CTF Challenges

CTF challenges for csictf 2020.
Explore the docs »

View Demo · Report Bug · Request Feature

Table of Contents

• About the Project
• Getting Started
  • Installation
• Template
• Contributing
• License
• Contributors

About The Project

This is a repository to store CTF challenges to be deployed for csictf.

Getting Started

Note: This is a beginner CTF, hence the challenges should be of easy / moderate difficulty.

Note: DO NOT PLAGIARIZE challenges from other CTFs. You can take inspiration but not have the exact same challenge.

The following are the categories of challenges that are to be made:

• Pwn
• Web
• OSINT
• Linux
• Crypto
• Forensics
• Reversing
• Miscellaneous

Installation

1. Clone the repo

git clone https://github.com/csivitu/ctf-challenges.git

Template

Flag Format

• The flags must be enclosed in csictf{}.
• They can have numbers, alphabets, _s, 's, !s, .s, +s, -s, @s, #s, $s, %s, :s, >s.
• They must be related to the challenge.
• They must not be so simple that you can guess them.

Here's a regex for the flag format.

/^csictf{[\w_!@#?$%\.'"+:->]{5,50}}$/

Here's a sample flag.

csictf{th1s_i5_4_s4mpl3_fl4g'+!-.@#$%?}

Directory Structure

The following are guidelines for creating challenge folders.

• Each challenge has it's own folder, which is placed in the relevant directory amongst the ones enlisted above.
• Each challenge must have a README.md file describing how to solve the challenge, along with the relevant code / files that needs to be run / deployed on the server.
• The flag must be present in the README.md for the challenge.
• We prefer having each challenge in it's own docker container, so that it's simple to deploy.

- pwn/
  - n00binary/
    - static/
      - img1.png
    - README.md
    - n00binary
    - n00binary.c
    - Dockerfile
- web/
  - localize/
    - README.md
    - localize.php
    - Dockerfile

The static folder contains images that may be used in the README.md.

Template for Challenge README

As mentioned earlier, each challenge requires a README. The README must be written in such a way that this can serve as an official write-up later. This should have the following format.

# Challenge Name

Author: [author](https://github.com/author)

## Description

Brief Description about challenge

## Requirements

- Docker: [Dockerfile](./Dockerfile)

## Sources

- [sample.py](./sample.py)
- [sample.txt](./sample.txt)

<!-- Remove this comment, and the '\' before '```' -->
\```
Challenge description to go up on the website.

Hint 1: If any - Points 100
Hint 2: If any - Points 200
\```

## Exploit

<!-- Much more detailed description than the following. -->
Reverse `sample.py` to decrypt the flag in `sample.txt.`
<br />

The last line should be the flag.
<br />

The flag is:

\```
csictf{some_flag_here}
\```

Refer to this sample for writing the exploit section.

challenge.yml

Every challenge must have a challenge.yml, in the format specified in challenge-example.yml. This is MANDATORY, without this the challenge will not be deployed. Remove the comments in the specified format, leave out the value, decay and minimum keys as they are in the template. Every challenge has 500 points initially and decays to 100 points over 450 solves.

Dockerfiles

Here are some Dockerfiles you can refer to while making your own. Make sure you test it locally before making the PR.

• Node.js Server
• Flask Server
• Netcat to Python
• Pwn Binary

Make sure you read the Dockerfiles and include the necessary files like the flag.txt. REMEMBER TO ADD THE README.md and challenge.yml FILES TO .dockerignore, BECAUSE IT HAS THE SOLUTION..

Contributing

Besides contribution of challenges, contribution of ideas for challenges is also appreciated. You can put forward your ideas to @roerohan, @theProgrammerDavid and @thebongy.

Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.

1. Fork the Project.
2. Submit your idea for the challenge in the respective README.
3. File a Pull Request with the challenge-idea tag. Each challenge must have it's own PR.
4. Once the challenge is approved, the tag is changed to challenge-approved, we comment on the PR.
5. Build the final challenge and update the same PR.
6. Make sure all commit messages are in accordance with the guidelines in CONTRIBUTING.md.
7. Any issues in the challenge will be addressed using GitHub Issues.

You are requested to follow the contribution guidelines specified in CONTRIBUTING.md while contributing to the project 😄.

License

Distributed under the MIT License. See LICENSE for more information.

Contributors ✨

Thanks goes to these wonderful people (emoji key):

Rohan Mukherjee 📖 🚇 💻	Rishit Bansal 📖	theProgrammerDavid 📖	AJ1479 📖 💻	alias-rahil 📖 💻	ashikka 📖 💻	parthkgh24 📖 💻
Atharva-Gundawar 📖 💻	SrishtiGohain 📖 💻	harsoh 📖 💻	tangobeer 📖 💻	Shivansh Sharma 📖 💻	Pragati1610 📖 💻

This project follows the all-contributors specification. Contributions of any kind welcome!