| Name | Challenge Details | Estimated Difficulty (1-4) | Port Number |
|---|---|---|---|
| Stack BOF School | ret2win tutorial | 1 | 32831 |
| Ord | Unix time 32-bit integer overflow | 1 | 32832 |
| cowsaymoo | variable overwrite to run sh |
1 | 32839 |
| r/wholesomecopypasta | simple rop challenge | 1 | 32835 |
| epic boss fight | super simple integer overflow | 1 | 23123 |
| The Trial Author | strcpy overflow, one gadget to get shell | 2 | 32931 |
| dreamfactory | learn to manipulate the heap to leak and call function pointers | 3 | 32833 |
| re:life | execve to brute force aslr and align bss with heap to get an overflow into tcache_perthread_struct | 4 | 32834 |
| Name | Challenge Details | Estimated Difficulty (1-4) | Port Number |
|---|---|---|---|
| No Math Crypto | Substitution Cipher | 1 | - |
| RSA School 2 | Bruteforce to factorise N | 1 | - |
| AES School | ECB thing | 1 | 32000 |
| RSA School 3 | Algebra to factorise N | 1 | - |
| AES School 2 | Padding Oracle | 2 | 32001 |
| RSA School | Intro to RSA | 1 | - |
| i luv linear | Intro to linear equations | 2 | - |
| i luv nonlinear | CRT and lifting | 4 | - |
| Name | Challenge Details | Estimated Difficulty (1-4) | Port Number |
|---|---|---|---|
| SQLi trainer | Union-based SQL injection | 1 | 32901 |
| aimfactory | score is tracked on client side, just need to send a packet | 1 | 32902 |
| Submit your Homework! | simple reflectced xss cookie-stealing | 1 | 33345 |
| Markdown Parser 2 | Client Side Template Injection to achieve XSS | 3 | 33335 |
| Cecure Cerver | Logic bug in authentication mechanism | 2 | 32905 |
| SQLi trainer 2 | Time based SQL injection | 3 | 32907 |
| sqli trainer 3 | Placeholder | 3 | 32909 |
| Private Hidden Paths | PHP moment | 4 | 32098 |
| Name | Challenge Details | Estimated Difficulty (1-4) | Port Number |
|---|---|---|---|
| simple windows flag checker | strings the program | 1 | - |
| simple linux flag checker | decompile the program | 1 | - |
| random based encryption | prng is not rng | 1 | 32112 |
| Flag Roulette | simple unxoring in C program, or inspecting memory in debugger | 1 | - |
| satisfiability | z3, cvc5 sat solvers | 2 | - |
| Python but not really | uncompyle pyinstalled program and reverse list comprehensions | 2 | - |
| weird rizz brainrot apk | simple android reversing, aes encryption | 2 | - |
| ASM | Understanding loops in a custom assembly language | 3 | - |
| Name | Challenge Details | Estimated Difficulty (1-4) | Port Number |
|---|---|---|---|
| filefactory | file identification and magic byte fixing | 1 | - |
| hello kitty | steghide | 1 | - |
| lorem ipsum | exiftool | 1 | - |
| Lost my login creds | VM Forensics | 2 | - |
| Who are you??? SAM! | Windows Logs Forensics | 1 | - |
| Shoulder peeking | Windows Logs Forensics | 1 | - |
| Pcap 1 | Follow stream | 1 | - |
| Pcap 2 | Pcap Export Objects | 1 | - |
| Pcap 3 | DNS Exfiltration | 2 | - |
| Lost my login creds | VM Forensics | 2 | - |
| I Have Good Memory | Memory Forensics | 2 | - |
| Name | Challenge Details | Estimated Difficulty (1-4) | Port Number |
|---|---|---|---|
| sanity check | running a linux program and setting up their linux environment | 1 | - |
| sanity check 2 | connecting to a remote service via netcat | 1 | 32010 |
| notefactory | pwntools automation | 1 | 32111 |
| Landmark Hunter | Open Source Intelligence | 1 | - |
| Read Read Read | Microsoft Office | 1 | - |
| EE2026 | Reverse Engineer FPGA Synthesis through Vivado | 2 | - |
| greyllm | llm | 2 | - |
Refer to the template folder.
.
├── distribution/
│ └── files_to_be_distributed_on_CTFd
├── service/
│ ├── Dockerfile
│ └── files_required_for_hosting_remote
├── README.md
├── challenge.yml (optional, will be autogenerated)
├── docker_compose.yml (if required)
├── solve.py (if possible)