add readme files

wizard2773 · Jul 3, 2018 · f0ac09c · f0ac09c
1 parent d170c3f
commit f0ac09c
Show file tree

Hide file tree

Showing 28 changed files with 84 additions and 0 deletions.
diff --git a/2018/beginners/misc-floppy/README.md b/2018/beginners/misc-floppy/README.md
@@ -0,0 +1,3 @@
+# name:floppy
+description: Using the credentials from the letter, you logged in to the Foobanizer9000-PC. It has a floppy drive...why? There is an .ico file on the disk, but it doesn't smell right..
+#flag: CTF{qeY80sU6Ktko8BJW}
diff --git a/2018/beginners/misc-floppy2/README.md b/2018/beginners/misc-floppy2/README.md
@@ -0,0 +1,3 @@
+# name:floppy2
+description: Looks like you found a way to open the file in the floppy! But that www.com file looks suspicious.. Dive in and take another look?
+#flag: CTF{g00do1dDOS-FTW}
diff --git a/2018/beginners/misc-security-by-obscurity/README.md b/2018/beginners/misc-security-by-obscurity/README.md
@@ -0,0 +1,3 @@
+# name:Security by obscurity
+description: Reading the contents of the screenshot you find that some guy named "John" created the firmware for the OffHub router and stored it on an iDropDrive cloud share. You fetch it and find "John" packed the firmware with an unknown key. Can you recover the package key?
+#flag: CTF{CompressionIsNotEncryption}
diff --git a/2018/beginners/pwn-env/README.md b/2018/beginners/pwn-env/README.md
@@ -0,0 +1,3 @@
+# name:Filter env
+description: Using your shell on the Temp-o-matic, you can see the credentials file for the Smartfridge2000. You can't read it though, only that mysterious root user can. There is this weird SUID binary on the Tempo-a-matic that looks like it might be what you need. Try to exploit for root goodness.
+#flag: CTF{H3ll0-Kingc0p3}
diff --git a/2018/beginners/pwn-moar/README.md b/2018/beginners/pwn-moar/README.md
@@ -0,0 +1,3 @@
+# name:Moar
+description: Finding yourself on the Foobanizer9000, a computer built by 9000 foos, this computer is so complicated luckily it serves manual pages through a network service. As the old saying goes, everything you need is in the manual.
+#flag: CTF{SOmething-CATastr0phic}
diff --git a/2018/beginners/pwn-motd/README.md b/2018/beginners/pwn-motd/README.md
@@ -0,0 +1,3 @@
+# name:Message of the Day
+description: From the OffHub router, you jump onto the Google-Haus smart hub. This fully feature assistant of the future that uses machine learning on the blockchain to control all our IoT devices promises it all. It delivers the ability to print a Message-of-the-day. The rest is available as a premium subscription service paid monthly.
+#flag: CTF{m07d_1s_r3t_2_r34d_fl4g}
diff --git a/2018/beginners/pwn-poetry/README.md b/2018/beginners/pwn-poetry/README.md
@@ -0,0 +1,3 @@
+# name:Poetry
+description: Looks like the Google-Haus has connected to the fridge. The credentials are only readable by root. There is a SUID binary that has all the hallmarks of "Why are you a SUID Binary?" about it. Probably a good place to start. What do I know, I'm just a narrator.
+#flag: CTF{CV3-2009-1894}
diff --git a/2018/beginners/pwn-re-mngmnt-iface/README.md b/2018/beginners/pwn-re-mngmnt-iface/README.md
@@ -0,0 +1,3 @@
+# name:Admin UI
+description: The command you just found removed the Foobanizer 9000 from the DMZ. While scanning the network, you find a weird device called Tempo-a-matic. According to a Google search it's a smart home temperature control experience. The management interface looks like a nest of bugs. You also stumble over some gossip on the dark net about bug hunters finding some vulnerabilities and because the vendor didn't have a bug bounty program, they were sold for US$3.49 a piece. Do some black box testing here, it'll go well with your hat.
+#flag: CTF{I_luv_buggy_sOFtware}
diff --git a/2018/beginners/re-gatekeeper/README.md b/2018/beginners/re-gatekeeper/README.md
@@ -0,0 +1,3 @@
+# name:gatekeeper
+description: It's a media PC! All fully purchased through the online subscription revolution empire "GimmeDa$". The PC has a remote control service running that looks like it'll cause all kinds of problems or that was written by someone who watched too many 1990s movies. You download the binary from the vendor and begin reversing it. Nothing is the right way around.
+#flag: CTF{I_g0T_m4d_sk1lLz}
diff --git a/2018/beginners/web-js-safe-1/README.md b/2018/beginners/web-js-safe-1/README.md
@@ -0,0 +1,3 @@
+# name:JS Safe
+description: Well it's definitely the 90s. Using what was found in the mysterious .ico file, you extract the driver for the Aluminum-Key Hardware password storage device. Let's see what it has in store.
+#flag: CTF{Passw0rd!}
diff --git a/2018/quals/crypto-better-zip/README.md b/2018/quals/crypto-better-zip/README.md
@@ -0,0 +1,3 @@
+# name:better ZIP
+description: The legacy ZIP crypto is long broken, so we've fixed it
+#flag: CTF{SomethingSomething1337}
diff --git a/2018/quals/crypto-dm-col/README.md b/2018/quals/crypto-dm-col/README.md
@@ -0,0 +1,3 @@
+# name:DM Collision
+description: Can you find a collision in this compression function?
+#flag: CTF{7h3r35 4 f1r3 574r71n6 1n my h34r7 r34ch1n6 4 f3v3r p17ch 4nd 175 br1n61n6 m3 0u7 7h3 d4rk}
diff --git a/2018/quals/crypto-mitm/README.md b/2018/quals/crypto-mitm/README.md
@@ -0,0 +1,3 @@
+# name:MITM
+description: Man in the Middle the communication between the client and the server.
+#flag: CTF{kae3eebav8Ac7Mi0RKgh6eeLisuut9oP}
diff --git a/2018/quals/crypto-perfect-secrecy/README.md b/2018/quals/crypto-perfect-secrecy/README.md
@@ -0,0 +1,3 @@
+# name:Perfect Secrecy
+description: This crypto experiment will help you decrypt an RSA encrypted message.
+#flag: CTF{h3ll0__17_5_m3_1_w45_w0nd3r1n6_1f_4f73r_4ll_7h353_y34r5_y0u_d_l1k3_70_m337}
diff --git a/2018/quals/misc-bookshelf/README.md b/2018/quals/misc-bookshelf/README.md
@@ -0,0 +1,3 @@
+# name:Bookshelf
+description: Organize those rectangular things that take physical space!
+#flag: CTF{1892b0d8bc93d7e4ca98975f47f8c7d8}
diff --git a/2018/quals/misc-feel-it/README.md b/2018/quals/misc-feel-it/README.md
@@ -0,0 +1,3 @@
+# name:feel it
+description: I have a feeling there is a flag there somewhere
+#flag: CTF{h1de_and_s33k}
diff --git a/2018/quals/misc-wired-csv/README.md b/2018/quals/misc-wired-csv/README.md
@@ -0,0 +1,3 @@
+# name:wired CSV
+description: We have a photo and a CSV file. NOTE: The flag does not follow the CTF{...} format, but is clearly marked as the flag. Please add the CTF{...} around the flag manually when submitting.
+#flag: CTF{8-BIT-HARDWARE-KEYLOGGER}
diff --git a/2018/quals/pwn-execve-sandbox/README.md b/2018/quals/pwn-execve-sandbox/README.md
@@ -0,0 +1,3 @@
+# name:execve sandbox
+description: What a kewl sandbox! Seccomp makes it impossible to execute ./flag
+#flag: CTF{Time_to_read_that_underrated_Large_Memory_Management_Vulnerabilities_paper}
diff --git a/2018/quals/pwn-sandbox-compat/README.md b/2018/quals/pwn-sandbox-compat/README.md
@@ -0,0 +1,3 @@
+# name:Sandbox compat
+description: x86 memory segmentation is easy, just put everything untrusted under 4G.
+#flag: CTF{Hell0_N4Cl_Issue_51!}
diff --git a/2018/quals/pwn-sftp/README.md b/2018/quals/pwn-sftp/README.md
@@ -0,0 +1,3 @@
+# name:SFTP
+description: This file server has a sophisticated malloc implementation designed to thwart traditional heap exploitation techniques...
+#flag: CTF{Moar_Randomz_Moar_Mitigatez!}
diff --git a/2018/quals/re-android/README.md b/2018/quals/re-android/README.md
@@ -0,0 +1,3 @@
+# name:Shall we play a game?
+description: Win the game 1,000,000 times to get the flag.
+#flag: CTF{ThLssOfInncncIsThPrcOfAppls}
diff --git a/2018/quals/re-basics/README.md b/2018/quals/re-basics/README.md
@@ -0,0 +1,3 @@
+# name:Back to the BASICs
+description: You won't find any assembly in this challenge, only C64 BASIC. Once you get the password, the flag is CTF{password}. P.S. The challenge has been tested on the VICE emulator.
+#flag: CTF{LINKED-LISTS-AND-40-BIT-FLOATS}
diff --git a/2018/quals/re-proprietary/README.md b/2018/quals/re-proprietary/README.md
@@ -0,0 +1,3 @@
+# name:Proprietary format
+description: The villains are communicating with their own proprietary file format. Figure out what it is.
+#flag: CTF{P1c4Ss0_woU1d_B3_pr0UD}
diff --git a/2018/quals/web-bbs/README.md b/2018/quals/web-bbs/README.md
@@ -0,0 +1,3 @@
+# name:bbs
+description: No memes allowed.
+#flag: CTF{yOu_HaVe_Been_b&}
diff --git a/2018/quals/web-cat-chat/README.md b/2018/quals/web-cat-chat/README.md
@@ -0,0 +1,3 @@
+# name:Cat Chat
+description: You discover this cat enthusiast chat app, but the annoying thing about it is that you're always banned when you start talking about dogs. Maybe if you would somehow get to know the admin's password, you could fix that.
+#flag: CTF{L0LC47S_43V3R}
diff --git a/2018/quals/web-gcalc/README.md b/2018/quals/web-gcalc/README.md
@@ -0,0 +1,3 @@
+# name:gcalc
+description: For all your calculation needs.
+#flag: CTF{1+1=alert}
diff --git a/2018/quals/web-js-safe-2/README.md b/2018/quals/web-js-safe-2/README.md
@@ -0,0 +1,3 @@
+# name:JS Safe 2.0
+description: You stumbled upon someone's "JS Safe" on the web. It's a simple HTML file that can store secrets in the browser's localStorage. This means that you won't be able to extract any secret from it (the secrets are on the computer of the owner), but it looks like it was hand-crafted to work only with the password of the owner...
+#flag: CTF{_N3x7-v3R51ON-h45-AnTI-4NTi-ant1-D3bUg_}
diff --git a/2018/quals/web-translate/README.md b/2018/quals/web-translate/README.md
@@ -0,0 +1,3 @@
+# name:translate
+description: Client-side rendering, but not in a browser! Get the flag in ./flag.txt, and seeing the source will likely help.
+#flag: CTF{Televersez_vos_exploits_dans_mon_nuagiciel}