my-ctf-challenges

This is the repository of all the CTF challenges I've made / helped develop.

Message me on Discord at strellic if you have any questions.

RaRCTF 2021

Name	Category	Solves	Difficulty	Keywords
SecureStorage	web	??	★★★☆☆	xss, postMessage

corCTF 2021

Name	Category	Solves	Difficulty	Keywords
babyrev	rev	203	★☆☆☆☆	simple rev, xor, memfrob
smogofwar	misc	7	★★☆☆☆	chess ai, stockfish, fog of war, sockets
flagbot	misc	23	★★☆☆☆	discord bot, youtube, restricted environment, traffic sniffing
buyme	web	110	★☆☆☆☆	unsafe destructuring
phpme	web	64	★★☆☆☆	php, content-type confusion, lax+post
readme	web	46	★★☆☆☆	unsafe js eval, js vm escape
blogme	web	2	★★★★☆	xss, cloudflare csp bypass, service workers
msgme	web	1	★★★★☆	xss, websockets, webrtc csp bypass, command chaining
saasme	web	2	★★★★☆	dns rebinding, protocol smuggling, chrome remote debugging protocol
styleme	web	1	★★★★★	chrome extension, prototype pollution, novel xs-leak

HackTheBox

You can find these challenges on the HackTheBox website.

Name	Category	Solves / Blood Time	Difficulty	Keywords
AnalyticalEngine	web	1 solve at CTF end	★★★★☆	htb uni ctf, xss, novel dom clobbering, csp bypass
OOPArtDB	web	3d, 22hr for blood	★★★★☆	? (active HTB challenge)

DiceCTF 2022

Name	Category	Solves	Difficulty	Keywords
noteKeeper	web	2	★★★★★	xss, JSONP, service workers, sec-fetch-dest, MediaRecorder
vm-calc	web	2	★★★☆☆	js trivia, vm2, CVE-2022-21824
denoblog	web	3	★★★★☆	deno, ejs, nginx temp file buffering, deno sbx escape, pwn

1337UP LIVE CTF

This was a CTF I wrote challenges for, hosted by Intigriti. I forgot to record solve counts. I cowrote these challenges with BrunoZero.

Name	Category	Solves	Difficulty	Keywords
DeadTube	web	many	★☆☆☆☆	dns rebinding, ssrf, redirect
contact-alex	web	7?	★★☆☆☆	jwt, xss, path traversal, ssti

DiceCTF @ HOPE 2022

Name	Category	Solves	Difficulty	Keywords
payment-pal	web	3	★★★☆☆	prototype pollution, caching, xss, history, aes

corCTF 2022

Name	Category	Solves	Difficulty	Keywords
jsonquiz	web	573	★☆☆☆☆	baby, POST request
simplewaf	web	28	★★☆☆☆	WAF bypass, NodeJS source reading
rustshop	web	13	★★★☆☆	Rust, Axum library, deserialization
modernblog	web	1	★★★★★	React, CSS injection, novel DOM clobbering
babypwn	pwn	114	★☆☆☆☆	Rust, unsafe, printf, ret2libc
solidarity	pwn	6	★★☆☆☆	baby solana, account confusion, missing checks
sbxcalc	pwn	11	★★★☆☆	vm2, js calculator, proxy, golf

SekaiCTF 2022

Name	Category	Solves	Difficulty	Keywords
Crab Commodities	web	30	★★★☆☆	Rust, race condition, overflow
Safelist	web	3	★★★★☆	XS-leak, DOMPurify, connection pool
Obligatory Calc	web	1	★★★★★	XSS, postMessage, DOM clobbering, null origin sandboxing

Real World CTF 2023

Name	Category	Solves	Difficulty	Keywords
the cult of 8 bit	web	??	★★★★☆	XSS, SOME, CSP, iframe allow attribute

DiceCTF 2023

Name	Category	Solves	Difficulty	Keywords
recursive-csp	web	178	★☆☆☆☆	xss, PHP, CSP nonce, crc32
unfinished	web	14	★★★☆☆	express, mongodb wire protocol, curl, ssrf
jwtjail	web	3	★★★★☆	nodejs, jail, process.binding, vm escape
chess.rs	pwn	2	★★★★★	rust, wasm, uaf, unsoundness, no unsafe

corCTF 2023

Name	Category	Solves	Difficulty	Keywords
crabspace	web	4	★★★★☆	rust, xss, WebRTC, side-channel
leakynote	web	3	★★★★☆	xs-leaks, timing attack
pdf-pal	web	2	★★★★★	PDF, dns rebinding
baby-wallet	blockchain	24	★☆☆☆☆	solidity
tribunal	blockchain	10	★★★☆☆	solana, bump seed canonicalization
touch-grass	misc	89	★★★★★	grass, impossible
msfrogofwar2	misc	5	★★★☆☆	chess, frogs

SekaiCTF 2023

Name	Category	Solves	Difficulty	Keywords
Golf Jail	web	16	★★★☆☆	xss, golf, WebRTC
Leakless Note	web	4	★★★★★	xs-leaks, timing attack, postMessage