CTFs & Wargames

Table of Contents





end cull



  • ctf-time
  • 101
  • Beginner Focused CTFs
    • PicoCTF
    • CSAW
  • Challenge Archives
  • Challenges (one-offs)
  • Challenge Sites
  • Educational
  • General
  • Handy Tools
    • pngcheck
      • pngcheck verifies the integrity of PNG, JNG and MNG files (by checking the internal 32-bit CRCs [checksums] and decompressing the image data); it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statistics about an image (dimensions, bit depth, etc.); to list the color and transparency info in its palette (assuming it has one); or to extract the embedded text annotations. This is a command-line program with batch capabilities.
    • pwntools
    • CTF Scripts and PyInstaller (.py > .exe)
  • Making Your Own CTF
    • AppJailLauncher
      • CTF Challenge Framework for Windows 8 and above
    • CTFd
      • CTFd is a CTF in a can. Easily modifiable and has everything you need to run a jeopardy style CTF.
    • FBCTF
      • The Facebook CTF is a platform to host Jeopardy and “King of the Hill” style Capture the Flag competitions.
    • hack-the-arch
      • This is a scoring server built using Ruby on Rails by the Military Cyber Professionals Association (MCPA). It is free to use and extend under the MIT license (see LICENSE file). The goal of this project is to provide a standard generic scoring server that provides an easy way to add and modify problems and track statistics of a Cyber Capture the Flag event. While it's not recommended, this server can be hosted with your challenges but we do recommend sand-boxing your challenges so they do not affect the scoring server.
    • iCTF Framwork
      • This is the framework that the UC Santa Barbara Seclab uses to host the iCTF, and that can be used to create your own CTFs at http://ictf.cs.ucsb.edu/framework. The framework creates several VMs: one for the organizers and one for every team.
    • NightShade
      • NightShade is a simple security capture the flag framework that is designed to make running your own contest as easy as possible.
    • Mellivora
      • Mellivora is a CTF engine written in PHP
    • picoCTF-Platform-2
      • The picoCTF Platform 2 is the infrastructure on which picoCTF runs. The platform is designed to be easily adapted to other CTF or programming competitions. picoCTF Platform 2 targets Ubuntu 14.04 LTS but should work on just about any "standard" Linux distribution. It would probably even work on Windows. MongoDB must be installed; all default configurations should work.
    • py_chall_factory
      • Small framework to create/manage/package jeopardy CTF challenges
    • Root the Box
      • Root the Box is a real-time scoring engine for a computer wargames where hackers can practice and learn. The application can be easily modified for any hacker CTF game. Root the Box attempts to engage novice and experienced hackers alike by combining a fun game-like environment, with realistic challenges that convey knowledge applicable to real-world penetration testing. Just as in traditional CTF games, each team attacks targets of varying difficulty and sophistication, attempting to collect flags. However in Root the Box, teams can also create "Botnets" by uploading a small bot program to target machines. Teams are periodically rewarded with (in-game) money for each bot in their botnet; the larger the botnet the larger the reward.
    • scorebot
    • SecGen
      • SecGen creates vulnerable virtual machines so students can learn security penetration testing techniques.
    • Flawed Fortress
      • Flawed Fortress is a front end platform for hosting Capture the Flag Event (CTF), it is programmed with PHP, JQuery, JavaScript and phpMyAdmin. Currently, It is designed to import SecGen CTF challenges using marker.xml file (which is generated in the project folder when creating a CTF Challenge)
  • Vulnerable Virtual Machines
  • Wargames
    • Ringzer0 team CTF
      • Description: RingZer0 Team's online CTF offers you tons of challenges designed to test and improve your hacking skills thru hacking challenge. Register and get a flag for every challenges.
    • pwn0 Wargame
      • “pwn0 is a network where (almost) anything goes. Just sign up, connect to the VPN, and start hacking. pwn0 on freenode “
    • Microcorruption
      • Awesome wargame.
    • OverTheWire Wargames
      • OverTheWire provides several wargames publicly/freely available. All very good quality. Highly recommended.
    • Smash the Stack Wargames
      • Smash the stack hosts several public wargames of very good quality for free use. Highly recommended.
  • Writeups