CTFs & Wargames
Table of Contents
- Vulnerable VMs
- Challenge Sites
- One-off Challenges & Puzzles
- Hosting CTFs/Making your own
Beginner Focused CTFs
- Challenge Archives
- Challenges (one-offs)
- An amazing site. Tracks, lists, scores, various challenge sites. If you’re looking for a challenge or two, and not a wargame, this is the site you want to hit up first.
XSS Challenge Wiki
- A wiki that contains various xss challenges.
- Halls of Valhalla
- This repo holds the challenges for cmdchallenge.co - command-line challenges - can add your own/modify existing challenges
- Can You Hack It is a Hacking Challenge site designed to not only allow you to test and improve your skills in a wide variety of categories but to socialise both on the forums and on our IRC channel with other security enthusiasts.
- Hack This
- XSS Challenge Wiki
Suggestions on Running a CTF
- This document describes some of the design decisions and technical details involved in running a CTF competition. It attempts to summarize some opinions held by the CTF community and list some specific pitfalls to avoid when designing problems.
- The Many Maxims of Maximally Effective CTFs
- Suggestions on Running a CTF
- pngcheck verifies the integrity of PNG, JNG and MNG files (by checking the internal 32-bit CRCs [checksums] and decompressing the image data); it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statistics about an image (dimensions, bit depth, etc.); to list the color and transparency info in its palette (assuming it has one); or to extract the embedded text annotations. This is a command-line program with batch capabilities.
- CTF Scripts and PyInstaller (.py > .exe)
Making Your Own CTF
- CTF Challenge Framework for Windows 8 and above
- CTFd is a CTF in a can. Easily modifiable and has everything you need to run a jeopardy style CTF.
- The Facebook CTF is a platform to host Jeopardy and “King of the Hill” style Capture the Flag competitions.
- This is a scoring server built using Ruby on Rails by the Military Cyber Professionals Association (MCPA). It is free to use and extend under the MIT license (see LICENSE file). The goal of this project is to provide a standard generic scoring server that provides an easy way to add and modify problems and track statistics of a Cyber Capture the Flag event. While it's not recommended, this server can be hosted with your challenges but we do recommend sand-boxing your challenges so they do not affect the scoring server.
- This is the framework that the UC Santa Barbara Seclab uses to host the iCTF, and that can be used to create your own CTFs at http://ictf.cs.ucsb.edu/framework. The framework creates several VMs: one for the organizers and one for every team.
- NightShade is a simple security capture the flag framework that is designed to make running your own contest as easy as possible.
- Mellivora is a CTF engine written in PHP
- The picoCTF Platform 2 is the infrastructure on which picoCTF runs. The platform is designed to be easily adapted to other CTF or programming competitions. picoCTF Platform 2 targets Ubuntu 14.04 LTS but should work on just about any "standard" Linux distribution. It would probably even work on Windows. MongoDB must be installed; all default configurations should work.
- Small framework to create/manage/package jeopardy CTF challenges
Root the Box
- Root the Box is a real-time scoring engine for a computer wargames where hackers can practice and learn. The application can be easily modified for any hacker CTF game. Root the Box attempts to engage novice and experienced hackers alike by combining a fun game-like environment, with realistic challenges that convey knowledge applicable to real-world penetration testing. Just as in traditional CTF games, each team attacks targets of varying difficulty and sophistication, attempting to collect flags. However in Root the Box, teams can also create "Botnets" by uploading a small bot program to target machines. Teams are periodically rewarded with (in-game) money for each bot in their botnet; the larger the botnet the larger the reward.
- SecGen creates vulnerable virtual machines so students can learn security penetration testing techniques.
marker.xmlfile (which is generated in the project folder when creating a CTF Challenge)
- Vulnerable Virtual Machines
Ringzer0 team CTF
- Description: RingZer0 Team's online CTF offers you tons of challenges designed to test and improve your hacking skills thru hacking challenge. Register and get a flag for every challenges.
- “pwn0 is a network where (almost) anything goes. Just sign up, connect to the VPN, and start hacking. pwn0 on freenode “
- Awesome wargame.
- OverTheWire provides several wargames publicly/freely available. All very good quality. Highly recommended.
Smash the Stack Wargames
- Smash the stack hosts several public wargames of very good quality for free use. Highly recommended.
- WTHack OnlineCTF
- ROP Wargames
- Ringzer0 team CTF