdsa.py
│ │ └── compose.yaml
│ ├── challenge-solution
│ │ ├── solve.py
│ │ └── solve.sh
│ ├── challenge-src
│ │ ├── .gitignore
│ │ ├── api
│ │ │ ├── Dockerfile
│ │ │ ├── README.md
│ │ │ ├── mvmcryption
│ │ │ │ ├── __init__.py
│ │ │ │ ├── app.py
│ │ │ │ ├── auth.py
│ │ │ │ ├── crypto
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── cipher.py
│ │ │ │ │ ├── ecdsa.py
│ │ │ │ │ ├── jwt.py
│ │ │ │ │ └── rsa.py
│ │ │ │ ├── db
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── db.py
│ │ │ │ │ └── users.py
│ │ │ │ ├── environ.py
│ │ │ │ ├── resp.py
│ │ │ │ ├── routers
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── auth.py
│ │ │ │ │ ├── crypto.py
│ │ │ │ │ └── users.py
│ │ │ │ └── utils.py
│ │ │ ├── poetry.lock
│ │ │ ├── pyproject.toml
│ │ │ └── tests
│ │ │ │ ├── __init__.py
│ │ │ │ ├── test_cipher.py
│ │ │ │ └── test_ecdsa.py
│ │ └── compose.yaml
│ └── challenge.yaml
├── much-vulnerable-machine-3
│ ├── challenge-handout
│ │ ├── .gitignore
│ │ ├── api
│ │ │ ├── Dockerfile
│ │ │ ├── mvmcryption
│ │ │ │ ├── __init__.py
│ │ │ │ ├── app.py
│ │ │ │ ├── auth.py
│ │ │ │ ├── crypto
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── cipher.py
│ │ │ │ │ ├── ecdsa.py
│ │ │ │ │ ├── jwt.py
│ │ │ │ │ └── rsa.py
│ │ │ │ ├── db
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── db.py
│ │ │ │ │ └── users.py
│ │ │ │ ├── environ.py
│ │ │ │ ├── resp.py
│ │ │ │ ├── routers
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── auth.py
│ │ │ │ │ ├── crypto.py
│ │ │ │ │ └── users.py
│ │ │ │ └── utils.py
│ │ │ ├── poetry.lock
│ │ │ ├── pyproject.toml
│ │ │ └── tests
│ │ │ │ ├── __init__.py
│ │ │ │ ├── test_cipher.py
│ │ │ │ └── test_ecdsa.py
│ │ └── compose.yaml
│ ├── challenge-solution
│ │ ├── solve.py
│ │ └── solve.sh
│ ├── challenge-src
│ │ ├── .gitignore
│ │ ├── api
│ │ │ ├── Dockerfile
│ │ │ ├── README.md
│ │ │ ├── mvmcryption
│ │ │ │ ├── __init__.py
│ │ │ │ ├── app.py
│ │ │ │ ├── auth.py
│ │ │ │ ├── crypto
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── cipher.py
│ │ │ │ │ ├── ecdsa.py
│ │ │ │ │ ├── jwt.py
│ │ │ │ │ └── rsa.py
│ │ │ │ ├── db
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── db.py
│ │ │ │ │ └── users.py
│ │ │ │ ├── environ.py
│ │ │ │ ├── resp.py
│ │ │ │ ├── routers
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── auth.py
│ │ │ │ │ ├── crypto.py
│ │ │ │ │ └── users.py
│ │ │ │ └── utils.py
│ │ │ ├── poetry.lock
│ │ │ ├── pyproject.toml
│ │ │ └── tests
│ │ │ │ ├── __init__.py
│ │ │ │ ├── test_cipher.py
│ │ │ │ └── test_ecdsa.py
│ │ └── compose.yaml
│ └── challenge.yaml
├── rubiks-dsa
│ ├── challenge-handout
│ │ ├── chall.sage
│ │ ├── out.txt
│ │ └── permutation.txt
│ ├── challenge-solution
│ │ └── sol.sage
│ ├── challenge-src
│ └── challenge.yaml
└── sourceless-crypto
│ ├── challenge-solution
│ ├── solution.md
│ └── solve.py
│ ├── challenge-src
│ ├── Dockerfile
│ └── chall.py
│ └── challenge.yaml
├── misc
├── count-the-mvms
│ ├── challenge-solution
│ │ ├── mvm_pattern.png
│ │ ├── solution.md
│ │ └── solve_script.py
│ └── challenge.yaml
├── foundations
│ └── challenge.yaml
├── hydraulic-press
│ ├── challenge-handout
│ │ └── flag.txt
│ ├── challenge-solution
│ │ ├── go.mod
│ │ └── main.go
│ ├── challenge-src
│ │ ├── go.mod
│ │ └── main.go
│ └── challenge.yaml
├── mvm
│ ├── challenge-handout
│ │ └── mvm.txt
│ ├── challenge-solution
│ │ └── solution.md
│ └── challenge.yaml
├── omnibius
│ ├── challenge-handout
│ │ ├── 519814-omnibious-pocket-computer-rev1-0.pdf
│ │ └── dump.rom
│ ├── challenge-solution
│ │ ├── dump.rom
│ │ └── solve_script.py
│ └── challenge.yaml
├── p11n-trophy
│ ├── challenge-src
│ │ ├── Dockerfile
│ │ ├── MonsieurLaDoulaise-Regular.ttf
│ │ ├── app.py
│ │ ├── mvm_pattern.png
│ │ ├── requirements.txt
│ │ ├── vvv_pattern.png
│ │ ├── wvw_pattern.png
│ │ └── x3_transparent.png
│ └── challenge.yaml
├── redacted
│ ├── challenge-handout
│ │ ├── how_to_check.png
│ │ ├── readme.txt
│ │ └── redacted.zip
│ ├── challenge-solution
│ │ ├── c1b53be672aac192a996.woff2
│ │ ├── corrected.png
│ │ ├── solution.md
│ │ └── solve.html
│ └── challenge.yaml
├── secure-snek
│ ├── challenge-handout
│ │ ├── auth.py
│ │ ├── main.py
│ │ └── output.txt
│ ├── challenge-solution
│ │ └── description and solution.txt
│ ├── challenge-src
│ │ ├── __pycache__
│ │ │ └── auth.cpython-312.pyc
│ │ ├── auth.py
│ │ ├── auth_orig.py
│ │ └── main.py
│ └── challenge.yaml
├── trophy-plus
│ └── challenge.yaml
└── trophy-plus64
│ └── challenge.yaml
├── pwn
├── devnull-as-a-service
│ ├── challenge-handout
│ │ ├── Dockerfile
│ │ ├── dev_null
│ │ ├── docker-compose.yml
│ │ ├── flag.txt
│ │ └── ynetd
│ ├── challenge-solution
│ │ └── solution.py
│ ├── challenge-src
│ │ ├── Dockerfile
│ │ ├── dev_null
│ │ ├── docker-compose.yml
│ │ ├── flag.txt
│ │ └── ynetd
│ └── challenge.yaml
├── pwny-heap
│ ├── challenge-handout
│ │ ├── Dockerfile
│ │ ├── flag.txt
│ │ ├── libc-2.35.so
│ │ └── pwny-heap
│ ├── challenge-solution
│ │ ├── Dockerfile
│ │ ├── exploit.py
│ │ ├── flag.txt
│ │ ├── libc-2.35.so
│ │ └── pwny-heap
│ ├── challenge-src
│ │ ├── Dockerfile
│ │ ├── flag.txt
│ │ └── pwny-heap
│ └── challenge.yaml
└── secure-sandbox
│ ├── challenge-handout
│ ├── Dockerfile
│ ├── chall
│ └── flag
│ ├── challenge-solution
│ ├── Dockerfile
│ ├── Makefile
│ ├── chall
│ ├── flag
│ ├── flagGenerator.py
│ ├── main.c
│ └── solve.py
│ ├── challenge-src
│ ├── Dockerfile
│ ├── chall
│ └── flag
│ └── challenge.yaml
├── rev
├── keystore-rs
│ ├── challenge-handout
│ │ └── keystore-rs
│ ├── challenge-solution
│ │ └── SOLUTION.md
│ ├── challenge-src
│ │ ├── Cargo.lock
│ │ ├── Cargo.toml
│ │ └── src
│ │ │ └── main.rs
│ └── challenge.yaml
├── netmsg-1
│ ├── challenge-handout
│ │ ├── netmsg_darwin_amd64
│ │ ├── netmsg_darwin_arm64
│ │ ├── netmsg_linux_386
│ │ ├── netmsg_linux_amd64
│ │ ├── netmsg_linux_arm64
│ │ ├── netmsg_windows_386
│ │ ├── netmsg_windows_amd64
│ │ └── netmsg_windows_arm64
│ ├── challenge-solution
│ │ ├── README.txt
│ │ ├── flag1.py
│ │ └── requirements.txt
│ ├── challenge-src
│ │ ├── Dockerfile
│ │ ├── build.sh
│ │ ├── client
│ │ │ ├── go.mod
│ │ │ ├── main.go
│ │ │ └── math.go
│ │ ├── common
│ │ │ ├── common.go
│ │ │ ├── go.mod
│ │ │ └── go.sum
│ │ ├── go.work
│ │ └── server
│ │ │ ├── go.mod
│ │ │ ├── main.go
│ │ │ └── secrets.go
│ └── challenge.yaml
├── netmsg-2
│ ├── challenge-handout
│ │ └── netmsg-2.pcap
│ ├── challenge-solution
│ │ ├── README.txt
│ │ ├── flag1.py
│ │ ├── flag2.py
│ │ └── requirements.txt
│ ├── challenge-src
│ │ ├── build.sh
│ │ ├── client
│ │ ├── common
│ │ ├── go.work
│ │ └── server
│ └── challenge.yaml
├── notcrypto
│ ├── challenge-handout
│ │ └── spn
│ ├── challenge-solution
│ │ ├── todo.py
│ │ └── writeup.md
│ ├── challenge-src
│ │ ├── Makefile
│ │ ├── flag.txt
│ │ ├── spn
│ │ └── spn.cpp
│ └── challenge.yaml
├── oh_my_gadt
│ ├── challenge-handout
│ │ ├── .stack-work
│ │ │ ├── install
│ │ │ │ └── x86_64-linux
│ │ │ │ │ └── 359f636bad276f3ca7e20838b8576d4ccc48aae2d117a0bffb731f9814dbfc7c
│ │ │ │ │ └── 9.8.4
│ │ │ │ │ └── pkgdb
│ │ │ │ │ ├── package.cache
│ │ │ │ │ └── package.cache.lock
│ │ │ ├── stack.sqlite3
│ │ │ └── stack.sqlite3.pantry-write-lock
│ │ ├── Dockerfile
│ │ ├── docker-compose.yml
│ │ └── hs_src
│ │ │ ├── .stack-work
│ │ │ ├── install
│ │ │ │ └── x86_64-linux
│ │ │ │ │ └── 359f636bad276f3ca7e20838b8576d4ccc48aae2d117a0bffb731f9814dbfc7c
│ │ │ │ │ └── 9.8.4
│ │ │ │ │ └── pkgdb
│ │ │ │ │ ├── package.cache
│ │ │ │ │ └── package.cache.lock
│ │ │ ├── stack.sqlite3
│ │ │ └── stack.sqlite3.pantry-write-lock
│ │ │ ├── Setup.hs
│ │ │ ├── ohmygadt.cabal
│ │ │ ├── src
│ │ │ └── Main.hs
│ │ │ ├── stack.yaml
│ │ │ └── stack.yaml.lock
│ ├── challenge-solution
│ │ └── solve.py
│ ├── challenge-src
│ └── challenge.yaml
└── pickle-season
│ ├── challenge-handout
│ ├── challenge-solution
│ └── solution.md
│ ├── challenge-src
│ └── challenge.py
│ └── challenge.yaml
└── web
├── MVMCheckers-Inc
├── challenge-handout
│ ├── .idea
│ │ ├── .gitignore
│ │ ├── inspectionProfiles
│ │ │ └── Project_Default.xml
│ │ ├── mimes-inc.iml
│ │ ├── misc.xml
│ │ ├── modules.xml
│ │ ├── php.xml
│ │ └── vcs.xml
│ ├── Dockerfile
│ ├── docker-compose.yml
│ ├── flag.txt
│ ├── magicians-agency.iml
│ └── src
│ │ ├── administration.php
│ │ ├── booking.php
│ │ ├── header.php
│ │ ├── index.php
│ │ ├── magicians.php
│ │ ├── magicians
│ │ ├── Die kleine Hexe.magic
│ │ ├── Gandalf.magic
│ │ ├── Houdini.magic
│ │ ├── Kiki.magic
│ │ └── Siegfried and Roy.magic
│ │ ├── rebuild
│ │ ├── about.json
│ │ ├── booking.json
│ │ ├── footnote.txt
│ │ └── index.php
│ │ └── style.css
├── challenge-solution
│ ├── exfil.json
│ ├── magic.txt
│ ├── magic.xbm
│ └── solution.md
├── challenge-src
│ ├── .idea
│ │ ├── .gitignore
│ │ ├── inspectionProfiles
│ │ │ └── Project_Default.xml
│ │ ├── mimes-inc.iml
│ │ ├── misc.xml
│ │ ├── modules.xml
│ │ ├── php.xml
│ │ └── vcs.xml
│ ├── Dockerfile
│ ├── docker-compose.yml
│ ├── flag.txt
│ ├── magicians-agency.iml
│ └── src
│ │ ├── administration.php
│ │ ├── booking.php
│ │ ├── header.php
│ │ ├── index.php
│ │ ├── magicians.php
│ │ ├── magicians
│ │ ├── Die kleine Hexe.magic
│ │ ├── Gandalf.magic
│ │ ├── Houdini.magic
│ │ ├── Kiki.magic
│ │ └── Siegfried and Roy.magic
│ │ ├── rebuild
│ │ ├── about.json
│ │ ├── booking.json
│ │ ├── footnote.txt
│ │ └── index.php
│ │ └── style.css
└── challenge.yaml
├── StoryCreator
├── challenge-handout
│ └── handout
│ │ ├── Dockerfile
│ │ ├── backend
│ │ ├── .gitignore
│ │ ├── cmd
│ │ │ └── server
│ │ │ │ └── server.go
│ │ ├── go.mod
│ │ ├── go.sum
│ │ ├── gqlgen.yml
│ │ ├── internal
│ │ │ └── exporter
│ │ │ │ └── exporter.go
│ │ ├── justfile
│ │ ├── pkg
│ │ │ ├── apq
│ │ │ │ └── cache.go
│ │ │ ├── db
│ │ │ │ └── db.go
│ │ │ ├── flagcookie
│ │ │ │ └── flagcookie.go
│ │ │ ├── graph
│ │ │ │ ├── generated.go
│ │ │ │ ├── gqlgen-directives.graphql
│ │ │ │ ├── model
│ │ │ │ │ └── models_gen.go
│ │ │ │ ├── resolver.go
│ │ │ │ ├── schema.graphql
│ │ │ │ └── schema.resolvers.go
│ │ │ ├── model
│ │ │ │ ├── dimensions.go
│ │ │ │ └── id.go
│ │ │ ├── render
│ │ │ │ └── render.go
│ │ │ ├── repository
│ │ │ │ ├── exports
│ │ │ │ │ └── exports.go
│ │ │ │ ├── images
│ │ │ │ │ └── images.go
│ │ │ │ └── stories
│ │ │ │ │ └── stories.go
│ │ │ ├── smallhmap
│ │ │ │ └── smallhmap.go
│ │ │ └── tenant
│ │ │ │ └── tenant.go
│ │ └── tools.go
│ │ ├── compose.yml
│ │ ├── frontend
│ │ ├── .env
│ │ ├── .eslintrc.cjs
│ │ ├── .gitattributes
│ │ ├── .gitignore
│ │ ├── .prettierrc
│ │ ├── .yarn
│ │ │ └── releases
│ │ │ │ └── yarn-4.3.1.cjs
│ │ ├── .yarnrc.yml
│ │ ├── Dockerfile
│ │ ├── README.md
│ │ ├── index.html
│ │ ├── nginx.conf
│ │ ├── package.json
│ │ ├── public
│ │ │ └── vite.svg
│ │ ├── src
│ │ │ ├── App.tsx
│ │ │ ├── assets
│ │ │ │ └── react.svg
│ │ │ ├── components
│ │ │ │ ├── FullPageLoading.tsx
│ │ │ │ └── story.tsx
│ │ │ ├── main.css
│ │ │ ├── main.tsx
│ │ │ ├── pages
│ │ │ │ ├── CreateStoryPage
│ │ │ │ │ └── CreateStoryPage.tsx
│ │ │ │ ├── ExportDetailsPage
│ │ │ │ │ └── ExportDetailsPage.tsx
│ │ │ │ ├── ExportListPage
│ │ │ │ │ └── ExportListPage.tsx
│ │ │ │ ├── ExportStoryPage
│ │ │ │ │ └── ExportStoryPage.tsx
│ │ │ │ ├── ListStoriesPage
│ │ │ │ │ └── ListStoriesPage.tsx
│ │ │ │ ├── Render
│ │ │ │ │ └── Render.tsx
│ │ │ │ ├── UploadAssetPage
│ │ │ │ │ └── UploadAssetPage.tsx
│ │ │ │ └── ViewStoryPage
│ │ │ │ │ └── ViewStoryPage.tsx
│ │ │ └── vite-env.d.ts
│ │ ├── tsconfig.app.json
│ │ ├── tsconfig.json
│ │ ├── tsconfig.node.json
│ │ ├── vite.config.ts
│ │ └── yarn.lock
│ │ └── seed
│ │ └── seed.sql
├── challenge-solution
│ ├── checker
│ │ ├── ._image.png
│ │ ├── ._imageold.png
│ │ ├── __main__.py
│ │ ├── image.png
│ │ └── imageold.png
│ └── writeup.md
├── challenge-src
│ ├── ._cwte-jeopardy-chall
│ ├── Dockerfile
│ ├── Dockerfile-db
│ ├── backend
│ │ ├── .gitignore
│ │ ├── cmd
│ │ │ └── server
│ │ │ │ └── server.go
│ │ ├── go.mod
│ │ ├── go.sum
│ │ ├── gqlgen.yml
│ │ ├── internal
│ │ │ └── exporter
│ │ │ │ └── exporter.go
│ │ ├── justfile
│ │ ├── pkg
│ │ │ ├── apq
│ │ │ │ └── cache.go
│ │ │ ├── db
│ │ │ │ └── db.go
│ │ │ ├── flagcookie
│ │ │ │ └── flagcookie.go
│ │ │ ├── graph
│ │ │ │ ├── generated.go
│ │ │ │ ├── gqlgen-directives.graphql
│ │ │ │ ├── model
│ │ │ │ │ └── models_gen.go
│ │ │ │ ├── resolver.go
│ │ │ │ ├── schema.graphql
│ │ │ │ └── schema.resolvers.go
│ │ │ ├── model
│ │ │ │ ├── dimensions.go
│ │ │ │ └── id.go
│ │ │ ├── render
│ │ │ │ └── render.go
│ │ │ ├── repository
│ │ │ │ ├── exports
│ │ │ │ │ └── exports.go
│ │ │ │ ├── images
│ │ │ │ │ └── images.go
│ │ │ │ └── stories
│ │ │ │ │ └── stories.go
│ │ │ ├── smallhmap
│ │ │ │ ├── smallhmap.go
│ │ │ │ └── smallhmap_test.go
│ │ │ └── tenant
│ │ │ │ └── tenant.go
│ │ └── tools.go
│ ├── compose.yml
│ ├── frontend
│ │ ├── .env
│ │ ├── .eslintrc.cjs
│ │ ├── .gitattributes
│ │ ├── .gitignore
│ │ ├── .prettierrc
│ │ ├── .yarn
│ │ │ └── releases
│ │ │ │ └── yarn-4.3.1.cjs
│ │ ├── .yarnrc.yml
│ │ ├── Dockerfile
│ │ ├── README.md
│ │ ├── index.html
│ │ ├── nginx.conf
│ │ ├── package.json
│ │ ├── public
│ │ │ └── vite.svg
│ │ ├── src
│ │ │ ├── App.tsx
│ │ │ ├── assets
│ │ │ │ └── react.svg
│ │ │ ├── components
│ │ │ │ ├── FullPageLoading.tsx
│ │ │ │ └── story.tsx
│ │ │ ├── main.css
│ │ │ ├── main.tsx
│ │ │ ├── pages
│ │ │ │ ├── CreateStoryPage
│ │ │ │ │ └── CreateStoryPage.tsx
│ │ │ │ ├── ExportDetailsPage
│ │ │ │ │ └── ExportDetailsPage.tsx
│ │ │ │ ├── ExportListPage
│ │ │ │ │ └── ExportListPage.tsx
│ │ │ │ ├── ExportStoryPage
│ │ │ │ │ └── ExportStoryPage.tsx
│ │ │ │ ├── ListStoriesPage
│ │ │ │ │ └── ListStoriesPage.tsx
│ │ │ │ ├── Render
│ │ │ │ │ └── Render.tsx
│ │ │ │ ├── UploadAssetPage
│ │ │ │ │ └── UploadAssetPage.tsx
│ │ │ │ └── ViewStoryPage
│ │ │ │ │ └── ViewStoryPage.tsx
│ │ │ └── vite-env.d.ts
│ │ ├── tsconfig.app.json
│ │ ├── tsconfig.json
│ │ ├── tsconfig.node.json
│ │ ├── vite.config.ts
│ │ └── yarn.lock
│ ├── handout
│ │ ├── Dockerfile
│ │ ├── backend
│ │ │ ├── .gitignore
│ │ │ ├── cmd
│ │ │ │ └── server
│ │ │ │ │ └── server.go
│ │ │ ├── go.mod
│ │ │ ├── go.sum
│ │ │ ├── gqlgen.yml
│ │ │ ├── internal
│ │ │ │ └── exporter
│ │ │ │ │ └── exporter.go
│ │ │ ├── justfile
│ │ │ ├── pkg
│ │ │ │ ├── apq
│ │ │ │ │ └── cache.go
│ │ │ │ ├── db
│ │ │ │ │ └── db.go
│ │ │ │ ├── flagcookie
│ │ │ │ │ └── flagcookie.go
│ │ │ │ ├── graph
│ │ │ │ │ ├── generated.go
│ │ │ │ │ ├── gqlgen-directives.graphql
│ │ │ │ │ ├── model
│ │ │ │ │ │ └── models_gen.go
│ │ │ │ │ ├── resolver.go
│ │ │ │ │ ├── schema.graphql
│ │ │ │ │ └── schema.resolvers.go
│ │ │ │ ├── model
│ │ │ │ │ ├── dimensions.go
│ │ │ │ │ └── id.go
│ │ │ │ ├── render
│ │ │ │ │ └── render.go
│ │ │ │ ├── repository
│ │ │ │ │ ├── exports
│ │ │ │ │ │ └── exports.go
│ │ │ │ │ ├── images
│ │ │ │ │ │ └── images.go
│ │ │ │ │ └── stories
│ │ │ │ │ │ └── stories.go
│ │ │ │ ├── smallhmap
│ │ │ │ │ └── smallhmap.go
│ │ │ │ └── tenant
│ │ │ │ │ └── tenant.go
│ │ │ └── tools.go
│ │ ├── compose.yml
│ │ ├── frontend
│ │ │ ├── .env
│ │ │ ├── .eslintrc.cjs
│ │ │ ├── .gitattributes
│ │ │ ├── .gitignore
│ │ │ ├── .prettierrc
│ │ │ ├── .yarn
│ │ │ │ └── releases
│ │ │ │ │ └── yarn-4.3.1.cjs
│ │ │ ├── .yarnrc.yml
│ │ │ ├── Dockerfile
│ │ │ ├── README.md
│ │ │ ├── index.html
│ │ │ ├── nginx.conf
│ │ │ ├── package.json
│ │ │ ├── public
│ │ │ │ └── vite.svg
│ │ │ ├── src
│ │ │ │ ├── App.tsx
│ │ │ │ ├── assets
│ │ │ │ │ └── react.svg
│ │ │ │ ├── components
│ │ │ │ │ ├── FullPageLoading.tsx
│ │ │ │ │ └── story.tsx
│ │ │ │ ├── main.css
│ │ │ │ ├── main.tsx
│ │ │ │ ├── pages
│ │ │ │ │ ├── CreateStoryPage
│ │ │ │ │ │ └── CreateStoryPage.tsx
│ │ │ │ │ ├── ExportDetailsPage
│ │ │ │ │ │ └── ExportDetailsPage.tsx
│ │ │ │ │ ├── ExportListPage
│ │ │ │ │ │ └── ExportListPage.tsx
│ │ │ │ │ ├── ExportStoryPage
│ │ │ │ │ │ └── ExportStoryPage.tsx
│ │ │ │ │ ├── ListStoriesPage
│ │ │ │ │ │ └── ListStoriesPage.tsx
│ │ │ │ │ ├── Render
│ │ │ │ │ │ └── Render.tsx
│ │ │ │ │ ├── UploadAssetPage
│ │ │ │ │ │ └── UploadAssetPage.tsx
│ │ │ │ │ └── ViewStoryPage
│ │ │ │ │ │ └── ViewStoryPage.tsx
│ │ │ │ └── vite-env.d.ts
│ │ │ ├── tsconfig.app.json
│ │ │ ├── tsconfig.json
│ │ │ ├── tsconfig.node.json
│ │ │ ├── vite.config.ts
│ │ │ └── yarn.lock
│ │ └── seed
│ │ │ └── seed.sql
│ ├── justfile
│ ├── seed
│ │ └── seed.sql
│ └── src
│ │ └── .tool-versions
└── challenge.yaml
├── blogdog
├── challenge-handout
│ ├── Dockerfile
│ └── src
│ │ ├── favicon.ico
│ │ ├── index.html
│ │ ├── index.js
│ │ ├── package-lock.json
│ │ ├── package.json
│ │ └── purify.min.js
├── challenge-solution
│ ├── solution.md
│ └── solver.py
├── challenge-src
│ ├── Dockerfile
│ └── src
│ │ ├── favicon.ico
│ │ ├── index.html
│ │ ├── index.js
│ │ ├── package-lock.json
│ │ ├── package.json
│ │ └── purify.min.js
└── challenge.yaml
├── kittyconvert
├── challenge-handout
│ ├── Dockerfile
│ ├── README.md
│ ├── docker-compose.yml
│ ├── flag.txt
│ └── src
│ │ ├── class-php-ico.php
│ │ ├── favicon.ico
│ │ ├── index.php
│ │ └── uploads
│ │ └── .gitfolder
├── challenge-solution
│ ├── solution.md
│ └── solve.py
├── challenge-src
│ ├── Dockerfile
│ ├── docker-compose.yml
│ ├── flag.txt
│ └── src
│ │ ├── class-php-ico.php
│ │ ├── favicon.ico
│ │ ├── index.php
│ │ └── uploads
│ │ └── .gitfolder
└── challenge.yaml
└── submission
├── challenge-handout
├── Dockerfile
├── README.md
├── docker-compose.yml
└── src
│ ├── favicon.ico
│ ├── index.php
│ └── uploads
│ └── flag.txt
├── challenge-solution
└── solution.md
├── challenge-src
├── Dockerfile
└── src
│ ├── favicon.ico
│ ├── index.php
│ └── uploads
│ └── flag.txt
└── challenge.yaml
/README.md:
--------------------------------------------------------------------------------
1 | # x3CTF 2025 - Challenges
2 | This repository contains all the challenges, sources and solutions for **x3CTF 2025 (feat. mvm)**
3 |
--------------------------------------------------------------------------------
/crypto/babyrng/challenge-handout/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM haskell:8.10
2 |
3 | RUN cabal update && cabal install --lib mtl && cabal install --lib random
4 |
5 | WORKDIR /build
6 | COPY source.hs .
7 | RUN ghc source.hs
8 |
9 | ENTRYPOINT ["/build/source"]
--------------------------------------------------------------------------------
/crypto/babyrng/challenge-handout/output.txt:
--------------------------------------------------------------------------------
1 | The shredded flag (070dbb36be2b25fadda85ba68d791dd8ec4626d81ebd338cb13a4f318d98d7102bddd0fd2f22946138e4401fe006e4eb318cabfb034adfac4163e595f2442c7b) has been buried at (7283898632471611723, 9620209372472646369)
--------------------------------------------------------------------------------
/crypto/babyrng/challenge-handout/source.hs:
--------------------------------------------------------------------------------
1 | {-# LANGUAGE ScopedTypeVariables #-}
2 | import Control.Monad.State.Lazy (evalState, State, state)
3 | import Data.Bits (xor)
4 | import Data.Char (chr, ord)
5 | import Data.Word (Word64)
6 | import System.Random (getStdGen, StdGen, uniform, uniformR)
7 | import Text.Printf (printf)
8 |
9 | flag = "MVM{[REDACTED]}"
10 |
11 | shred :: String -> State StdGen String
12 | shred "" = return ""
13 | shred (c:cs) = do
14 | k <- state $ uniformR (0, 255)
15 | ((:) (chr $ (ord c) `xor` k)) <$> (shred cs)
16 |
17 | burryTreasure :: State StdGen String
18 | burryTreasure = do
19 | shredded <- shred flag
20 | x :: Word64 <- state uniform
21 | y :: Word64 <- state uniform
22 | return $ printf "The shredded flag (%s) has been buried at (%d, %d)" (shredded >>= (printf "%02x" :: Char -> String)) x y
23 |
24 | main :: IO ()
25 | main = do
26 | rng <- getStdGen
27 | putStrLn $ evalState burryTreasure rng
--------------------------------------------------------------------------------
/crypto/babyrng/challenge-solution/solution.md:
--------------------------------------------------------------------------------
1 | Read the source of Haskell random library (particularly https://hackage.haskell.org/package/splitmix-0.1.1/docs/src/System.Random.SplitMix.html), implement the inverse of `mix64` and use the fact that `state_{i + 1} = state_i + gamma` for some constant gamma to recover the one time pad key knowing full 2 words generated right after the flag is encrypted.
--------------------------------------------------------------------------------
/crypto/babyrng/challenge-solution/solve.py:
--------------------------------------------------------------------------------
1 | m = 1 << 64
2 |
3 |
4 | def shiftxor(n, w):
5 | return w ^ (w >> n)
6 |
7 |
8 | def shiftxormult(n, k, w):
9 | return (shiftxor(n, w) * k) % m
10 |
11 |
12 | def mix64(z0):
13 | z1 = shiftxormult(33, 0xff51afd7ed558ccd, z0)
14 | z2 = shiftxormult(33, 0xc4ceb9fe1a85ec53, z1)
15 | return shiftxor(33, z2)
16 |
17 |
18 | def unmix64(z3):
19 | z2 = shiftxor(33, z3)
20 | z1 = shiftxor(33, (pow(0xc4ceb9fe1a85ec53, -1, m) * z2) % m)
21 | return shiftxor(33, (pow(0xff51afd7ed558ccd, -1, m) * z1) % m)
22 |
23 |
24 | def get_gamma(a, b):
25 | a = unmix64(a)
26 | b = unmix64(b)
27 | return (b - a) % m
28 |
29 |
30 | ct = bytes.fromhex('070dbb36be2b25fadda85ba68d791dd8ec4626d81ebd338cb13a4f318d98d7102bddd0fd2f22946138e4401fe006e4eb318cabfb034adfac4163e595f2442c7b')
31 | x = 7283898632471611723
32 | y = 9620209372472646369
33 | gamma = get_gamma(x, y)
34 |
35 | ks = [mix64((unmix64(x) - (i + 1) * gamma) % m) % 256 for i in range(len(ct))][::-1]
36 | flag = bytes([a ^ b for a, b in zip(ct, ks)])
37 | print(flag.decode())
--------------------------------------------------------------------------------
/crypto/babyrng/challenge-src:
--------------------------------------------------------------------------------
1 | challenge-handout
--------------------------------------------------------------------------------
/crypto/babyrng/challenge.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: berg.norelect.ch/v1
2 | kind: Challenge
3 | metadata:
4 | name: babyrng
5 | namespace: berg
6 | spec:
7 | categories:
8 | - mvm
9 | - crypto
10 |
11 | difficulty: easy # Must be one of baby/easy/medium/hard/leet
12 | author: ksaweryr
13 | allowOutboundTraffic: false
14 | flag: MVM{4_M0n4D_15_jU5t_4_m0N01d_1n_Th3_c4t3G0Ry_0f_3ND0FUNCT0R5_:D}
15 | flagFormat: MVM{...}
16 | description: |
17 | A flag has been stolen, destroyed and buried underground in a random location.
18 | System.Random was used, so it should be impossible to recover the flag... right?
19 | attachments:
20 | - fileName: babyrng.tar.gz
21 | downloadUrl: /handouts/babyrng.tar.gz
22 |
--------------------------------------------------------------------------------
/crypto/curved-mvm/challenge-handout:
--------------------------------------------------------------------------------
1 | challenge-src
--------------------------------------------------------------------------------
/crypto/curved-mvm/challenge-solution/server.py:
--------------------------------------------------------------------------------
1 | ../challenge-src/server.py
--------------------------------------------------------------------------------
/crypto/curved-mvm/challenge-src/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:3.12-alpine AS builder
2 |
3 | RUN apk update --no-cache && apk upgrade --no-cache && apk add socat gmp --no-cache
4 |
5 | RUN apk add gcc gmp-dev musl-dev --no-cache && pip install --target=/app fastecdsa
6 |
7 | FROM python:3.12-alpine
8 |
9 | RUN apk update --no-cache && apk upgrade --no-cache && apk add socat gmp --no-cache
10 |
11 | COPY --from=builder /app /app
12 |
13 | COPY fast.py /app
14 |
15 | WORKDIR /app
16 |
17 | ENTRYPOINT socat tcp-l:1337,fork,reuseaddr exec:"python3 /app/fast.py"
18 |
--------------------------------------------------------------------------------
/crypto/fastcrypto/challenge-handout/CMakeLists.txt:
--------------------------------------------------------------------------------
1 | cmake_minimum_required(VERSION 3.18)
2 | project(nttmul)
3 |
4 | find_package(Python 3.12
5 | REQUIRED COMPONENTS Interpreter Development.Module
6 | OPTIONAL_COMPONENTS Development.SABIModule)
7 |
8 | add_subdirectory(nanobind)
9 | nanobind_add_module(
10 | nttmul
11 | # STABLE_ABI
12 | # NB_STATIC
13 | nttmul.cpp
14 | )
15 |
16 | # install(TARGETS nttmul LIBRARY DESTINATION .)
17 |
--------------------------------------------------------------------------------
/crypto/fastcrypto/challenge-handout/Makefile:
--------------------------------------------------------------------------------
1 | all:
2 | cmake -S . -B build
3 | cmake --build build
4 | cp build/nttmul*.so .
5 |
--------------------------------------------------------------------------------
/crypto/fastcrypto/challenge-solution/solve.py:
--------------------------------------------------------------------------------
1 | from Crypto.Util.number import long_to_bytes as ltb
2 | from math import gcd
3 | from pwn import *
4 |
5 | if args.REMOTE:
6 | conn = remote('127.0.0.1', 1337)
7 | else:
8 | conn = process(['python3', 'chall.py'])
9 |
10 | conn.recvline()
11 | N = int(conn.recvline().split(b' = ')[1])
12 | e = 0x10001
13 |
14 | # This solution script has about a ~0.006% chance of failing
15 | ctr = 0
16 | while True:
17 | ctr += 1
18 | conn.recvuntil(b': ')
19 | conn.sendline(b'2')
20 | data = int(conn.recvline().split(b' = ')[1])
21 | enc = int(conn.recvline().split(b' = ')[1])
22 | correct = pow(data, e, N)
23 | if enc == correct:
24 | continue
25 | p = gcd(enc - correct, N)
26 | if p != 1 and p != N: # p == N has about a ~0.006% chance of happening
27 | break
28 |
29 | print(f'{ctr} encryption queries')
30 |
31 | q = N // p
32 | phi = (p - 1) * (q - 1)
33 | d = pow(e, -1, phi)
34 | conn.recvuntil(b': ')
35 | conn.sendline(b'1')
36 | enc = int(conn.recvline().split(b' = ')[1])
37 | dec = pow(enc, d, N)
38 | conn.sendline(str(dec).encode())
39 |
40 | conn.recvuntil(b' = ')
41 | enc = int(conn.recvline())
42 | flag = pow(enc, d, N)
43 | print(ltb(flag))
44 |
--------------------------------------------------------------------------------
/crypto/fastcrypto/challenge-src/CMakeLists.txt:
--------------------------------------------------------------------------------
1 | cmake_minimum_required(VERSION 3.18)
2 | project(nttmul)
3 |
4 | find_package(Python 3.12
5 | REQUIRED COMPONENTS Interpreter Development.Module
6 | OPTIONAL_COMPONENTS Development.SABIModule)
7 |
8 | add_subdirectory(nanobind)
9 | nanobind_add_module(
10 | nttmul
11 | # STABLE_ABI
12 | # NB_STATIC
13 | nttmul.cpp
14 | )
15 |
16 | # install(TARGETS nttmul LIBRARY DESTINATION .)
17 |
--------------------------------------------------------------------------------
/crypto/fastcrypto/challenge-src/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:3.12-alpine
2 |
3 | WORKDIR /app
4 |
5 | RUN pip3 install pycryptodome
6 | RUN apk update --no-cache && apk upgrade --no-cache && apk add socat cmake make git build-base --no-cache
7 | RUN git clone https://github.com/wjakob/nanobind && cd nanobind && git checkout 0272db4cfd611902f8cdc534c545973642c1627f && git reset --hard && git submodule update --init --recursive
8 |
9 | COPY SECRET.py /app
10 | COPY chall.py /app
11 | COPY Makefile /app
12 | COPY CMakeLists.txt /app
13 | COPY nttmul.cpp /app
14 | COPY nttmul*.so /app
15 |
16 | RUN make
17 |
18 | ENTRYPOINT socat tcp-l:1337,fork,reuseaddr exec:/app/chall.py
19 |
--------------------------------------------------------------------------------
/crypto/fastcrypto/challenge-src/Makefile:
--------------------------------------------------------------------------------
1 | all:
2 | cmake -S . -B build
3 | cmake --build build
4 | cp build/nttmul*.so .
5 |
--------------------------------------------------------------------------------
/crypto/fastcrypto/challenge-src/SECRET.py:
--------------------------------------------------------------------------------
1 | FLAG = b'x3{so_l0ng_and_th4nks_for_all_the_NTT_43274987298472398}'
2 |
--------------------------------------------------------------------------------
/crypto/man_vs_matrix/challenge-handout:
--------------------------------------------------------------------------------
1 | challenge-src
--------------------------------------------------------------------------------
/crypto/man_vs_matrix/challenge-src/challenge.py:
--------------------------------------------------------------------------------
1 | from sage.all import *
2 | from Crypto.Util.number import bytes_to_long
3 |
4 | class RNG:
5 |
6 | def __init__(self, seed):
7 | self.p = next_prime(2**24)
8 | self.F = GF(self.p)
9 | self.M = matrix(self.F, 3,3, [bytes_to_long(seed[i:i+3]) for i in range(0, len(seed), 3)])
10 | self.state = vector(self.F, map(ord, "Mvm"))
11 | self.gen = self.F(2)
12 |
13 | def get_random_num(self):
14 | out = self.M * self.state
15 |
16 | for i in range(len(self.state)):
17 | self.state[i] = self.gen**self.state[i]
18 |
19 | return out * self.state
20 |
21 | flag = b"MVM{???????????????????????????}"
22 | seed = flag[4:-1]
23 |
24 | rng = RNG(seed)
25 | samples = []
26 |
27 | for i in range(9):
28 | samples.append(rng.get_random_num())
29 |
30 | print(f"{samples = }")
31 | # samples = [6192533, 82371, 86024, 4218430, 12259879, 16442850, 6736271, 7418630, 15483781]
32 |
--------------------------------------------------------------------------------
/crypto/man_vs_matrix/challenge.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: berg.norelect.ch/v1
3 | kind: Challenge
4 | metadata:
5 | name: man-vs-matrix
6 | namespace: berg
7 | spec:
8 | categories:
9 | - mvm
10 | - crypto
11 | difficulty: easy
12 | author: alex_hcsc
13 | flag: MVM{l1n34r_fuNcT10n5_4r3_my_f4v}
14 | flagFormat: MVM{...}
15 | description: |
16 | I've just built an RNG algorithm from scratch. Can you break it?
17 | attachments:
18 | - fileName: man_vs_matrix.tar.gz
19 | downloadUrl: /handouts/man_vs_matrix.tar.gz
20 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-handout/.gitignore:
--------------------------------------------------------------------------------
1 | __pycache__/
2 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-handout/api/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:3.12-slim
2 |
3 | ENV PYTHONUNBUFFERED=1 \
4 | POETRY_VIRTUALENVS_CREATE=false
5 |
6 | WORKDIR /app
7 |
8 | COPY pyproject.toml poetry.lock ./
9 |
10 | RUN pip install --no-cache-dir poetry \
11 | && poetry config virtualenvs.create false \
12 | && poetry install --only main --no-interaction --no-ansi --no-root \
13 | && apt update \
14 | && apt install -y --no-install-recommends wait-for-it \
15 | && rm -rf /var/lib/apt/lists/*
16 |
17 |
18 | COPY . .
19 |
20 | EXPOSE 8000
21 |
22 | CMD ["fastapi", "run", "./mvmcryption/app.py"]
23 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-handout/api/mvmcryption/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x3ctf/challenges-2025/b58889e47d087c84a18cebfeff975cbf0f5e759c/crypto/much-vulnerable-machine-1/challenge-handout/api/mvmcryption/__init__.py
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-handout/api/mvmcryption/crypto/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x3ctf/challenges-2025/b58889e47d087c84a18cebfeff975cbf0f5e759c/crypto/much-vulnerable-machine-1/challenge-handout/api/mvmcryption/crypto/__init__.py
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-handout/api/mvmcryption/db/__init__.py:
--------------------------------------------------------------------------------
1 | from __future__ import annotations
2 |
3 | from mvmcryption.environ import getenv
4 |
5 | from .db import connect
6 | from .users import Users
7 |
8 | ADMIN_PASSWORD = getenv("ADMIN_PASSWORD")
9 |
10 | TABLE_QUERY = """
11 | CREATE TABLE IF NOT EXISTS users (
12 | id INTEGER PRIMARY KEY,
13 | username VARCHAR(50) NOT NULL UNIQUE,
14 | email VARCHAR(100) NOT NULL UNIQUE,
15 | password VARCHAR(100) NOT NULL
16 | );
17 | """
18 |
19 |
20 | def initialize() -> None:
21 | with connect() as conn:
22 | conn.executescript(TABLE_QUERY)
23 | try:
24 | Users(conn).create(
25 | username="admin",
26 | email="admin@this-company-luckily-does-not-exist.mvm",
27 | password=ADMIN_PASSWORD,
28 | )
29 | except Exception as e: # maybe it already exists
30 | print(e)
31 |
32 |
33 | __all__ = [
34 | "Users",
35 | "initialize",
36 | ]
37 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-handout/api/mvmcryption/environ.py:
--------------------------------------------------------------------------------
1 | import os
2 |
3 |
4 | def getenv(key: str) -> str:
5 | """Get environment variable and raise an error if it is unset."""
6 | if val := os.getenv(key):
7 | return val
8 | msg = "ENV variable %s is required!"
9 | raise OSError(msg % key)
10 |
11 |
12 | IS_DEV = os.getenv("ENV") == "DEV"
13 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-handout/api/mvmcryption/resp.py:
--------------------------------------------------------------------------------
1 | from __future__ import annotations
2 |
3 | from fastapi import HTTPException, status
4 |
5 | PERMISSION_DENIED = HTTPException(
6 | status_code=status.HTTP_403_FORBIDDEN,
7 | detail="Permission denied.",
8 | )
9 |
10 |
11 | def not_found(model: object) -> HTTPException:
12 | return HTTPException(
13 | status_code=status.HTTP_404_NOT_FOUND,
14 | detail=f"{model.__name__} not found.",
15 | )
16 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-handout/api/mvmcryption/routers/__init__.py:
--------------------------------------------------------------------------------
1 | from .auth import auth_router as auth
2 | from .crypto import crypto_router as crypto
3 | from .users import users_router as users
4 |
5 | __all__ = [
6 | "auth",
7 | "crypto",
8 | "users",
9 | ]
10 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-handout/api/mvmcryption/utils.py:
--------------------------------------------------------------------------------
1 | from base64 import urlsafe_b64decode, urlsafe_b64encode
2 |
3 |
4 | def encode(content: bytes | str) -> str:
5 | def _encode():
6 | if isinstance(content, str):
7 | return urlsafe_b64encode(content.encode()).decode()
8 | return urlsafe_b64encode(content).decode()
9 |
10 | return _encode().replace("=", "")
11 |
12 |
13 | def decode(content: str | bytes) -> bytes:
14 | rem = len(content) % 4
15 |
16 | if rem > 0:
17 | try:
18 | content += b"=" * (4 - rem)
19 | except Exception:
20 | content += "=" * (4 - rem)
21 |
22 | if isinstance(content, str):
23 | return urlsafe_b64decode(content.encode())
24 | return urlsafe_b64decode(content)
25 |
26 |
27 | def chunk(stuff: bytes):
28 | """Chunk stuff into 16 byte blocks."""
29 |
30 | assert len(stuff)
31 | assert len(stuff) % 16 == 0
32 | blocks = []
33 | for i in range(0, len(stuff), 16):
34 | blocks.append(stuff[i : i + 16])
35 | return blocks
36 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-handout/api/pyproject.toml:
--------------------------------------------------------------------------------
1 | [tool.poetry]
2 | name = "mvmcryption"
3 | version = "0.0.0"
4 | description = "much secure"
5 | authors = ["xtea418"]
6 | readme = "README.md"
7 |
8 | [tool.poetry.dependencies]
9 | python = "^3.12"
10 | pycryptodome = "^3.21.0"
11 | pydantic = "^2.10.2"
12 | fastapi = {extras = ["standard"], version = "^0.115.5"}
13 | argon2-cffi = "^23.1.0"
14 | fastecdsa = "^3.0.0"
15 | pwntools = "^4.14.0"
16 |
17 |
18 | [tool.poetry.group.dev.dependencies]
19 | ruff = "^0.9.2"
20 | pytest = "^8.3.4"
21 |
22 | [build-system]
23 | requires = ["poetry-core"]
24 | build-backend = "poetry.core.masonry.api"
25 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-handout/api/tests/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x3ctf/challenges-2025/b58889e47d087c84a18cebfeff975cbf0f5e759c/crypto/much-vulnerable-machine-1/challenge-handout/api/tests/__init__.py
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-handout/api/tests/test_cipher.py:
--------------------------------------------------------------------------------
1 | from random import getrandbits
2 |
3 | import pytest
4 | from Crypto.Util.number import long_to_bytes
5 | from mvmcryption.crypto.cipher import SCBCCipher
6 |
7 |
8 | @pytest.mark.parametrize("msg", [b"helo", b'{"get pwned": 1337}'])
9 | @pytest.mark.parametrize("d", [1337, 895])
10 | def test_scbccipher(msg: bytes, d: int):
11 | key = long_to_bytes(d, 16)
12 | ciph = SCBCCipher(key)
13 |
14 | iv = long_to_bytes(getrandbits(128), 16)
15 | ct = ciph.encrypt(msg, iv)
16 |
17 | assert ct
18 | assert msg == ciph.decrypt(ct, iv)
19 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-handout/api/tests/test_ecdsa.py:
--------------------------------------------------------------------------------
1 | import pytest
2 | from mvmcryption.crypto.ecdsa import ECDSA, decode_signature, encode_signature
3 |
4 |
5 | @pytest.mark.parametrize("msg", [b"helo", b'{"get pwned": 1337}'])
6 | @pytest.mark.parametrize("d", [1337, 895])
7 | def test_ecdsa(msg: bytes, d: int):
8 | ecdsa = ECDSA(d)
9 | sig = ecdsa.sign(msg)
10 |
11 | assert ecdsa.verify(sig, msg)
12 |
13 |
14 | @pytest.mark.parametrize("msg", [b"helo", b'{"get pwned": 1337}'])
15 | @pytest.mark.parametrize("d", [1337, 895])
16 | def test_ecdsa_signature_encoding_decoding(msg: bytes, d: int):
17 | ecdsa = ECDSA(d)
18 | sig = ecdsa.sign(msg)
19 | encoded_sig = encode_signature(sig)
20 | assert ecdsa.verify(decode_signature(encoded_sig.split(".")), msg)
21 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-handout/compose.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # local only!
3 |
4 | services:
5 | api:
6 | build:
7 | context: ./api
8 | ports:
9 | - "8000:8000"
10 | environment:
11 | - DB_PATH=/tmp/database.db
12 | - ADMIN_PASSWORD=somenotbrutablepassword
13 | - FLAG=MVM{wh0444444_f4k3_fl4g_g0_brrrrrr}
14 | - ENV=DEV
15 | command: ["fastapi", "dev", "./mvmcryption/app.py", "--host", "0.0.0.0"]
16 | volumes:
17 | - ./api:/app
18 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-solution/solve.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | rm -rf tmp
4 |
5 | cp -r ../challenge-src/api tmp
6 | cp solve.py tmp
7 |
8 | cd tmp && git clone https://github.com/jvdsn/crypto-attacks/ ./cryptoattacks
9 |
10 | python3 ./solve.py
11 |
12 | cd ..
13 |
14 | rm -rf tmp
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-src/.gitignore:
--------------------------------------------------------------------------------
1 | __pycache__/
2 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-src/api/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:3.12-slim
2 |
3 | ENV PYTHONUNBUFFERED=1 \
4 | POETRY_VIRTUALENVS_CREATE=false
5 |
6 | WORKDIR /app
7 |
8 | COPY pyproject.toml poetry.lock ./
9 |
10 | RUN pip install --no-cache-dir poetry \
11 | && poetry config virtualenvs.create false \
12 | && poetry install --only main --no-interaction --no-ansi --no-root \
13 | && apt update \
14 | && apt install -y --no-install-recommends wait-for-it \
15 | && rm -rf /var/lib/apt/lists/*
16 |
17 |
18 | COPY . .
19 |
20 | EXPOSE 8000
21 |
22 | CMD ["fastapi", "run", "./mvmcryption/app.py"]
23 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-src/api/mvmcryption/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x3ctf/challenges-2025/b58889e47d087c84a18cebfeff975cbf0f5e759c/crypto/much-vulnerable-machine-1/challenge-src/api/mvmcryption/__init__.py
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-src/api/mvmcryption/crypto/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x3ctf/challenges-2025/b58889e47d087c84a18cebfeff975cbf0f5e759c/crypto/much-vulnerable-machine-1/challenge-src/api/mvmcryption/crypto/__init__.py
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-src/api/mvmcryption/db/__init__.py:
--------------------------------------------------------------------------------
1 | from __future__ import annotations
2 |
3 | from mvmcryption.environ import getenv
4 |
5 | from .db import connect
6 | from .users import Users
7 |
8 | ADMIN_PASSWORD = getenv("ADMIN_PASSWORD")
9 |
10 | TABLE_QUERY = """
11 | CREATE TABLE IF NOT EXISTS users (
12 | id INTEGER PRIMARY KEY,
13 | username VARCHAR(50) NOT NULL UNIQUE,
14 | email VARCHAR(100) NOT NULL UNIQUE,
15 | password VARCHAR(100) NOT NULL
16 | );
17 | """
18 |
19 |
20 | def initialize() -> None:
21 | with connect() as conn:
22 | conn.executescript(TABLE_QUERY)
23 | try:
24 | Users(conn).create(
25 | username="admin",
26 | email="admin@this-company-luckily-does-not-exist.mvm",
27 | password=ADMIN_PASSWORD,
28 | )
29 | except Exception as e: # maybe it already exists
30 | print(e)
31 |
32 |
33 | __all__ = [
34 | "Users",
35 | "initialize",
36 | ]
37 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-src/api/mvmcryption/environ.py:
--------------------------------------------------------------------------------
1 | import os
2 |
3 |
4 | def getenv(key: str) -> str:
5 | """Get environment variable and raise an error if it is unset."""
6 | if val := os.getenv(key):
7 | return val
8 | msg = "ENV variable %s is required!"
9 | raise OSError(msg % key)
10 |
11 |
12 | IS_DEV = os.getenv("ENV") == "DEV"
13 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-src/api/mvmcryption/resp.py:
--------------------------------------------------------------------------------
1 | from __future__ import annotations
2 |
3 | from fastapi import HTTPException, status
4 |
5 | PERMISSION_DENIED = HTTPException(
6 | status_code=status.HTTP_403_FORBIDDEN,
7 | detail="Permission denied.",
8 | )
9 |
10 |
11 | def not_found(model: object) -> HTTPException:
12 | return HTTPException(
13 | status_code=status.HTTP_404_NOT_FOUND,
14 | detail=f"{model.__name__} not found.",
15 | )
16 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-src/api/mvmcryption/routers/__init__.py:
--------------------------------------------------------------------------------
1 | from .auth import auth_router as auth
2 | from .crypto import crypto_router as crypto
3 | from .users import users_router as users
4 |
5 | __all__ = [
6 | "auth",
7 | "crypto",
8 | "users",
9 | ]
10 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-src/api/mvmcryption/utils.py:
--------------------------------------------------------------------------------
1 | from base64 import urlsafe_b64decode, urlsafe_b64encode
2 |
3 |
4 | def encode(content: bytes | str) -> str:
5 | def _encode():
6 | if isinstance(content, str):
7 | return urlsafe_b64encode(content.encode()).decode()
8 | return urlsafe_b64encode(content).decode()
9 |
10 | return _encode().replace("=", "")
11 |
12 |
13 | def decode(content: str | bytes) -> bytes:
14 | rem = len(content) % 4
15 |
16 | if rem > 0:
17 | try:
18 | content += b"=" * (4 - rem)
19 | except Exception:
20 | content += "=" * (4 - rem)
21 |
22 | if isinstance(content, str):
23 | return urlsafe_b64decode(content.encode())
24 | return urlsafe_b64decode(content)
25 |
26 |
27 | def chunk(stuff: bytes):
28 | """Chunk stuff into 16 byte blocks."""
29 |
30 | assert len(stuff)
31 | assert len(stuff) % 16 == 0
32 | blocks = []
33 | for i in range(0, len(stuff), 16):
34 | blocks.append(stuff[i : i + 16])
35 | return blocks
36 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-src/api/pyproject.toml:
--------------------------------------------------------------------------------
1 | [tool.poetry]
2 | name = "mvmcryption"
3 | version = "0.0.0"
4 | description = "much secure"
5 | authors = ["xtea418"]
6 | readme = "README.md"
7 |
8 | [tool.poetry.dependencies]
9 | python = "^3.12"
10 | pycryptodome = "^3.21.0"
11 | pydantic = "^2.10.2"
12 | fastapi = {extras = ["standard"], version = "^0.115.5"}
13 | argon2-cffi = "^23.1.0"
14 | fastecdsa = "^3.0.0"
15 | pwntools = "^4.14.0"
16 |
17 |
18 | [tool.poetry.group.dev.dependencies]
19 | ruff = "^0.9.2"
20 | pytest = "^8.3.4"
21 |
22 | [build-system]
23 | requires = ["poetry-core"]
24 | build-backend = "poetry.core.masonry.api"
25 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-src/api/tests/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x3ctf/challenges-2025/b58889e47d087c84a18cebfeff975cbf0f5e759c/crypto/much-vulnerable-machine-1/challenge-src/api/tests/__init__.py
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-src/api/tests/test_cipher.py:
--------------------------------------------------------------------------------
1 | from random import getrandbits
2 |
3 | import pytest
4 | from Crypto.Util.number import long_to_bytes
5 | from mvmcryption.crypto.cipher import SCBCCipher
6 |
7 |
8 | @pytest.mark.parametrize("msg", [b"helo", b'{"get pwned": 1337}'])
9 | @pytest.mark.parametrize("d", [1337, 895])
10 | def test_scbccipher(msg: bytes, d: int):
11 | key = long_to_bytes(d, 16)
12 | ciph = SCBCCipher(key)
13 |
14 | iv = long_to_bytes(getrandbits(128), 16)
15 | ct = ciph.encrypt(msg, iv)
16 |
17 | assert ct
18 | assert msg == ciph.decrypt(ct, iv)
19 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-src/api/tests/test_ecdsa.py:
--------------------------------------------------------------------------------
1 | import pytest
2 | from mvmcryption.crypto.ecdsa import ECDSA, decode_signature, encode_signature
3 |
4 |
5 | @pytest.mark.parametrize("msg", [b"helo", b'{"get pwned": 1337}'])
6 | @pytest.mark.parametrize("d", [1337, 895])
7 | def test_ecdsa(msg: bytes, d: int):
8 | ecdsa = ECDSA(d)
9 | sig = ecdsa.sign(msg)
10 |
11 | assert ecdsa.verify(sig, msg)
12 |
13 |
14 | @pytest.mark.parametrize("msg", [b"helo", b'{"get pwned": 1337}'])
15 | @pytest.mark.parametrize("d", [1337, 895])
16 | def test_ecdsa_signature_encoding_decoding(msg: bytes, d: int):
17 | ecdsa = ECDSA(d)
18 | sig = ecdsa.sign(msg)
19 | encoded_sig = encode_signature(sig)
20 | assert ecdsa.verify(decode_signature(encoded_sig.split(".")), msg)
21 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-1/challenge-src/compose.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # local only!
3 |
4 | services:
5 | api:
6 | build:
7 | context: ./api
8 | ports:
9 | - "8000:8000"
10 | environment:
11 | - DB_PATH=/tmp/database.db
12 | - ADMIN_PASSWORD=somenotbrutablepassword
13 | - FLAG=MVM{wh0444444_f4k3_fl4g_g0_brrrrrr}
14 | - ENV=DEV
15 | command: ["fastapi", "dev", "./mvmcryption/app.py", "--host", "0.0.0.0"]
16 | volumes:
17 | - ./api:/app
18 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-handout/.gitignore:
--------------------------------------------------------------------------------
1 | __pycache__/
2 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-handout/api/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:3.12-slim
2 |
3 | ENV PYTHONUNBUFFERED=1 \
4 | POETRY_VIRTUALENVS_CREATE=false
5 |
6 | WORKDIR /app
7 |
8 | COPY pyproject.toml poetry.lock ./
9 |
10 | RUN pip install --no-cache-dir poetry \
11 | && poetry config virtualenvs.create false \
12 | && poetry install --only main --no-interaction --no-ansi --no-root \
13 | && apt update \
14 | && apt install -y --no-install-recommends wait-for-it \
15 | && rm -rf /var/lib/apt/lists/*
16 |
17 |
18 | COPY . .
19 |
20 | EXPOSE 8000
21 |
22 | CMD ["fastapi", "run", "./mvmcryption/app.py"]
23 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-handout/api/mvmcryption/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x3ctf/challenges-2025/b58889e47d087c84a18cebfeff975cbf0f5e759c/crypto/much-vulnerable-machine-2/challenge-handout/api/mvmcryption/__init__.py
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-handout/api/mvmcryption/crypto/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x3ctf/challenges-2025/b58889e47d087c84a18cebfeff975cbf0f5e759c/crypto/much-vulnerable-machine-2/challenge-handout/api/mvmcryption/crypto/__init__.py
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-handout/api/mvmcryption/db/__init__.py:
--------------------------------------------------------------------------------
1 | from __future__ import annotations
2 |
3 | from mvmcryption.environ import getenv
4 |
5 | from .db import connect
6 | from .users import Users
7 |
8 | ADMIN_PASSWORD = getenv("ADMIN_PASSWORD")
9 |
10 | TABLE_QUERY = """
11 | CREATE TABLE IF NOT EXISTS users (
12 | id INTEGER PRIMARY KEY,
13 | username VARCHAR(50) NOT NULL UNIQUE,
14 | email VARCHAR(100) NOT NULL UNIQUE,
15 | password VARCHAR(100) NOT NULL
16 | );
17 | """
18 |
19 |
20 | def initialize() -> None:
21 | with connect() as conn:
22 | conn.executescript(TABLE_QUERY)
23 | try:
24 | Users(conn).create(
25 | username="admin",
26 | email="admin@this-company-luckily-does-not-exist.mvm",
27 | password=ADMIN_PASSWORD,
28 | )
29 | except Exception as e: # maybe it already exists
30 | print(e)
31 |
32 |
33 | __all__ = [
34 | "Users",
35 | "initialize",
36 | ]
37 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-handout/api/mvmcryption/environ.py:
--------------------------------------------------------------------------------
1 | import os
2 |
3 |
4 | def getenv(key: str) -> str:
5 | """Get environment variable and raise an error if it is unset."""
6 | if val := os.getenv(key):
7 | return val
8 | msg = "ENV variable %s is required!"
9 | raise OSError(msg % key)
10 |
11 |
12 | IS_DEV = os.getenv("ENV") == "DEV"
13 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-handout/api/mvmcryption/resp.py:
--------------------------------------------------------------------------------
1 | from __future__ import annotations
2 |
3 | from fastapi import HTTPException, status
4 |
5 | PERMISSION_DENIED = HTTPException(
6 | status_code=status.HTTP_403_FORBIDDEN,
7 | detail="Permission denied.",
8 | )
9 |
10 |
11 | def not_found(model: object) -> HTTPException:
12 | return HTTPException(
13 | status_code=status.HTTP_404_NOT_FOUND,
14 | detail=f"{model.__name__} not found.",
15 | )
16 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-handout/api/mvmcryption/routers/__init__.py:
--------------------------------------------------------------------------------
1 | from .auth import auth_router as auth
2 | from .crypto import crypto_router as crypto
3 | from .users import users_router as users
4 |
5 | __all__ = [
6 | "auth",
7 | "crypto",
8 | "users",
9 | ]
10 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-handout/api/mvmcryption/utils.py:
--------------------------------------------------------------------------------
1 | from base64 import urlsafe_b64decode, urlsafe_b64encode
2 |
3 |
4 | def encode(content: bytes | str) -> str:
5 | def _encode():
6 | if isinstance(content, str):
7 | return urlsafe_b64encode(content.encode()).decode()
8 | return urlsafe_b64encode(content).decode()
9 |
10 | return _encode().replace("=", "")
11 |
12 |
13 | def decode(content: str | bytes) -> bytes:
14 | rem = len(content) % 4
15 |
16 | if rem > 0:
17 | try:
18 | content += b"=" * (4 - rem)
19 | except Exception:
20 | content += "=" * (4 - rem)
21 |
22 | if isinstance(content, str):
23 | return urlsafe_b64decode(content.encode())
24 | return urlsafe_b64decode(content)
25 |
26 |
27 | def chunk(stuff: bytes):
28 | """Chunk stuff into 16 byte blocks."""
29 |
30 | assert len(stuff)
31 | assert len(stuff) % 16 == 0
32 | blocks = []
33 | for i in range(0, len(stuff), 16):
34 | blocks.append(stuff[i : i + 16])
35 | return blocks
36 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-handout/api/pyproject.toml:
--------------------------------------------------------------------------------
1 | [tool.poetry]
2 | name = "mvmcryption"
3 | version = "0.0.0"
4 | description = "much secure"
5 | authors = ["xtea418"]
6 | readme = "README.md"
7 |
8 | [tool.poetry.dependencies]
9 | python = "^3.12"
10 | pycryptodome = "^3.21.0"
11 | pydantic = "^2.10.2"
12 | fastapi = {extras = ["standard"], version = "^0.115.5"}
13 | argon2-cffi = "^23.1.0"
14 | fastecdsa = "^3.0.0"
15 | pwntools = "^4.14.0"
16 |
17 |
18 | [tool.poetry.group.dev.dependencies]
19 | ruff = "^0.9.2"
20 | pytest = "^8.3.4"
21 |
22 | [build-system]
23 | requires = ["poetry-core"]
24 | build-backend = "poetry.core.masonry.api"
25 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-handout/api/tests/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x3ctf/challenges-2025/b58889e47d087c84a18cebfeff975cbf0f5e759c/crypto/much-vulnerable-machine-2/challenge-handout/api/tests/__init__.py
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-handout/api/tests/test_cipher.py:
--------------------------------------------------------------------------------
1 | from random import getrandbits
2 |
3 | import pytest
4 | from Crypto.Util.number import long_to_bytes
5 | from mvmcryption.crypto.cipher import SCBCCipher
6 |
7 |
8 | @pytest.mark.parametrize("msg", [b"helo", b'{"get pwned": 1337}'])
9 | @pytest.mark.parametrize("d", [1337, 895])
10 | def test_scbccipher(msg: bytes, d: int):
11 | key = long_to_bytes(d, 16)
12 | ciph = SCBCCipher(key)
13 |
14 | iv = long_to_bytes(getrandbits(128), 16)
15 | ct = ciph.encrypt(msg, iv)
16 |
17 | assert ct
18 | assert msg == ciph.decrypt(ct, iv)
19 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-handout/api/tests/test_ecdsa.py:
--------------------------------------------------------------------------------
1 | import pytest
2 | from mvmcryption.crypto.ecdsa import ECDSA, decode_signature, encode_signature
3 |
4 |
5 | @pytest.mark.parametrize("msg", [b"helo", b'{"get pwned": 1337}'])
6 | @pytest.mark.parametrize("d", [1337, 895])
7 | def test_ecdsa(msg: bytes, d: int):
8 | ecdsa = ECDSA(d)
9 | sig = ecdsa.sign(msg)
10 |
11 | assert ecdsa.verify(sig, msg)
12 |
13 |
14 | @pytest.mark.parametrize("msg", [b"helo", b'{"get pwned": 1337}'])
15 | @pytest.mark.parametrize("d", [1337, 895])
16 | def test_ecdsa_signature_encoding_decoding(msg: bytes, d: int):
17 | ecdsa = ECDSA(d)
18 | sig = ecdsa.sign(msg)
19 | encoded_sig = encode_signature(sig)
20 | assert ecdsa.verify(decode_signature(encoded_sig.split(".")), msg)
21 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-handout/compose.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # local only!
3 |
4 | services:
5 | api:
6 | build:
7 | context: ./api
8 | ports:
9 | - "8000:8000"
10 | environment:
11 | - DB_PATH=/tmp/database.db
12 | - ADMIN_PASSWORD=somenotbrutablepassword
13 | - FLAG=MVM{wh0444444_f4k3_fl4g_g0_brrrrrr}
14 | - ENV=DEV
15 | command: ["fastapi", "dev", "./mvmcryption/app.py", "--host", "0.0.0.0"]
16 | volumes:
17 | - ./api:/app
18 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-solution/solve.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | rm -rf tmp
4 |
5 | cp -r ../challenge-src/api tmp
6 | cp solve.py tmp
7 |
8 | cd tmp && git clone https://github.com/jvdsn/crypto-attacks/ ./cryptoattacks
9 |
10 | python3 ./solve.py
11 |
12 | cd ..
13 |
14 | rm -rf tmp
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-src/.gitignore:
--------------------------------------------------------------------------------
1 | __pycache__/
2 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-src/api/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:3.12-slim
2 |
3 | ENV PYTHONUNBUFFERED=1 \
4 | POETRY_VIRTUALENVS_CREATE=false
5 |
6 | WORKDIR /app
7 |
8 | COPY pyproject.toml poetry.lock ./
9 |
10 | RUN pip install --no-cache-dir poetry \
11 | && poetry config virtualenvs.create false \
12 | && poetry install --only main --no-interaction --no-ansi --no-root \
13 | && apt update \
14 | && apt install -y --no-install-recommends wait-for-it \
15 | && rm -rf /var/lib/apt/lists/*
16 |
17 |
18 | COPY . .
19 |
20 | EXPOSE 8000
21 |
22 | CMD ["fastapi", "run", "./mvmcryption/app.py"]
23 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-src/api/mvmcryption/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x3ctf/challenges-2025/b58889e47d087c84a18cebfeff975cbf0f5e759c/crypto/much-vulnerable-machine-2/challenge-src/api/mvmcryption/__init__.py
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-src/api/mvmcryption/crypto/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x3ctf/challenges-2025/b58889e47d087c84a18cebfeff975cbf0f5e759c/crypto/much-vulnerable-machine-2/challenge-src/api/mvmcryption/crypto/__init__.py
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-src/api/mvmcryption/db/__init__.py:
--------------------------------------------------------------------------------
1 | from __future__ import annotations
2 |
3 | from mvmcryption.environ import getenv
4 |
5 | from .db import connect
6 | from .users import Users
7 |
8 | ADMIN_PASSWORD = getenv("ADMIN_PASSWORD")
9 |
10 | TABLE_QUERY = """
11 | CREATE TABLE IF NOT EXISTS users (
12 | id INTEGER PRIMARY KEY,
13 | username VARCHAR(50) NOT NULL UNIQUE,
14 | email VARCHAR(100) NOT NULL UNIQUE,
15 | password VARCHAR(100) NOT NULL
16 | );
17 | """
18 |
19 |
20 | def initialize() -> None:
21 | with connect() as conn:
22 | conn.executescript(TABLE_QUERY)
23 | try:
24 | Users(conn).create(
25 | username="admin",
26 | email="admin@this-company-luckily-does-not-exist.mvm",
27 | password=ADMIN_PASSWORD,
28 | )
29 | except Exception as e: # maybe it already exists
30 | print(e)
31 |
32 |
33 | __all__ = [
34 | "Users",
35 | "initialize",
36 | ]
37 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-src/api/mvmcryption/environ.py:
--------------------------------------------------------------------------------
1 | import os
2 |
3 |
4 | def getenv(key: str) -> str:
5 | """Get environment variable and raise an error if it is unset."""
6 | if val := os.getenv(key):
7 | return val
8 | msg = "ENV variable %s is required!"
9 | raise OSError(msg % key)
10 |
11 |
12 | IS_DEV = os.getenv("ENV") == "DEV"
13 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-src/api/mvmcryption/resp.py:
--------------------------------------------------------------------------------
1 | from __future__ import annotations
2 |
3 | from fastapi import HTTPException, status
4 |
5 | PERMISSION_DENIED = HTTPException(
6 | status_code=status.HTTP_403_FORBIDDEN,
7 | detail="Permission denied.",
8 | )
9 |
10 |
11 | def not_found(model: object) -> HTTPException:
12 | return HTTPException(
13 | status_code=status.HTTP_404_NOT_FOUND,
14 | detail=f"{model.__name__} not found.",
15 | )
16 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-src/api/mvmcryption/routers/__init__.py:
--------------------------------------------------------------------------------
1 | from .auth import auth_router as auth
2 | from .crypto import crypto_router as crypto
3 | from .users import users_router as users
4 |
5 | __all__ = [
6 | "auth",
7 | "crypto",
8 | "users",
9 | ]
10 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-src/api/mvmcryption/utils.py:
--------------------------------------------------------------------------------
1 | from base64 import urlsafe_b64decode, urlsafe_b64encode
2 |
3 |
4 | def encode(content: bytes | str) -> str:
5 | def _encode():
6 | if isinstance(content, str):
7 | return urlsafe_b64encode(content.encode()).decode()
8 | return urlsafe_b64encode(content).decode()
9 |
10 | return _encode().replace("=", "")
11 |
12 |
13 | def decode(content: str | bytes) -> bytes:
14 | rem = len(content) % 4
15 |
16 | if rem > 0:
17 | try:
18 | content += b"=" * (4 - rem)
19 | except Exception:
20 | content += "=" * (4 - rem)
21 |
22 | if isinstance(content, str):
23 | return urlsafe_b64decode(content.encode())
24 | return urlsafe_b64decode(content)
25 |
26 |
27 | def chunk(stuff: bytes):
28 | """Chunk stuff into 16 byte blocks."""
29 |
30 | assert len(stuff)
31 | assert len(stuff) % 16 == 0
32 | blocks = []
33 | for i in range(0, len(stuff), 16):
34 | blocks.append(stuff[i : i + 16])
35 | return blocks
36 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-src/api/pyproject.toml:
--------------------------------------------------------------------------------
1 | [tool.poetry]
2 | name = "mvmcryption"
3 | version = "0.0.0"
4 | description = "much secure"
5 | authors = ["xtea418"]
6 | readme = "README.md"
7 |
8 | [tool.poetry.dependencies]
9 | python = "^3.12"
10 | pycryptodome = "^3.21.0"
11 | pydantic = "^2.10.2"
12 | fastapi = {extras = ["standard"], version = "^0.115.5"}
13 | argon2-cffi = "^23.1.0"
14 | fastecdsa = "^3.0.0"
15 | pwntools = "^4.14.0"
16 |
17 |
18 | [tool.poetry.group.dev.dependencies]
19 | ruff = "^0.9.2"
20 | pytest = "^8.3.4"
21 |
22 | [build-system]
23 | requires = ["poetry-core"]
24 | build-backend = "poetry.core.masonry.api"
25 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-src/api/tests/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x3ctf/challenges-2025/b58889e47d087c84a18cebfeff975cbf0f5e759c/crypto/much-vulnerable-machine-2/challenge-src/api/tests/__init__.py
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-src/api/tests/test_cipher.py:
--------------------------------------------------------------------------------
1 | from random import getrandbits
2 |
3 | import pytest
4 | from Crypto.Util.number import long_to_bytes
5 | from mvmcryption.crypto.cipher import SCBCCipher
6 |
7 |
8 | @pytest.mark.parametrize("msg", [b"helo", b'{"get pwned": 1337}'])
9 | @pytest.mark.parametrize("d", [1337, 895])
10 | def test_scbccipher(msg: bytes, d: int):
11 | key = long_to_bytes(d, 16)
12 | ciph = SCBCCipher(key)
13 |
14 | iv = long_to_bytes(getrandbits(128), 16)
15 | ct = ciph.encrypt(msg, iv)
16 |
17 | assert ct
18 | assert msg == ciph.decrypt(ct, iv)
19 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-src/api/tests/test_ecdsa.py:
--------------------------------------------------------------------------------
1 | import pytest
2 | from mvmcryption.crypto.ecdsa import ECDSA, decode_signature, encode_signature
3 |
4 |
5 | @pytest.mark.parametrize("msg", [b"helo", b'{"get pwned": 1337}'])
6 | @pytest.mark.parametrize("d", [1337, 895])
7 | def test_ecdsa(msg: bytes, d: int):
8 | ecdsa = ECDSA(d)
9 | sig = ecdsa.sign(msg)
10 |
11 | assert ecdsa.verify(sig, msg)
12 |
13 |
14 | @pytest.mark.parametrize("msg", [b"helo", b'{"get pwned": 1337}'])
15 | @pytest.mark.parametrize("d", [1337, 895])
16 | def test_ecdsa_signature_encoding_decoding(msg: bytes, d: int):
17 | ecdsa = ECDSA(d)
18 | sig = ecdsa.sign(msg)
19 | encoded_sig = encode_signature(sig)
20 | assert ecdsa.verify(decode_signature(encoded_sig.split(".")), msg)
21 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-2/challenge-src/compose.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # local only!
3 |
4 | services:
5 | api:
6 | build:
7 | context: ./api
8 | ports:
9 | - "8000:8000"
10 | environment:
11 | - DB_PATH=/tmp/database.db
12 | - ADMIN_PASSWORD=somenotbrutablepassword
13 | - FLAG=MVM{wh0444444_f4k3_fl4g_g0_brrrrrr}
14 | - ENV=DEV
15 | command: ["fastapi", "dev", "./mvmcryption/app.py", "--host", "0.0.0.0"]
16 | volumes:
17 | - ./api:/app
18 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-handout/.gitignore:
--------------------------------------------------------------------------------
1 | __pycache__/
2 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-handout/api/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:3.12-slim
2 |
3 | ENV PYTHONUNBUFFERED=1 \
4 | POETRY_VIRTUALENVS_CREATE=false
5 |
6 | WORKDIR /app
7 |
8 | COPY pyproject.toml poetry.lock ./
9 |
10 | RUN pip install --no-cache-dir poetry \
11 | && poetry config virtualenvs.create false \
12 | && poetry install --only main --no-interaction --no-ansi --no-root \
13 | && apt update \
14 | && apt install -y --no-install-recommends wait-for-it \
15 | && rm -rf /var/lib/apt/lists/*
16 |
17 |
18 | COPY . .
19 |
20 | EXPOSE 8000
21 |
22 | CMD ["fastapi", "run", "./mvmcryption/app.py"]
23 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-handout/api/mvmcryption/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x3ctf/challenges-2025/b58889e47d087c84a18cebfeff975cbf0f5e759c/crypto/much-vulnerable-machine-3/challenge-handout/api/mvmcryption/__init__.py
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-handout/api/mvmcryption/crypto/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x3ctf/challenges-2025/b58889e47d087c84a18cebfeff975cbf0f5e759c/crypto/much-vulnerable-machine-3/challenge-handout/api/mvmcryption/crypto/__init__.py
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-handout/api/mvmcryption/db/__init__.py:
--------------------------------------------------------------------------------
1 | from __future__ import annotations
2 |
3 | from mvmcryption.environ import getenv
4 |
5 | from .db import connect
6 | from .users import Users
7 |
8 | ADMIN_PASSWORD = getenv("ADMIN_PASSWORD")
9 |
10 | TABLE_QUERY = """
11 | CREATE TABLE IF NOT EXISTS users (
12 | id INTEGER PRIMARY KEY,
13 | username VARCHAR(50) NOT NULL UNIQUE,
14 | email VARCHAR(100) NOT NULL UNIQUE,
15 | password VARCHAR(100) NOT NULL
16 | );
17 | """
18 |
19 |
20 | def initialize() -> None:
21 | with connect() as conn:
22 | conn.executescript(TABLE_QUERY)
23 | try:
24 | Users(conn).create(
25 | username="admin",
26 | email="admin@this-company-luckily-does-not-exist.mvm",
27 | password=ADMIN_PASSWORD,
28 | )
29 | except Exception as e: # maybe it already exists
30 | print(e)
31 |
32 |
33 | __all__ = [
34 | "Users",
35 | "initialize",
36 | ]
37 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-handout/api/mvmcryption/environ.py:
--------------------------------------------------------------------------------
1 | import os
2 |
3 |
4 | def getenv(key: str) -> str:
5 | """Get environment variable and raise an error if it is unset."""
6 | if val := os.getenv(key):
7 | return val
8 | msg = "ENV variable %s is required!"
9 | raise OSError(msg % key)
10 |
11 |
12 | IS_DEV = os.getenv("ENV") == "DEV"
13 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-handout/api/mvmcryption/resp.py:
--------------------------------------------------------------------------------
1 | from __future__ import annotations
2 |
3 | from fastapi import HTTPException, status
4 |
5 | PERMISSION_DENIED = HTTPException(
6 | status_code=status.HTTP_403_FORBIDDEN,
7 | detail="Permission denied.",
8 | )
9 |
10 |
11 | def not_found(model: object) -> HTTPException:
12 | return HTTPException(
13 | status_code=status.HTTP_404_NOT_FOUND,
14 | detail=f"{model.__name__} not found.",
15 | )
16 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-handout/api/mvmcryption/routers/__init__.py:
--------------------------------------------------------------------------------
1 | from .auth import auth_router as auth
2 | from .crypto import crypto_router as crypto
3 | from .users import users_router as users
4 |
5 | __all__ = [
6 | "auth",
7 | "crypto",
8 | "users",
9 | ]
10 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-handout/api/mvmcryption/utils.py:
--------------------------------------------------------------------------------
1 | from base64 import urlsafe_b64decode, urlsafe_b64encode
2 |
3 |
4 | def encode(content: bytes | str) -> str:
5 | def _encode():
6 | if isinstance(content, str):
7 | return urlsafe_b64encode(content.encode()).decode()
8 | return urlsafe_b64encode(content).decode()
9 |
10 | return _encode().replace("=", "")
11 |
12 |
13 | def decode(content: str | bytes) -> bytes:
14 | rem = len(content) % 4
15 |
16 | if rem > 0:
17 | try:
18 | content += b"=" * (4 - rem)
19 | except Exception:
20 | content += "=" * (4 - rem)
21 |
22 | if isinstance(content, str):
23 | return urlsafe_b64decode(content.encode())
24 | return urlsafe_b64decode(content)
25 |
26 |
27 | def chunk(stuff: bytes):
28 | """Chunk stuff into 16 byte blocks."""
29 |
30 | assert len(stuff)
31 | assert len(stuff) % 16 == 0
32 | blocks = []
33 | for i in range(0, len(stuff), 16):
34 | blocks.append(stuff[i : i + 16])
35 | return blocks
36 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-handout/api/pyproject.toml:
--------------------------------------------------------------------------------
1 | [tool.poetry]
2 | name = "mvmcryption"
3 | version = "0.0.0"
4 | description = "much secure"
5 | authors = ["xtea418"]
6 | readme = "README.md"
7 |
8 | [tool.poetry.dependencies]
9 | python = "^3.12"
10 | pycryptodome = "^3.21.0"
11 | pydantic = "^2.10.2"
12 | fastapi = {extras = ["standard"], version = "^0.115.5"}
13 | argon2-cffi = "^23.1.0"
14 | fastecdsa = "^3.0.0"
15 | pwntools = "^4.14.0"
16 |
17 |
18 | [tool.poetry.group.dev.dependencies]
19 | ruff = "^0.9.2"
20 | pytest = "^8.3.4"
21 |
22 | [build-system]
23 | requires = ["poetry-core"]
24 | build-backend = "poetry.core.masonry.api"
25 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-handout/api/tests/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x3ctf/challenges-2025/b58889e47d087c84a18cebfeff975cbf0f5e759c/crypto/much-vulnerable-machine-3/challenge-handout/api/tests/__init__.py
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-handout/api/tests/test_cipher.py:
--------------------------------------------------------------------------------
1 | from random import getrandbits, seed
2 |
3 | import pytest
4 | from Crypto.Util.number import long_to_bytes
5 | from mvmcryption.crypto.cipher import XSCBCCipher
6 | from mvmcryption.crypto.rsa import RSA
7 |
8 |
9 | @pytest.mark.parametrize("msg", [b"helo", b'{"get pwned": 1337}'])
10 | @pytest.mark.parametrize("d", [1337, 895])
11 | def test_xscbccipher(msg: bytes, d: int):
12 | key = long_to_bytes(d, 16)
13 | rsa = RSA()
14 | ciph = XSCBCCipher(key, rsa)
15 |
16 | seed(69)
17 | iv = long_to_bytes(getrandbits(128), 16)
18 | seed(69)
19 | ct, sig = ciph.encrypt(msg)
20 |
21 | assert ct
22 | assert sig
23 |
24 | assert msg == ciph.decrypt(ct, sig, iv)
25 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-handout/api/tests/test_ecdsa.py:
--------------------------------------------------------------------------------
1 | import pytest
2 | from mvmcryption.crypto.ecdsa import ECDSA, decode_signature, encode_signature
3 |
4 |
5 | @pytest.mark.parametrize("msg", [b"helo", b'{"get pwned": 1337}'])
6 | @pytest.mark.parametrize("d", [1337, 895])
7 | def test_ecdsa(msg: bytes, d: int):
8 | ecdsa = ECDSA(d)
9 | sig = ecdsa.sign(msg)
10 |
11 | assert ecdsa.verify(sig, msg)
12 |
13 |
14 | @pytest.mark.parametrize("msg", [b"helo", b'{"get pwned": 1337}'])
15 | @pytest.mark.parametrize("d", [1337, 895])
16 | def test_ecdsa_signature_encoding_decoding(msg: bytes, d: int):
17 | ecdsa = ECDSA(d)
18 | sig = ecdsa.sign(msg)
19 | encoded_sig = encode_signature(sig)
20 | assert ecdsa.verify(decode_signature(encoded_sig.split(".")), msg)
21 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-handout/compose.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # local only!
3 |
4 | services:
5 | api:
6 | build:
7 | context: ./api
8 | ports:
9 | - "8000:8000"
10 | environment:
11 | - DB_PATH=/tmp/database.db
12 | - ADMIN_PASSWORD=somenotbruteforceablepasswordbrrrrrrrrrr
13 | - FLAG=MVM{f4k3_fl4g}
14 | - ENV=DEV
15 | command: ["fastapi", "dev", "./mvmcryption/app.py", "--host", "0.0.0.0"]
16 | volumes:
17 | - ./api:/app
18 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-solution/solve.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | rm -rf tmp
4 |
5 | cp -r ../challenge-src/api tmp
6 | cp solve.py tmp
7 |
8 | cd tmp && git clone https://github.com/jvdsn/crypto-attacks/ ./cryptoattacks
9 |
10 | python3 ./solve.py
11 |
12 | cd ..
13 |
14 | rm -rf tmp
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-src/.gitignore:
--------------------------------------------------------------------------------
1 | __pycache__/
2 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-src/api/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:3.12-slim
2 |
3 | ENV PYTHONUNBUFFERED=1 \
4 | POETRY_VIRTUALENVS_CREATE=false
5 |
6 | WORKDIR /app
7 |
8 | COPY pyproject.toml poetry.lock ./
9 |
10 | RUN pip install --no-cache-dir poetry \
11 | && poetry config virtualenvs.create false \
12 | && poetry install --only main --no-interaction --no-ansi --no-root \
13 | && apt update \
14 | && apt install -y --no-install-recommends wait-for-it \
15 | && rm -rf /var/lib/apt/lists/*
16 |
17 |
18 | COPY . .
19 |
20 | EXPOSE 8000
21 |
22 | CMD ["fastapi", "run", "./mvmcryption/app.py"]
23 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-src/api/mvmcryption/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x3ctf/challenges-2025/b58889e47d087c84a18cebfeff975cbf0f5e759c/crypto/much-vulnerable-machine-3/challenge-src/api/mvmcryption/__init__.py
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-src/api/mvmcryption/crypto/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x3ctf/challenges-2025/b58889e47d087c84a18cebfeff975cbf0f5e759c/crypto/much-vulnerable-machine-3/challenge-src/api/mvmcryption/crypto/__init__.py
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-src/api/mvmcryption/db/__init__.py:
--------------------------------------------------------------------------------
1 | from __future__ import annotations
2 |
3 | from mvmcryption.environ import getenv
4 |
5 | from .db import connect
6 | from .users import Users
7 |
8 | ADMIN_PASSWORD = getenv("ADMIN_PASSWORD")
9 |
10 | TABLE_QUERY = """
11 | CREATE TABLE IF NOT EXISTS users (
12 | id INTEGER PRIMARY KEY,
13 | username VARCHAR(50) NOT NULL UNIQUE,
14 | email VARCHAR(100) NOT NULL UNIQUE,
15 | password VARCHAR(100) NOT NULL
16 | );
17 | """
18 |
19 |
20 | def initialize() -> None:
21 | with connect() as conn:
22 | conn.executescript(TABLE_QUERY)
23 | try:
24 | Users(conn).create(
25 | username="admin",
26 | email="admin@this-company-luckily-does-not-exist.mvm",
27 | password=ADMIN_PASSWORD,
28 | )
29 | except Exception as e: # maybe it already exists
30 | print(e)
31 |
32 |
33 | __all__ = [
34 | "Users",
35 | "initialize",
36 | ]
37 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-src/api/mvmcryption/environ.py:
--------------------------------------------------------------------------------
1 | import os
2 |
3 |
4 | def getenv(key: str) -> str:
5 | """Get environment variable and raise an error if it is unset."""
6 | if val := os.getenv(key):
7 | return val
8 | msg = "ENV variable %s is required!"
9 | raise OSError(msg % key)
10 |
11 |
12 | IS_DEV = os.getenv("ENV") == "DEV"
13 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-src/api/mvmcryption/resp.py:
--------------------------------------------------------------------------------
1 | from __future__ import annotations
2 |
3 | from fastapi import HTTPException, status
4 |
5 | PERMISSION_DENIED = HTTPException(
6 | status_code=status.HTTP_403_FORBIDDEN,
7 | detail="Permission denied.",
8 | )
9 |
10 |
11 | def not_found(model: object) -> HTTPException:
12 | return HTTPException(
13 | status_code=status.HTTP_404_NOT_FOUND,
14 | detail=f"{model.__name__} not found.",
15 | )
16 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-src/api/mvmcryption/routers/__init__.py:
--------------------------------------------------------------------------------
1 | from .auth import auth_router as auth
2 | from .crypto import crypto_router as crypto
3 | from .users import users_router as users
4 |
5 | __all__ = [
6 | "auth",
7 | "crypto",
8 | "users",
9 | ]
10 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-src/api/mvmcryption/utils.py:
--------------------------------------------------------------------------------
1 | from base64 import urlsafe_b64decode, urlsafe_b64encode
2 |
3 |
4 | def encode(content: bytes | str) -> str:
5 | def _encode():
6 | if isinstance(content, str):
7 | return urlsafe_b64encode(content.encode()).decode()
8 | return urlsafe_b64encode(content).decode()
9 |
10 | return _encode().replace("=", "")
11 |
12 |
13 | def decode(content: str | bytes) -> bytes:
14 | rem = len(content) % 4
15 |
16 | if rem > 0:
17 | try:
18 | content += b"=" * (4 - rem)
19 | except Exception:
20 | content += "=" * (4 - rem)
21 |
22 | if isinstance(content, str):
23 | return urlsafe_b64decode(content.encode())
24 | return urlsafe_b64decode(content)
25 |
26 |
27 | def chunk(stuff: bytes):
28 | """Chunk stuff into 16 byte blocks."""
29 |
30 | assert len(stuff)
31 | assert len(stuff) % 16 == 0
32 | blocks = []
33 | for i in range(0, len(stuff), 16):
34 | blocks.append(stuff[i : i + 16])
35 | return blocks
36 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-src/api/pyproject.toml:
--------------------------------------------------------------------------------
1 | [tool.poetry]
2 | name = "mvmcryption"
3 | version = "0.0.0"
4 | description = "much secure"
5 | authors = ["xtea418"]
6 | readme = "README.md"
7 |
8 | [tool.poetry.dependencies]
9 | python = "^3.12"
10 | pycryptodome = "^3.21.0"
11 | pydantic = "^2.10.2"
12 | fastapi = {extras = ["standard"], version = "^0.115.5"}
13 | argon2-cffi = "^23.1.0"
14 | fastecdsa = "^3.0.0"
15 | pwntools = "^4.14.0"
16 |
17 |
18 | [tool.poetry.group.dev.dependencies]
19 | ruff = "^0.9.2"
20 | pytest = "^8.3.4"
21 |
22 | [build-system]
23 | requires = ["poetry-core"]
24 | build-backend = "poetry.core.masonry.api"
25 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-src/api/tests/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x3ctf/challenges-2025/b58889e47d087c84a18cebfeff975cbf0f5e759c/crypto/much-vulnerable-machine-3/challenge-src/api/tests/__init__.py
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-src/api/tests/test_cipher.py:
--------------------------------------------------------------------------------
1 | from random import getrandbits, seed
2 |
3 | import pytest
4 | from Crypto.Util.number import long_to_bytes
5 | from mvmcryption.crypto.cipher import XSCBCCipher
6 | from mvmcryption.crypto.rsa import RSA
7 |
8 |
9 | @pytest.mark.parametrize("msg", [b"helo", b'{"get pwned": 1337}'])
10 | @pytest.mark.parametrize("d", [1337, 895])
11 | def test_xscbccipher(msg: bytes, d: int):
12 | key = long_to_bytes(d, 16)
13 | rsa = RSA()
14 | ciph = XSCBCCipher(key, rsa)
15 |
16 | seed(69)
17 | iv = long_to_bytes(getrandbits(128), 16)
18 | seed(69)
19 | ct, sig = ciph.encrypt(msg)
20 |
21 | assert ct
22 | assert sig
23 |
24 | assert msg == ciph.decrypt(ct, sig, iv)
25 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-src/api/tests/test_ecdsa.py:
--------------------------------------------------------------------------------
1 | import pytest
2 | from mvmcryption.crypto.ecdsa import ECDSA, decode_signature, encode_signature
3 |
4 |
5 | @pytest.mark.parametrize("msg", [b"helo", b'{"get pwned": 1337}'])
6 | @pytest.mark.parametrize("d", [1337, 895])
7 | def test_ecdsa(msg: bytes, d: int):
8 | ecdsa = ECDSA(d)
9 | sig = ecdsa.sign(msg)
10 |
11 | assert ecdsa.verify(sig, msg)
12 |
13 |
14 | @pytest.mark.parametrize("msg", [b"helo", b'{"get pwned": 1337}'])
15 | @pytest.mark.parametrize("d", [1337, 895])
16 | def test_ecdsa_signature_encoding_decoding(msg: bytes, d: int):
17 | ecdsa = ECDSA(d)
18 | sig = ecdsa.sign(msg)
19 | encoded_sig = encode_signature(sig)
20 | assert ecdsa.verify(decode_signature(encoded_sig.split(".")), msg)
21 |
--------------------------------------------------------------------------------
/crypto/much-vulnerable-machine-3/challenge-src/compose.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # local only!
3 |
4 | services:
5 | api:
6 | build:
7 | context: ./api
8 | ports:
9 | - "8000:8000"
10 | environment:
11 | - DB_PATH=/tmp/database.db
12 | - ADMIN_PASSWORD=kjfkasjdfkldsaklfjklsadjflksjflkjfljfkl
13 | - FLAG=MVM{sm4l_crt_3xp0nen7s_b4d_l0l}
14 |
--------------------------------------------------------------------------------
/crypto/rubiks-dsa/challenge-src:
--------------------------------------------------------------------------------
1 | challenge-handout
--------------------------------------------------------------------------------
/crypto/rubiks-dsa/challenge.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: berg.norelect.ch/v1
2 | kind: Challenge
3 | metadata:
4 | name: rubiks-dsa
5 | namespace: berg
6 | spec:
7 | categories:
8 | - mvm
9 | - crypto
10 | difficulty: medium # Must be one of baby/easy/medium/hard/leet
11 | author: alex_hcsc
12 | flag: MVM{sp1cy_rUb1k5_ds4}
13 | flagFormat: MVM{...}
14 | description: |
15 | I made a digital signature algorithm based on the Rubik's cube, can you break it?
16 | PS: the solve script might run for a few minutes
17 | hideUntil: "2025-01-25T18:00:00+00:00"
18 | attachments:
19 | - fileName: rubiks-dsa.tar.gz
20 | downloadUrl: /handouts/rubiks-dsa.tar.gz
21 |
22 |
--------------------------------------------------------------------------------
/crypto/sourceless-crypto/challenge-solution/solution.md:
--------------------------------------------------------------------------------
1 | Find out stuff isn't random cuz nonce always += 1
2 |
3 | once you start account for the nonce this is a simple substition cipher respectively not really cipher because theres no real decryption. might as well call it a hash 💀💀💀💀💀💀
4 |
--------------------------------------------------------------------------------
/crypto/sourceless-crypto/challenge-solution/solve.py:
--------------------------------------------------------------------------------
1 | from string import printable
2 |
3 | from pwn import remote
4 |
5 | r = remote("localhost", 1337)
6 |
7 | nonce = 0
8 | r.sendlineafter(b"Operation: ", b"1")
9 | d = r.recvline()
10 | flag = eval(d.replace(b"Flag: ", b""))
11 | dflag = b""
12 |
13 | for c in flag:
14 | dflag += (int(c) ^ nonce).to_bytes(1)
15 | nonce += 1
16 |
17 |
18 | r.sendlineafter(b"Operation: ", b"2")
19 | r.sendlineafter(b"plaintext: ", printable.encode())
20 |
21 | encrypted_text = r.recvline()
22 | eaaaaa = eval(encrypted_text.replace(b"Encrypted plaintext: ", b""))
23 |
24 | eprintable = b""
25 |
26 | for c in eaaaaa:
27 | eprintable += (int(c) ^ (nonce)).to_bytes(1)
28 | nonce += 1
29 |
30 | map = {bytes(e): a for e, a in zip(eprintable, printable)}
31 |
32 | for c in dflag:
33 | print(map.get(bytes(c)), end="")
34 |
--------------------------------------------------------------------------------
/crypto/sourceless-crypto/challenge-src/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:3.12-alpine
2 |
3 | WORKDIR /app
4 |
5 | RUN apk update --no-cache && apk upgrade --no-cache && apk add socat --no-cache
6 |
7 | COPY chall.py /app
8 |
9 | ENTRYPOINT socat tcp-l:1337,fork,reuseaddr exec:/app/chall.py
--------------------------------------------------------------------------------
/misc/count-the-mvms/challenge-solution/mvm_pattern.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/x3ctf/challenges-2025/b58889e47d087c84a18cebfeff975cbf0f5e759c/misc/count-the-mvms/challenge-solution/mvm_pattern.png
--------------------------------------------------------------------------------
/misc/count-the-mvms/challenge-solution/solution.md:
--------------------------------------------------------------------------------
1 | # count-the-mvms
2 |
3 | First, extract the images:
4 | `pdfimages -all certificate_SAMPLE_TEAM.pdf`
5 |
6 | Open the resulting image and save an MVM pattern in `mvm_pattern.png`.
7 |
8 | Run the solve script to find all of the matches for the pattern.
9 |
10 | Add 3 to the number ("x3CTF x MVM" + MVM logo + "mvm organizer") + any additional mvms in team name.
11 |
12 | You should get 9336.
13 |
14 | Get the MD2 of "9336" and bake the flag: `x3c{th3r3_4re_9336_MVMs_1n_my_c3rtif1cat3_2931355ee608d35463f2ef7847474858}`
--------------------------------------------------------------------------------
/misc/count-the-mvms/challenge-solution/solve_script.py:
--------------------------------------------------------------------------------
1 | from PIL import Image
2 |
3 | pat_mvm = Image.open("mvm_pattern.png")
4 | pat_mvm_p = pat_mvm.load()
5 | im = Image.open("000.jp2")
6 | pix = im.load()
7 | width, height = im.size
8 | mvm_count = 0
9 | mvms = []
10 |
11 | for h in range(height-30):
12 | print(f"Checking: {(h*100)//(height-31)}%")
13 | for w in range(width-11):
14 | ok=True
15 | for x in range(1,30):
16 | for y in range(11):
17 | if pix[(w+x,h+y)] != pat_mvm_p[(x,y)]:
18 | ok=False
19 | break
20 | if not ok:
21 | break
22 | if ok:
23 | last_ok_w = w
24 | mvm_count += 1
25 | mvms.append((w,h))
26 |
27 | print(f"Counted {mvm_count} mvms!")
28 |
--------------------------------------------------------------------------------
/misc/foundations/challenge.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: berg.norelect.ch/v1
2 | kind: Challenge
3 | metadata:
4 | name: foundations
5 | namespace: berg
6 | spec:
7 | categories:
8 | - misc
9 | - osint
10 |
11 | difficulty: easy # Must be one of baby/easy/medium/hard/leet
12 | author: rebane2001
13 | flag: x3CTF{m4yb3_w3ll_m4ke_4_ch4ll3nge_0u7_0f_7h1s}
14 | flagFormat: x3CTF{...}
15 | description: |
16 | I wonder what the first ever x3CTF flag was...
2 |
3 |
6 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-handout/.idea/mimes-inc.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
9 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-handout/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
6 |
7 |
9 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-handout/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
8 |
9 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-handout/.idea/php.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-handout/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
6 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-handout/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM php:8.3-apache-bookworm
2 |
3 | WORKDIR /var/www/html
4 |
5 | COPY flag.txt /flag.txt
6 |
7 | COPY src/ .
8 |
9 | RUN useradd --user-group --system --create-home --no-log-init app
10 |
11 | RUN chown app magicians
12 |
13 | USER app
14 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-handout/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: "3.4"
2 |
3 | services:
4 | magicians:
5 | build: "."
6 | ports:
7 | - "80:80"
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-handout/flag.txt:
--------------------------------------------------------------------------------
1 | MVM{...}
2 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-handout/magicians-agency.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
8 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-handout/src/booking.php:
--------------------------------------------------------------------------------
1 |
4 |
5 | Booking
6 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-handout/src/index.php:
--------------------------------------------------------------------------------
1 |
4 |
5 | Bringing magic to you since 1970
6 |
7 | Refer to the various sub-pages for information and configuration.
8 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-handout/src/magicians.php:
--------------------------------------------------------------------------------
1 |
4 |
5 |
6 | Choose from our superb variety of magicians
7 |
8 |
9 |
19 |
$name
20 |
21 |
This page does not exist ):
";
17 | exit();
18 | }
19 |
20 | function interpret($section) {
21 | $content = null;
22 |
23 | switch ($section->type) {
24 | case "text":
25 | $content = $section->value;
26 | break;
27 | case "link":
28 | $content = file_get_contents($section->value);
29 | break;
30 | }
31 |
32 | return "<$section->tag>$contenttag>";
33 | }
34 |
35 | echo "
";
36 |
37 | foreach ($pageObject->sections as $section) {
38 | echo interpret($section);
39 | }
40 |
41 | echo "";
42 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-handout/src/style.css:
--------------------------------------------------------------------------------
1 | .magician-image {
2 | width: 500px;
3 | height: 500px;
4 | object-fit: cover;
5 | }
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-solution/exfil.json:
--------------------------------------------------------------------------------
1 | {"num": "\x56","sections":[{"type":"link","tag":"h1","value":"/flag.txt"}]}
2 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-solution/magic.txt:
--------------------------------------------------------------------------------
1 | 0 string { foo image bar
2 | !:mime image/jpeg
3 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-solution/magic.xbm:
--------------------------------------------------------------------------------
1 | 0 string { foo image bar
2 | !:mime image/jpeg
3 |
4 |
5 | #define test_width 16
6 | #define test_height 7
7 | #static unsigned char test_bits[] = {0x13, 0x00, 0x15, 0x00, 0x93, 0xcd, 0x55, 0xa5, 0x93, 0xc5, 0x00, 0x80, 0x00, 0x60};
8 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-src/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /shelf/
3 | /workspace.xml
4 | # Editor-based HTTP Client requests
5 | /httpRequests/
6 | # Datasource local storage ignored files
7 | /dataSources/
8 | /dataSources.local.xml
9 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-src/.idea/inspectionProfiles/Project_Default.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
6 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-src/.idea/mimes-inc.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
9 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-src/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
6 |
7 |
9 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-src/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
8 |
9 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-src/.idea/php.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-src/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
6 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-src/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM php:8.3-apache-bookworm
2 |
3 | WORKDIR /var/www/html
4 |
5 | COPY flag.txt /flag.txt
6 |
7 | COPY src/ .
8 |
9 | RUN useradd --user-group --system --create-home --no-log-init app
10 |
11 | RUN chown app magicians
12 |
13 | USER app
14 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-src/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: "3.4"
2 |
3 | services:
4 | magicians:
5 | build: "."
6 | ports:
7 | - "80:80"
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-src/flag.txt:
--------------------------------------------------------------------------------
1 | MVM{c7f5_4r3_4_m461c_pl4c3_4r3n7_7h3y}
2 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-src/magicians-agency.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
8 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-src/src/booking.php:
--------------------------------------------------------------------------------
1 |
4 |
5 | Booking
6 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-src/src/index.php:
--------------------------------------------------------------------------------
1 |
4 |
5 | Bringing magic to you since 1970
6 |
7 | Refer to the various sub-pages for information and configuration.
8 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-src/src/magicians.php:
--------------------------------------------------------------------------------
1 |
4 |
5 |
6 | Choose from our superb variety of magicians
7 |
8 |
9 |
19 |
$name
20 |
21 |
This page does not exist ):
";
17 | exit();
18 | }
19 |
20 | function interpret($section) {
21 | $content = null;
22 |
23 | switch ($section->type) {
24 | case "text":
25 | $content = $section->value;
26 | break;
27 | case "link":
28 | $content = file_get_contents($section->value);
29 | break;
30 | }
31 |
32 | return "<$section->tag>$contenttag>";
33 | }
34 |
35 | echo "
";
36 |
37 | foreach ($pageObject->sections as $section) {
38 | echo interpret($section);
39 | }
40 |
41 | echo "";
42 |
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge-src/src/style.css:
--------------------------------------------------------------------------------
1 | .magician-image {
2 | width: 500px;
3 | height: 500px;
4 | object-fit: cover;
5 | }
--------------------------------------------------------------------------------
/web/MVMCheckers-Inc/challenge.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: berg.norelect.ch/v1
2 | kind: Challenge
3 | metadata:
4 | name: mvmcheckers-inc
5 | namespace: berg
6 | spec:
7 | categories:
8 | - mvm
9 | - web
10 | difficulty: hard
11 | author: joneswastaken
12 | flag: MVM{c7f5_4r3_4_m461c_pl4c3_4r3n7_7h3y}
13 | flagFormat: MVM{...}
14 | description: |
15 | Welcome new employee! As you are aware, we at SpellCheckers MVMCheckers Inc. are the foremost experts at creating magical days for
16 | our clients. Please fell free to explore our administration application. Be aware that we are currently rebuilding the
17 | system using our proprietary, cutting edge interpreter.
18 | containers:
19 | - hostname: mvmcheckers-inc
20 | image: gcr.io/mvm-x3ctf/x3ctf/challenge/mvmcheckers-inc:latest
21 | resourceLimits:
22 | cpu: "0.2"
23 | memory: "100Mi"
24 | ports:
25 | - port: 80
26 | protocol: tcp # Must be either tcp/udp
27 | appProtocol: http # Signal to the frontend how to connect. For web services, use http. If unsure, use tcp.
28 | type: publicTlsRoute
29 | attachments:
30 | - fileName: MVMCheckers-Inc.tar.gz
31 | downloadUrl: /handouts/MVMCheckers-Inc.tar.gz
32 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM golang:1.22 AS bebuilder
2 | WORKDIR /source
3 | COPY backend/go.mod backend/go.sum /source/
4 | RUN go mod download
5 | COPY backend/ .
6 | RUN uname -a && go build -o server ./cmd/server
7 |
8 | FROM node:22 AS febuilder
9 | WORKDIR /app
10 | COPY frontend/package.json frontend/yarn.lock frontend/.yarnrc.yml /app/
11 | COPY frontend/.yarn /app/.yarn
12 | RUN yarn install --immutable
13 | COPY frontend/ .
14 | RUN yarn build
15 |
16 | # FROM gcr.io/distroless/cc AS final
17 | FROM debian:latest AS final
18 | RUN apt-get -y update && apt-get -y install chromium && rm -rf /var/lib/apt/lists/*
19 | COPY --from=bebuilder /source/server /server
20 | COPY --from=febuilder /app/dist /frontend
21 | ENV FRONTEND_DIST /frontend/
22 | # USER nonroot
23 | CMD ["/server"]
24 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/backend/.gitignore:
--------------------------------------------------------------------------------
1 | target
2 | foo.db
3 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/backend/justfile:
--------------------------------------------------------------------------------
1 |
2 | tidy:
3 | go mod tidy
4 |
5 | gen:
6 | go generate ./...
7 |
8 | run: gen tidy
9 | FRONTEND_URL=http://localhost:8080 \
10 | FLAG=CTE24{foo} \
11 | DATABASE_URL=postgres://postgres:postgres@localhost:5432/cwte2024 \
12 | FRONTEND_DIST=../frontend/dist \
13 | go run ./cmd/server
14 |
15 | test: tidy
16 | go test ./pkg/...
17 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/backend/pkg/apq/cache.go:
--------------------------------------------------------------------------------
1 | package apq
2 |
3 | import (
4 | "context"
5 |
6 | "github.com/99designs/gqlgen/graphql"
7 | "github.com/boxmein/cwte2024-chall/pkg/smallhmap"
8 | "github.com/boxmein/cwte2024-chall/pkg/tenant"
9 | )
10 |
11 | type APQCache struct {
12 | queries smallhmap.SmallHmap
13 | }
14 |
15 | // Add implements graphql.Cache.
16 | func (a *APQCache) Add(ctx context.Context, key string, value any) {
17 | t := tenant.GetTenantID(ctx)
18 | key = t + key
19 | a.queries.Add(ctx, key, value)
20 | }
21 |
22 | // Get implements graphql.Cache.
23 | func (a *APQCache) Get(ctx context.Context, key string) (value any, ok bool) {
24 | t := tenant.GetTenantID(ctx)
25 | key = t + key
26 | return a.queries.Get(ctx, key)
27 | }
28 |
29 | var _ graphql.Cache = (*APQCache)(nil)
30 |
31 | func NewAPQCache() graphql.Cache {
32 | return &APQCache{queries: smallhmap.New()}
33 | }
34 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/backend/pkg/db/db.go:
--------------------------------------------------------------------------------
1 | package db
2 |
3 | import (
4 | "context"
5 | "database/sql"
6 |
7 | _ "github.com/jackc/pgx/v5/stdlib"
8 |
9 | _ "github.com/mattn/go-sqlite3"
10 | )
11 |
12 | func GetSqlite() (*sql.DB, error) {
13 | return sql.Open("sqlite3", "foo.db")
14 | }
15 |
16 | func GetPostgres(ctx context.Context, url string) (*sql.DB, error) {
17 | return sql.Open("pgx", url)
18 | }
19 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/backend/pkg/flagcookie/flagcookie.go:
--------------------------------------------------------------------------------
1 | package flagcookie
2 |
3 | import "context"
4 |
5 | type flagcookieCtxKey struct{}
6 |
7 | var flagcookieCtxKeyInstance = &flagcookieCtxKey{}
8 |
9 | func SetFlagCookie(ctx context.Context, flagCookie string) context.Context {
10 | return context.WithValue(ctx, flagcookieCtxKeyInstance, flagCookie)
11 | }
12 |
13 | func GetFlagCookie(ctx context.Context) string {
14 | return ctx.Value(flagcookieCtxKeyInstance).(string)
15 | }
16 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/backend/pkg/graph/gqlgen-directives.graphql:
--------------------------------------------------------------------------------
1 | # https://gqlgen.com/config/
2 | # Directives from gqlgen to configure code-gen inline in the schema.
3 |
4 | directive @goModel(
5 | model: String
6 | models: [String!]
7 | forceGenerate: Boolean
8 | ) on OBJECT | INPUT_OBJECT | SCALAR | ENUM | INTERFACE | UNION
9 |
10 | directive @goField(
11 | forceResolver: Boolean
12 | name: String
13 | omittable: Boolean
14 | ) on INPUT_FIELD_DEFINITION | FIELD_DEFINITION
15 |
16 | directive @goTag(
17 | key: String!
18 | value: String
19 | ) on INPUT_FIELD_DEFINITION | FIELD_DEFINITION
20 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/backend/pkg/graph/model/models_gen.go:
--------------------------------------------------------------------------------
1 | // Code generated by github.com/99designs/gqlgen, DO NOT EDIT.
2 |
3 | package model
4 |
5 | import (
6 | "github.com/boxmein/cwte2024-chall/pkg/model"
7 | )
8 |
9 | type Mutation struct {
10 | }
11 |
12 | type Query struct {
13 | }
14 |
15 | type StoryExportInput struct {
16 | StoryID int `json:"storyId"`
17 | Dimensions model.Dimensions `json:"dimensions"`
18 | }
19 |
20 | type StoryInput struct {
21 | Text string `json:"text"`
22 | Action string `json:"action"`
23 | Image int `json:"image"`
24 | }
25 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/backend/pkg/graph/resolver.go:
--------------------------------------------------------------------------------
1 | package graph
2 |
3 | import (
4 | "github.com/boxmein/cwte2024-chall/pkg/repository/exports"
5 | "github.com/boxmein/cwte2024-chall/pkg/repository/images"
6 | "github.com/boxmein/cwte2024-chall/pkg/repository/stories"
7 | )
8 |
9 | //go:generate go run github.com/99designs/gqlgen generate
10 |
11 | // This file will not be regenerated automatically.
12 | //
13 | // It serves as dependency injection for your app, add any dependencies you require here.
14 |
15 | type ResolverDB struct {
16 | Stories stories.StoriesRepository
17 | Images images.ImagesRepository
18 | Exports exports.ExportsRepository
19 | }
20 |
21 | type Resolver struct {
22 | DB ResolverDB
23 | }
24 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/backend/pkg/model/dimensions.go:
--------------------------------------------------------------------------------
1 | package model
2 |
3 | type Dimensions string
4 |
5 | const (
6 | DimensionsFlipperZero Dimensions = "FLIPPER_ZERO"
7 | DimensionsSamsungGalaxyFold Dimensions = "SAMSUNG_GALAXY_FOLD"
8 | DimensionsIphone14 Dimensions = "IPHONE_14"
9 | DimensionsIphone14Max Dimensions = "IPHONE_14_MAX"
10 | DimensionsSquare400x400 Dimensions = "SQUARE_400X400"
11 | )
12 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/backend/pkg/model/id.go:
--------------------------------------------------------------------------------
1 | package model
2 |
3 | import "fmt"
4 |
5 | // ID is a newtype that represents an ID. It is just a string
6 | type ID string
7 |
8 | func ConvertToID(integerId int64) ID {
9 | return ID(fmt.Sprintf("%d", integerId))
10 | }
11 |
12 | // ID is a newtype that represents an ID. It is just a string
13 | type StoryID string
14 |
15 | func ConvertToStoryID(integerId int64) StoryID {
16 | return StoryID(fmt.Sprintf("%d", integerId))
17 | }
18 |
19 | // ID is a newtype that represents an ID. It is just a string
20 | type ImageID string
21 |
22 | func ConvertToImageID(integerId int64) ImageID {
23 | return ImageID(fmt.Sprintf("%d", integerId))
24 | }
25 |
26 | // ID is a newtype that represents an ID. It is just a string
27 | type ExportID string
28 |
29 | func ConvertToExportID(integerId int64) ExportID {
30 | return ExportID(fmt.Sprintf("%d", integerId))
31 | }
32 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/backend/pkg/tenant/tenant.go:
--------------------------------------------------------------------------------
1 | package tenant
2 |
3 | import "context"
4 |
5 | type tenantCtxKey struct{}
6 |
7 | var tenantCtxKeyInstance = &tenantCtxKey{}
8 |
9 | func SetTenantID(ctx context.Context, tenantID string) context.Context {
10 | return context.WithValue(ctx, tenantCtxKeyInstance, tenantID)
11 | }
12 |
13 | func GetTenantID(ctx context.Context) string {
14 | return ctx.Value(tenantCtxKeyInstance).(string)
15 | }
16 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/backend/tools.go:
--------------------------------------------------------------------------------
1 | // go:build tools
2 | package tools
3 |
4 | import (
5 | _ "github.com/99designs/gqlgen"
6 | )
7 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/compose.yml:
--------------------------------------------------------------------------------
1 |
2 | services:
3 | beandfe:
4 | build: .
5 | image: ghcr.io/boxmein/cwte2024-challenge-backend:latest
6 | ports:
7 | - '8080:8080'
8 | environment:
9 | DATABASE_URL: postgres://postgres:postgres@db:5432/cwte2024
10 | FLAG: 'CTE24{flag}'
11 | GIN_MODE: release
12 | depends_on:
13 | db:
14 | condition: service_healthy
15 |
16 | db:
17 | image: postgres:16
18 | environment:
19 | POSTGRES_USER: postgres
20 | POSTGRES_PASSWORD: postgres
21 | POSTGRES_DB: cwte2024
22 | ports:
23 | - '5432:5432'
24 | volumes:
25 | - dbdata:/var/lib/postgresql/data
26 | - ./seed/:/docker-entrypoint-initdb.d/
27 | healthcheck:
28 | test: ['CMD', 'pg_isready', '--username', 'postgres']
29 | interval: 10s
30 | timeout: 5s
31 | retries: 10
32 | start_period: 120s
33 | volumes:
34 | dbdata:
35 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/frontend/.env:
--------------------------------------------------------------------------------
1 | VITE_API_URL=http://localhost:8080/api
2 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/frontend/.eslintrc.cjs:
--------------------------------------------------------------------------------
1 | module.exports = {
2 | root: true,
3 | env: { browser: true, es2020: true },
4 | extends: [
5 | 'eslint:recommended',
6 | 'plugin:@typescript-eslint/recommended',
7 | 'plugin:react-hooks/recommended',
8 | ],
9 | ignorePatterns: ['dist', '.eslintrc.cjs'],
10 | parser: '@typescript-eslint/parser',
11 | plugins: ['react-refresh'],
12 | rules: {
13 | 'react-refresh/only-export-components': [
14 | 'warn',
15 | { allowConstantExport: true },
16 | ],
17 | },
18 | }
19 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/frontend/.gitattributes:
--------------------------------------------------------------------------------
1 | * eol=lf text=auto
2 |
3 | *.cjs binary
4 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/frontend/.gitignore:
--------------------------------------------------------------------------------
1 | # Logs
2 | logs
3 | *.log
4 | npm-debug.log*
5 | yarn-debug.log*
6 | yarn-error.log*
7 | pnpm-debug.log*
8 | lerna-debug.log*
9 |
10 | node_modules
11 | dist
12 | dist-ssr
13 | *.local
14 |
15 | # Editor directories and files
16 | .vscode/*
17 | !.vscode/extensions.json
18 | .idea
19 | .DS_Store
20 | *.suo
21 | *.ntvs*
22 | *.njsproj
23 | *.sln
24 | *.sw?
25 |
26 | .yarn/install-state.gz
27 | .yarn/cache
28 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/frontend/.prettierrc:
--------------------------------------------------------------------------------
1 | {
2 | "tabWidth": 2,
3 | "semi": true,
4 | "useTabs": false
5 | }
6 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/frontend/.yarnrc.yml:
--------------------------------------------------------------------------------
1 | nodeLinker: node-modules
2 |
3 | yarnPath: .yarn/releases/yarn-4.3.1.cjs
4 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/frontend/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM node:22 AS builder
2 | WORKDIR /app
3 | COPY package.json yarn.lock .yarnrc.yml /app/
4 | COPY .yarn /app/.yarn
5 | RUN yarn install --immutable
6 | COPY . .
7 | RUN yarn build
8 | FROM nginx:alpine AS final
9 | COPY --from=builder /app/dist /usr/share/nginx/html
10 | COPY nginx.conf /etc/nginx/nginx.conf
11 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/frontend/index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Story Builder
8 |
9 |
10 |
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/frontend/src/components/FullPageLoading.tsx:
--------------------------------------------------------------------------------
1 | import styled from "@emotion/styled";
2 | import { CircularProgress } from "@mui/material";
3 |
4 | const Layout = styled.div`
5 | width: 500px;
6 | height: 400px;
7 | display: flex;
8 | flex-direction: column;
9 | justify-content: center;
10 | align-items: center;
11 | gap: 35px;
12 | `;
13 |
14 | export function FullPageLoading() {
15 | return (
16 |
17 | Loading...
19 |
20 | );
21 | }
22 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/frontend/src/main.css:
--------------------------------------------------------------------------------
1 | html,body {
2 | width: 100%;
3 | height: 100%;
4 | margin: 0;
5 | padding: 0;
6 | }
7 |
8 |
9 | #root {
10 | min-height: 100vh;
11 | }
12 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/frontend/src/pages/ListStoriesPage/ListStoriesPage.tsx:
--------------------------------------------------------------------------------
1 | import { gql, useQuery } from "@apollo/client";
2 | import { Alert } from "@mui/material";
3 | import { NavLink } from "react-router-dom";
4 | import { FullPageLoading } from "../../components/FullPageLoading";
5 |
6 | export function ListStoriesPage() {
7 | const { loading, error, data } = useQuery(gql`
8 | query ListStories {
9 | stories {
10 | id
11 | text
12 | }
13 | }
14 | `);
15 |
16 | if (loading) {
17 | return My Stories
23 | {error && Error: {error.message} }
24 |
25 | {data.stories.map((story: { id: number; text: string }) => (
26 |
27 | {story.text}
28 |
29 | ))}
30 |
31 |
32 | );
33 | }
34 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-handout/handout/frontend/src/pages/ViewStoryPage/ViewStoryPage.tsx:
--------------------------------------------------------------------------------
1 | import { gql, useQuery } from "@apollo/client";
2 | import { Alert } from "@mui/material";
3 | import { useParams } from "react-router-dom";
4 | import { FullPageLoading } from "../../components/FullPageLoading";
5 | import { RenderStory } from "../../components/story";
6 |
7 | export function ViewStoryPage() {
8 | const { id } = useParams();
9 | const { data, loading, error } = useQuery(
10 | gql`
11 | query ViewStoryPage($id: Int!) {
12 | foo
13 | story(id: $id) {
14 | id
15 | text
16 | action
17 | image {
18 | url
19 | }
20 | }
21 | }
22 | `,
23 | { variables: { id } },
24 | );
25 |
26 | if (loading) {
27 | return View Story
33 | {error && Error: {error.message} }
34 | {data && Story Builder
8 |
9 |
10 |
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-src/frontend/src/components/FullPageLoading.tsx:
--------------------------------------------------------------------------------
1 | import styled from "@emotion/styled";
2 | import { CircularProgress } from "@mui/material";
3 |
4 | const Layout = styled.div`
5 | width: 500px;
6 | height: 400px;
7 | display: flex;
8 | flex-direction: column;
9 | justify-content: center;
10 | align-items: center;
11 | gap: 35px;
12 | `;
13 |
14 | export function FullPageLoading() {
15 | return (
16 |
17 | Loading...
19 |
20 | );
21 | }
22 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-src/frontend/src/main.css:
--------------------------------------------------------------------------------
1 | html,body {
2 | width: 100%;
3 | height: 100%;
4 | margin: 0;
5 | padding: 0;
6 | }
7 |
8 |
9 | #root {
10 | min-height: 100vh;
11 | }
12 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-src/frontend/src/pages/ListStoriesPage/ListStoriesPage.tsx:
--------------------------------------------------------------------------------
1 | import { gql, useQuery } from "@apollo/client";
2 | import { Alert } from "@mui/material";
3 | import { NavLink } from "react-router-dom";
4 | import { FullPageLoading } from "../../components/FullPageLoading";
5 |
6 | export function ListStoriesPage() {
7 | const { loading, error, data } = useQuery(gql`
8 | query ListStories {
9 | stories {
10 | id
11 | text
12 | }
13 | }
14 | `);
15 |
16 | if (loading) {
17 | return My Stories
23 | {error && Error: {error.message} }
24 |
25 | {data.stories.map((story: { id: number; text: string }) => (
26 |
27 | {story.text}
28 |
29 | ))}
30 |
31 |
32 | );
33 | }
34 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-src/frontend/src/pages/ViewStoryPage/ViewStoryPage.tsx:
--------------------------------------------------------------------------------
1 | import { gql, useQuery } from "@apollo/client";
2 | import { Alert } from "@mui/material";
3 | import { useParams } from "react-router-dom";
4 | import { FullPageLoading } from "../../components/FullPageLoading";
5 | import { RenderStory } from "../../components/story";
6 |
7 | export function ViewStoryPage() {
8 | const { id } = useParams();
9 | const { data, loading, error } = useQuery(
10 | gql`
11 | query ViewStoryPage($id: Int!) {
12 | foo
13 | story(id: $id) {
14 | id
15 | text
16 | action
17 | image {
18 | url
19 | }
20 | }
21 | }
22 | `,
23 | { variables: { id } },
24 | );
25 |
26 | if (loading) {
27 | return View Story
33 | {error && Error: {error.message} }
34 | {data && Story Builder
8 |
9 |
10 |
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-src/handout/frontend/src/components/FullPageLoading.tsx:
--------------------------------------------------------------------------------
1 | import styled from "@emotion/styled";
2 | import { CircularProgress } from "@mui/material";
3 |
4 | const Layout = styled.div`
5 | width: 500px;
6 | height: 400px;
7 | display: flex;
8 | flex-direction: column;
9 | justify-content: center;
10 | align-items: center;
11 | gap: 35px;
12 | `;
13 |
14 | export function FullPageLoading() {
15 | return (
16 |
17 | Loading...
19 |
20 | );
21 | }
22 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-src/handout/frontend/src/main.css:
--------------------------------------------------------------------------------
1 | html,body {
2 | width: 100%;
3 | height: 100%;
4 | margin: 0;
5 | padding: 0;
6 | }
7 |
8 |
9 | #root {
10 | min-height: 100vh;
11 | }
12 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-src/handout/frontend/src/pages/ListStoriesPage/ListStoriesPage.tsx:
--------------------------------------------------------------------------------
1 | import { gql, useQuery } from "@apollo/client";
2 | import { Alert } from "@mui/material";
3 | import { NavLink } from "react-router-dom";
4 | import { FullPageLoading } from "../../components/FullPageLoading";
5 |
6 | export function ListStoriesPage() {
7 | const { loading, error, data } = useQuery(gql`
8 | query ListStories {
9 | stories {
10 | id
11 | text
12 | }
13 | }
14 | `);
15 |
16 | if (loading) {
17 | return My Stories
23 | {error && Error: {error.message} }
24 |
25 | {data.stories.map((story: { id: number; text: string }) => (
26 |
27 | {story.text}
28 |
29 | ))}
30 |
31 |
32 | );
33 | }
34 |
--------------------------------------------------------------------------------
/web/StoryCreator/challenge-src/handout/frontend/src/pages/ViewStoryPage/ViewStoryPage.tsx:
--------------------------------------------------------------------------------
1 | import { gql, useQuery } from "@apollo/client";
2 | import { Alert } from "@mui/material";
3 | import { useParams } from "react-router-dom";
4 | import { FullPageLoading } from "../../components/FullPageLoading";
5 | import { RenderStory } from "../../components/story";
6 |
7 | export function ViewStoryPage() {
8 | const { id } = useParams();
9 | const { data, loading, error } = useQuery(
10 | gql`
11 | query ViewStoryPage($id: Int!) {
12 | foo
13 | story(id: $id) {
14 | id
15 | text
16 | action
17 | image {
18 | url
19 | }
20 | }
21 | }
22 | `,
23 | { variables: { id } },
24 | );
25 |
26 | if (loading) {
27 | return View Story
33 | {error && Error: {error.message} }
34 | {data &&