Repository for maintaining and building challenge images for W4terCTF 2023.
All challenges here are original. You can get the challenge images that can be directly used by GZ::CTF from Packages.
NOTE: Some challenges are not publicly available for confidentiality reasons. Please understand.
- All challengs should follow the challenge specification of GZCTF. Dockerfile of the challenge should be placed to
challengesdirectory. - For each challenge, please create a specific branch with name
catagory/challenge_nameand develop in that branch. Finally squash merge tomain. - For those base images that can be shared and reused by different challengs, please place then in the
basedirectory. For example,xinetd,python,php, etc. - Please open an issue to track the developing progress of a challenge if it’s necessary.
| Re | Challenge | Catagory | Difficulty | Tags | Author |
|---|---|---|---|---|---|
| 0 | NC Test | Pwn | Baby | GZTime | |
| 0 | Tic-Tac-Toe Level 0 | Pwn | Easy | Stack overflow | ConanC |
| 0 | Nimgame Level 1 | Pwn | Easy | Stack overflow | Xia0o0o0o |
| 0 | Nimgame Level 2 | Pwn | Normal | Stack overflow | Xia0o0o0o |
| 0 | 2048 | Pwn | Normal | fmtstr | Xia0o0o0o |
| 1 | Dictionary | Pwn | Medium | integer overflow, UaF | Xia0o0o0o |
| 2 | ELF Parser | Pwn | Medium | ELF, strcpy | Xia0o0o0o |
| 1 | Cherry Lab | Pwn | Hard | JS Engine | Xia0o0o0o |
| 0 | Weird Letter | Misc | Trivial | Vigenère | GZTime |
| 1 | Shadow | Misc | Easy | Op Char | GZTime |
| 1 | Chisato | Misc | Normal | PRNG | TonyCrane(AAA) |
| 0 | Spam 2023 | Misc | Normal | Codec | GZTime |
| 1 | Good QRCode | Misc | Normal | QRCode, Mask | GZTime |
| 0 | W4ter Disk | Misc | Medium | RAID, btrfs | GZTime |
| 2 | Bad QRCode | Misc | Hard | QRCode, RS | GZTime |
| 1 | Dark Maze | Misc | Expert | Maze, Revomaze | GZTime |
| 0 | Evil Traffic | Forensics | Normal | SQL Injection | GZTime |
| 1 | USB Hacker | Forensics | Medium | USB Traffic | GZTime |
| 0 | GZ RSA | Crypto | Trivial | RSA | peigong |
| 0 | Middleman | Crypto | Trivial | DH Middleman | peigong |
| 0 | Factor | Crypto | Easy | RSA | peigong |
| 0 | Chat with Philosophers 1 | Crypto | Easy | ECC | peigong |
| 1 | Chat with Philosophers 2 | Crypto | Easy | RSA | peigong |
| 2 | Chat with Philosophers 3 | Crypto | Normal | Shamir secret share | peigong |
| 1 | NGG Smooth Prime | Crypto | Medium | Discrete logarithm | ZMJ |
| 1 | Special RSA | Crypto | Medium | RSA | peigong |
| 0 | Login | Crypto | Medium | AES padding oracle | peigong |
| 0 | The Moment of Token | Web | Easy | JWT, Cookie | GZTime |
| 0 | One Number SQL | Web | Normal | SQL | tel |
| 2 | Feedback Box | Web | Normal | XSS | gbljdgb(Xp0int) |
| 0 | Deser Plus | Web | Medium | PHP, deserialize | tel |
| 1 | Nodejs Bypass | Web | Medium | JS, prototype | tel |
| 0 | Help Newnew Find Flag | Web | Medium | flask, pin | Rieß(Xp0int) |
| 1 | Secure Password Generator | Web | Hard | SQL | tel |
| 1 | Unfinished Website | Web | Hard | Java SSTI | tel |
| 0 | Lazy Puts | Reverse | Trivial | GZTime | |
| 0 | Oh My Python | Reverse | Trivial | Python | GZTime |
| 1 | Maze Digger | Reverse | Hard | WebAssembly, Rust | GZTime |
| 0 | Quiz For PyGZ | PPC | Easy | Python | GZTime |
| 0 | GGOS | PPC | Medium | GGOS, Rust | GZTime |
| Difficulty | Baby | Trivial | Easy | Normal | Medium | Hard | Expert | Insane |
|---|---|---|---|---|---|---|---|---|
| Initial Points | 200 | 500 | 1000 | 1000 | 1000 | 1000 | 1000 | 1000 |
| Minimum Points Ratio for Challenge | 50% | 20% | 20% | 20% | 20% | 20% | 30% | 30% |
| Minimum Points for Challenge | 100 | 100 | 200 | 200 | 200 | 200 | 300 | 300 |
| Difficulty Factor | 5.0 | 5.0 | 7.0 | 10.0 | 13.0 | 20.0 | 20.0 | 25.0 |
| Number of solves when reaching 50% pts | - | 6 | 7 | 10 | 14 | 20 | 25 | 30 |
.github/workflows/ # github actions
└── chal.<category>.<name>.yml # Building script for each challenge
base/ # Base image
challenges/ # Challenges directory
├── challenge1/
│ ├── build/ # Challenge building directory
│ │ ├── Dockerfile
│ │ └── more...
│ ├── attachments/ # Challenge attachment
│ └── README.md
├── challenge2/
└── more...
Please write the Dockerfile and place it in challenges then add corresponding building task action to .github/workflows. The naming should follow the format of chal.<challenge_name>.yml. The challenge needs to follow the GZCTF question specification.
basedirectory
base contains the base images that can be shared and reused by some challenges, including xinetd, python image exposed based on xinetd.
challengesdirectory
challenges contains Dockerfile of challenge and other files related to the challenges.