This repository is organized as a multi-challenge workspace so you can keep several CTF labs in one place without splitting them into separate repositories.
ctf/
README.md
.gitignore
web-idor-takeover/
pwn-heap-uaf/
shared/
-
[
web-idor-takeover/](C:\Users\chris\OneDrive - ionio.gr\kanga\ctf\web-idor-takeover\README.md)
Deliberately vulnerable Flask dashboard challenge demonstrating IDOR/BOLA plus mass assignment on ownership transfer. -
[
pwn-heap-uaf/](C:\Users\chris\OneDrive - ionio.gr\kanga\ctf\pwn-heap-uaf\README.md)
Scaffold for a future heap exploitation challenge. This folder is structured for Dockerized binary challenges, but does not contain challenge code yet. -
[
crypto-psychic-signatures/](C:\Users\chris\OneDrive - ionio.gr\kanga\ctf\crypto-psychic-signatures\README.md)
Scaffold for a future challenge inspired by the Java ECDSA verification bypass tracked as CVE-2022-21449.
Use one top-level folder per challenge. Each challenge should keep its own:
- source files
- Dockerfile and compose file
- README
- seeded data or build artifacts
- organizer notes
- solver notes or private development notes
This keeps each lab isolated while still letting you version the full event in one repo.
web-idor-takeoverpwn-heap-uafcrypto-rsa-mistakeforensics-browser-artifacts
Use [shared/](C:\Users\chris\OneDrive - ionio.gr\kanga\ctf\shared\README.md) for event-wide notes, helper scripts, or documentation that are not specific to a single challenge.
Run each challenge from inside its own folder. For example:
cd "C:\Users\chris\OneDrive - ionio.gr\kanga\ctf\web-idor-takeover"
.\.venv\Scripts\python.exe app.pyLater, if you want one-command startup for multiple labs, you can add a root-level docker-compose.yml that references each challenge as a separate service.