My CTF Challenges
Below are a list of all CTF challenges that I wrote. I'll keep updating this list.
I've deployed a demo site for most of the challenges. It's not guaranteed that the demo site works as intended though (they are not tested nor actively looked after)... The demo sites are offered as a courtesy, because I believe it's a great learning opportunity for others, and my way of giving back to the community. Congrats if you get RCE, but please do not use the server for other purposes (e.g. mining). If I found that out, I'll take down the server, and it won't benefit anyone :(
Update (2020-07-27): these servers are temporarily taken down and links are removed from this page.
API Service Proxy
A vulnerable API Gateway infra with 4 flags: easyssrf, sqli, hardssrf, bac. This was designed as an assignment for students in UNSW's COMP6843 (Extended Web Application Security) course.
- Source Code & Solution: https://github.com/adamyi/comp6443aspchallenge
A set of company infrastructure for a BeyondCorp-like zero-trust network, flag submission via working email server (can phish flags from other teams), binary challenges tunneling over websocket, monorepo CTF bazel building and deployment with team isolation, etc.
This was for SECedu CTF 2019, a national CTF competition with students from Sydney, Melbourne, as well as employees from Commonwealth Bank of Australia.
- Source Code (infra): https://github.com/adamyi/Geegle3/tree/master/infra
- Source Code (everything, solution under each chal subdir): https://github.com/adamyi/Geegle3/
- All challenges description/emails (not all are unlocked for adamsfriends@): https://docs.google.com/document/d/1pgIbiwRGKaQQROt0lFuDUrE3Tk7eFbq40aJhb5hx3wY/edit
- Challenge List: https://docs.google.com/spreadsheets/d/15xOhZdRnNxNbSMNUSxPG_8K92lHa4z5SKJWPPTy5tAc/edit
Unhackable App Engine
A serverless app infra that doesn't scale lol. Hijack arbitrary page via cache key injection. This was for SecTalks Sydney Ninja Night 0x04.
- Source Code: https://github.com/sectalks/sectalks/tree/master/ctfs/NN0x04
- Solution: https://github.com/sectalks/sectalks/tree/master/ctf-solutions/NN0x04
A web challenge for exploiting race conditions. This was part of UNSW Security Society internal CTF.
- Source Code & Solution: https://github.com/unswsecuritysociety/writeups/tree/master/2019/t2internal/web/K17Coins
A Number guessing game CTF challenge. Exploit weak pseudo-random number generator, and reverse engineer gRPC/Protobuf traffic. This was part of UNSW Security Society internal CTF.
- Source Code & Solution: https://github.com/unswsecuritysociety/writeups/tree/master/2019/t2internal/misc/guess
A LaTeX injection web challenge with incremental steps (from arbitrary file read to RCE). This was part of SECedu CTF 2019.
- Source Code & Solution: https://github.com/adamyi/Geegle3/tree/master/chals/web/docs
A XSS challenge with a 5-step chain and script gadget. This was part of SECedu CTF 2019.
- Source Code & Solution: https://github.com/adamyi/Geegle3/tree/master/chals/web/pasteweb
A XSS challenge by abusing Chrome XSS Auditor and browser side channel (xsssearch + timing). This was part of SECedu CTF 2019.
- Source Code & Solution: https://github.com/adamyi/Geegle3/tree/master/chals/web/seclearn
A working search engine with a simple SSRF vulnerability. This was part of SECedu CTF 2019.
A XXE challenge, in which you need to use FTP to bypass HTTP(S) filters. This was part of SECedu CTF 2019.
- Source Code & Solution: https://github.com/adamyi/Geegle3/tree/master/chals/web/bugreport
A PHP challenge (switch weak typing + SQLi + assert RCE). This was part of SECedu CTF 2019.
- Source Code & Solution: https://github.com/adamyi/Geegle3/tree/master/chals/web/flatearth
PHP LD_PRELOAD injection to get RCE. This was part of SECedu CTF 2019.
- Source Code & Solution: https://github.com/adamyi/Geegle3/tree/master/chals/web/memegen