Some CTF challenges I wrote
CTFTime: https://ctftime.org/event/1350
Site: https://ctf.circlecitycon.com/home
The table is ordered by how much I liked the challenge, the first being my favorite and the last being my least favorite.
| Challenge | Category | Difficulty | Solves | Description | Co-authors |
|---|---|---|---|---|---|
| angrbox | misc | ★★☆☆☆ | 22 | Players have to make a whitebox | |
| Casino | web | ★★☆☆☆ | 34 | CSS injection to GET endpoint | |
| Poison Prime | crypto | ★★★☆☆ | 4 | Diffie-Hellman small subgroup attack with Mersenne prime | |
| Sticky Notes | web | ★★★★★ | 3 | HTTP desync using multi-byte chars | |
| Lord Saturday | pwn | ★★☆☆☆ | 13 | Sudo exploit: Baron Samedit CVE-2021-3156 | Robin Jadoul |
| sockcamp | pwn | ★★★★☆ | 3 | Kernel pwn: escape seccomp with 1 bit flip | |
| imgfiltrate | web | ★★☆☆☆ | 27 | Exfiltrate an image using <canvas> |
|
| Puppet | web | ★★★★☆ | 10 | Abuse Chrome DevTools protocol for arbitrary file read | |
| worm 2 | pwn | ★★★☆☆ | 8 | Players have to write a self-duplicating exploit | |
| lonk | rev | ★☆☆☆☆ | 43 | Patch a slow math library on linked lists | |
| Double | forensics | ★☆☆☆☆ | 13 | Volatility memory forensics: recover a file from Docker |