CTF 解题报告导航


Root-Me

题型 挑战 解题报告 得分
App-Script Bash - System 1 Link 5
App-System ELF x86 - Stack buffer overflow basic 1 Link 5
Cracking ELF - CrackPass Link 30
Cracking ELF - 0 protection Link 5
Cracking ELF - Fake Instructions Link 15
Cracking ELF - Ptrace Link 15
Cracking ELF C++ - 0 protection Link 10
Cracking PE - 0 protection Link 5
Cracking PE DotNet - 0 protection Link 10
Cracking ELF - x86 Basic Link 5
Cryptanalysis Hash - Message Digest 5 Link 5
Cryptanalysis File - PKZIP Link 15
Cryptanalysis Pixel Madness Link 15
Cryptanalysis File - Insecure storage 1 Link 20
Cryptanalysis Encoding - UU Link 5
Cryptanalysis Encoding - ASCII Link 5
Cryptanalysis Hash - SHA-2 Link 5
Cryptanalysis Shift cipher Link 10
Forensic Command & Control - level 2 Link 15
Network FTP - authentication Link 5
Programming Go back to college Link 5
Programming Uncompress me Link 10
Programming The Roman’s wheel Link 10
Programming Quick Response Code Link 40
Programming Arithmetic progression Link 20
Programming CAPTCHA me if you can Link 20
Programming Encoded string Link 10
Realist It happens, sometimes Link 10
Steganography Squared Link 5
Steganography Gunnm Link 5
Web-Client Javascript - Native code Link 15
Web-Client Javascript - Obfuscation 2 Link 10
Web-Client CSRF - token bypass Link 45
Web-Client HTTP Response Splitting Link 70
Web-Client Flash - Authentication Link 40
Web-Client XSS - Stored 2 Link 50
Web-Client Javascript - Source Link 5
Web-Client HTML - disabled buttons Link 5
Web-Client XSS - Reflected Link 45
Web-Client CSRF - 0 protection Link 35
Web-Client XSS - Stored 1 Link 30
Web-Client Javascript - Authentication Link 5
Web-Client Javascript - Obfuscation 4 Link 50
Web-Client Javascript - Obfuscation 3 Link 30
Web-Client Javascript - Authentication 2 Link 10
Web-Client Javascript - Obfuscation 1 Link 10
Web-Server PHP preg_replace() Link 30
Web-Server Backup file Link 10
Web-Server File upload - null byte Link 25
Web-Server SQL injection - string Link 30
Web-Server Weak password Link 10
Web-Server HTTP - POST Link 15
Web-Server PHP type juggling Link 30
Web-Server HTTP - Open redirect Link 10
Web-Server LDAP injection - authentication Link 35
Web-Server Remote File Inclusion Link 30
Web-Server SQL injection - Error Link 40
Web-Server HTML Link 5
Web-Server HTTP - cookies Link 20
Web-Server PHP assert() Link 25
Web-Server PHP register globals Link 25
Web-Server Install files Link 15
Web-Server SQL injection - authentication Link 30
Web-Server Improper redirect Link 15
Web-Server Directory traversal Link 25
Web-Server CRLF Link 20
Web-Server SQL injection - Time based Link 45
Web-Server HTTP - verb tampering Link 15
Web-Server File upload - double extensions Link 20
Web-Server SQL injection - file reading Link 40
Web-Server HTTP - directory indexing Link 15
Web-Server Command injection Link 10
Web-Server HTTP - Headers Link 15
Web-Server Local File Inclusion - Double encoding Link 30
Web-Server File upload - MIME type Link 20
Web-Server Server-side Template Injection Link 30
Web-Server HTTP - User-agent Link 10
Web-Server Local File Inclusion Link 30
Web-Server PHP filters Link 25

XSS Game

难度 挑战 解题报告
Level 1 Hello, world of XSS Link
Level 2 Persistence is key Link
Level 3 That sinking feeling… Link
Level 4 Context matters Link
Level 5 Breaking protocol Link
Level 6 Follow the 🐇 Link

prompt(1) to win

难度 挑战 解题报告
Level 0 warm up Link
Level 1 tags stripping Link
Level 2 frowny face Link
Level 3 HTML Comment Link
Level 4 Basic Auth Link
Level 5 Input Type Link
Level 6 Action Link
Level 7 Length Link
Level 8 Unicode Link
Level 9 ECMAScript Link
Level A (╯°□°)╯︵ ┻━┻ Link
Level B In Exception Link
Level C ノ┬─┬ノ ︵ ( \o°o)\ Link
Level D Json Object Link
Level E Base64 Link
Level F Length2 Link
Level H1 Hoisting Link

alert(1) to win

难度 挑战 解题报告
Level 01 Warmup Link
Level 02 Adobe Link
Level 03 JSON Link
Level 07 Skandia Link
Level 09 JSON 2 Link

RedTiger’s Hackit

难度 挑战 解题报告
Level 01 Simple SQL-Injection Link
Level 02 Simple login-bypass Link

sqli-labs

难度 挑战 解题报告
Less 01 Error Based Single Quotes Link

注: sqli-labs 靶场环境需自行搭建。

upload-labs

难度 挑战 解题报告
Pass 01 File Extension Link
Pass 02 File Type Link

注: upload-labs 靶场环境需自行用 docker 部署。

xss-quiz

难度 挑战 解题报告
Level 01 Stage #1 Link

注: xss-quiz 不能跳关,只能循序渐进。

CG-CTF

TODO

BugkuCTF

TODO

攻防世界

TODO


文章作者: EXP
版权声明: 本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 EXP !
 本篇
CTF 解题报告导航 CTF 解题报告导航
Capture The Flag,夺旗赛。通过在线靶场进行实战,磨炼网络安全技巧的一种竞技,通过不断刷题可以很好地锻炼发掘 EXP 的能力 ~
2021-08-17
下一篇 
CVE-2021-22192 漏洞分析 CVE-2021-22192 漏洞分析
GitLab 是一款使用 Rails 开发的、自托管的、Git 项目仓库应用程序。该程序可用于查阅项目的文件内容、提交历史、Bug列表等。 GitLab all versions starting from 13.2 存在安全漏洞,该漏洞允许未经授权的经过身份验证的用户在服务器上执行任意代码。
2021-05-02
  目录