It is here now: https://github.com/CTFg/chalgen
chalgen generates challenges which are nodes in an evidence map
- Follow the documentation here to install
pygraphvizfor your system - Install Docker from here
- Install kubectl from here
Install the requirements:
pip install -r requirements.txt
Run the application:
python chalgen.py --help
Example challenge generator command
python chalgen.py gen --chal-config tests/test_ctf/base64/chal.yaml
To run the tests:
pytest
- take all created evidence and integrate it into this
- IRC Server
- Windows VM
- Linux VM
- netcat into a server
- Send ASCII data
- Send non ASCII data
- SSH into server
- Image metadata
- Git
- File in git objects
- Recover files from series of git commits (and git stash?)
- PCAP - (use scapy)
- Follow http stream to get username and passwords
- Recording of keyboard input
- Recording of bluetooth traffic
- Encrypted ZIP
- PDF NSA Guide
- Carve out file from file
- Extract file from docx
- Android file system
- Recover browser history from db
- Find location history and map it
- Re-assemble images from parts
- Fix broken torrent file
- EXT4 deleted file recovery
- Image in audio (Audacity thing)
- Memory dump analysis
- Diff two images to get some value
- Run program written in an esoteric language such as this
- Given a text file with numbers, convert to an audio file and listen to it for the flag (Girls Go CyberStart 2019, no links yet)
- Base 64
- Binary
- Caesar cipher
- Vigenere cipher - https://ctf101.org/cryptography/what-is-a-vigenere-cipher/
- Given a bunch of hashes, reverse them to get flag
- Substitution
- Xor
- Single byte
- Multi byte xor (needs solver)
- ECB use repeated chunks
- Padding Oracle
- Hash length extension
- RSA - https://github.com/sourcekris/RsaCtfTool
- Blog
- Twitter Clone - https://github.com/mesosphere/tweeter-go
- Facebook Clone
- Portfolio site
- Pokemon GO
- Flag in cookies
- Authorization done client side
- Path Traversal (CSAW RED 2019 Prelims, also https://medium.com/hackstreetboys/ritsec-ctf-2018-writeup-web-72a0e5aa01ad)
- Exposed files
- .htpasswd
- robots.txt
- .git
- SQLi Injection
- report error (basic)
- union select
- like query
- blind
- XSS
- Obfuscated javascript
- PHP
- Deserialize
- Using "==" to do stupid things
- SSRF
- Jinja template injection (https://0day.work/jinja2-template-injection-filter-bypasses/)
- ELF Binary
- Flag as a string in binary
- Flag is xor'd in function in binary
- Simple crackme
- APK
- Flag in resources
- Follow data from java to cpp lib
- Reverse engineer merscenne twister random generator
- Constraint solving (like this)
- Reverse custom encryption csaw hsf necronomicon
- Weird architecture (Apollo landing asm?)
- Reverse engineer jar file
- Buffer overflow
- Into data --> change value
- Into EIP --> call give shell
- Into Canary --> use data leak to guess canary
- Leak out canary because process is forking (brute_cookie: https://trailofbits.github.io/ctf/exploits/binary2.htm)
- ASLR on, ROP chain with provided parts
- ASLR on, ROP chain without provided parts (ret2libc)
- Format string
- Leak out flag with %s
- Change value of stack variable with address
- Load arbituary address and write to it (GOT table)
Some challenges for writing a basic python script on repl.it
Some challenges that use Tinker to reverse hardware components
- A challenge may provide an option to include data within it to make it story relevant
- A challenge is expected to be solvable by itself. If a challenge is not solvable by itself (i.e. encrypted zip has unguessable password), then a connection must be specified for the challenge.
- Challenges may specify a way to embed another challenge inside of themselves.
Some questions that should be answered:
- How much perscription do we want to give challenges?
- If we are creating an sql injection challenge, do we give them website and the vuln code?
- Need to figure out how the vuln plugs into a website. Have a module system for the website that you drop in views for challenges.
// TODO