- Hack.lu CTF 2018
- Petite Prison (Pwn 500): Escape minijail by making it load a statically-linked binary with the protections for a dynamically-linked binary.
- Hack.lu CTF 2019
- Save Our Planet (Web 500): Achieve uXSS by abusing a vulnerable Firefox extension.
- Numtonce (Web 499): Bypass nonce-based CSP by abusing a caching reverse proxy.
- RPDG (Web 381): Reconstruct password keystrokes by leaking tracking database contents.
- Hack.lu CTF 2020
- Confessions (Web 163): Reconstruct a secret by leaking incremental hashes via an undocumented GraphQL query that can be found via introspection.
- FluxCloud Serverless (Web 207): Bypass a WAF by draining it's credits via requests that crash it.
- FluxCloud Frontline (Web 351): Abuse TLS-SNI and WebSockets to bypass multiple layers of firewalls.
- FluxCloud DoH (Web 412): Build a Protobuf/DNS polyglot to access an internal endpoint via SSRF.
- BabyJS (Web 241): Show your knowledge of JavaScript quirks.
- Hack.lu CTF 2021
- NodeNB (Web 198): Win a session-write race condition to bypass an access check.
- trading-api (Web 285): Bypass auth and use a partially-controlled prototype pollution to perform SQLi.
-
Notifications
You must be signed in to change notification settings - Fork 2
pspaul/ctf-challenges
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
About
CTF challenges that I made!