CTF (Capture The Flag) started from DEFCON CTF, a competitive game among computer security enthusiasts

Overview

CTF Wiki

Build Status Requirements Status Slack

中文 English

Welcome to CTF Wiki

CTF (Capture The Flag) started from DEFCON CTF, a competitive game among computer security enthusiasts, originally hosted in 1996.

CTF covers a wide range of fields. Along with the evolving security technology, the difficulty of CTF challenges is getting harder and harder. As a result, the learning curve for beginners is getting steeper. Most online information is scattered and trivial. Beginners often don't know how to systematically learn CTF, which requires a lot of work and effort.

In order to let those people who are interested in CTFs start easily, in October 2016, CTF Wiki was established on Github. Along with gradually improved content over time, CTF Wiki has received lots of appreciation from security enthusiasts, many of those are guys that we think we would never meet.

As a freedom site, primarily focusing on recent CTFs, CTF Wiki introduces the knowledge and techniques in all aspects of CTF to make it easier for beginners to learn CTF.

Now, CTF Wiki mainly contains the basic skills for CTF, but we are working hard to improve the following contents.

  • Advanced skills used in CTF
  • Special topics appearing in CTF

For the above-mentioned parts to be improved, please refer to Projects which details what are planned.

Although now CTF Wiki mainly focus CTF, it is not strictly limited to CTF topics. In the future, CTF Wiki will include

  • Tools used in security research
  • Increased discussion of security in the world

In addition, given the following two points

  • Information about technology should be openly shared.
  • As new techniques are always being developed, old techniques will start to fade over time and they should be replaced with new techniques.

Therefore, CTF Wiki will never publish books.

Finally, originating from the community, as an independent organization, CTF Wiki advocates freedom of knowledge, will never be commercialized, and will always maintain the character of independence and freedom.

How to build?

CTF Wiki uses mkdocs to show its contents. And it is deployed at https://ctf-wiki.org.

It can also be deployed locally, with the following steps:

# 1. clone
git clone https://github.com/ctf-wiki/ctf-wiki.git
# 2. requirements
pip install -r requirements.txt
# generate static file in site/
python3 scripts/docs.py build-all
# deploy at http://127.0.0.1:8008
python3 scripts/docs.py serve

** A local instance of mkdocs is dynamically updated, for instance when a markdown file is modified, the corresponding page will be modified too.**

If you just want to view it statically, try Docker!

docker run -d --name=ctf-wiki -p 4100:80 ctfwiki/ctf-wiki

And then access http://localhost:4100/ .

How to practice?

Firstly, learn some basic security knowledge through online reading.

Secondly, CTF Wiki has two sister projects.

  • All of the challenges that are mentioned are in the ctf-challenges repository, you can locate them with their corresponding category.
  • The tools mentioned in the CTF Wiki are constantly added to the ctf-tools repository.

How to make CTF Wiki Better?

We welcome to write content for the wiki and share what you have learned.

Before you decide to contribute content, please read CONTRIBUTING.

Thank you to all the people who have already contributed to CTF Wiki.

What can you get?

  • Ability to learn new things quickly
  • Different ways of thinking
  • A love for solving problems
  • Interesting security techniques
  • Memorable and enriching experience

Before reading the Wiki, we hope to give you some advice:

  • Learn to ask smart-questions .
  • Learn to use Google Search for self-improvement.
  • Be good at least one programming language, such as Python.
  • Practice is the most important learning tool.
  • Maintain the passions and desire to learn about new techniques.

The security circle is small and the areas of exploration is vast. Let's get started with CTF Wiki!

Comments
  • 更正错误。

    更正错误。

    两个freed chunk不可能相连(会合并),但两个inuse的chunk可以物理彼此相连,此时后一个chunk的prev_size无效,用后一个的prev_size去计算前一个chunk的信息是错误的。

    而且我去看了一下原博客指向的源代码,没有发现这几行内容。 https://github.com/sploitfun/lsploits/blob/master/glibc/malloc/malloc.c

    重点是删去了:

    /* Size of the chunk below P.  Only valid if prev_inuse (P).  */
    \#define prev_size(p) ((p)->mchunk_prev_size)
    
    /* Set the size of the chunk below P.  Only valid if prev_inuse (P).  */
    \#define set_prev_size(p, sz) ((p)->mchunk_prev_size = (sz))
    
    /* Ptr to previous physical malloc_chunk.  Only valid if prev_inuse (P).  */
    \#define prev_chunk(p) ((mchunkptr)(((char *) (p)) - prev_size(p)))
    

    其他都是修正笔误。

    opened by skyblueee 14
  • RSA_chosen_cipher补充

    RSA_chosen_cipher补充

    以下是没学过数论、半天尝试搞懂此题的新手的理解

    对向下取整的补充: N为奇数,N/2会去尾,但是脚本中终止条件是low == up,而不是P被取唯一可能值,所以返回偶数时P<N/2中等号不是必须的。

    数学归纳法中的补充:

    发送2C时,返回奇数,即2P mod N 为奇数,这表明2P已经超过了N,并且返回的奇数是2P减去 奇数倍N的结果。此时,由于P显然小于N,故2P<2N,所以必定为减去了1个N 发送4C时,返回偶数,即4P mod N 为偶数,这表明4P减去了 偶数倍N。此时考虑2P>N即4P>2N并且4P<4N,故必定为减去了2个N

    解释每次发的数值是上一次的两倍的原因以及k与x的关系:

    假设发送第i个包(2C,4C,8C...)时,服务器经计算减去了x个N 那么当发送第i+1个包时, (1)若返回奇数,表明减去了奇数个N,根据上述讨论,至少减去2x个N,小于 2x+2个N,所以一共减去了2x+1个N (2)若返回偶数,表明减去了偶数个N,根据上述讨论,至少减去2x个N,小于 2x+2个N,所以一共减去了2x个N

    发送2C时,即2的一次幂,减去1个N 发送4C时,即2的二次幂,减去了2个N 发送二的x次幂乘以C时,减去k个N,结论:k = 2x + 1 (返回奇) k = 2x(返回偶) 事实上此处相当于x1,x2,x3......k为某个x的后一项

    opened by ghost 9
  • how to extract vmlinux from bzImage

    how to extract vmlinux from bzImage

    this file https://github.com/ctf-wiki/ctf-wiki/blob/master/docs/pwn/linux/kernel/bypass_smep.md said: use extract-vmlinux.sh to get vmlinux from bzImage. but I get the following error:

    ./extract-vmlinux.sh  bzImage >vmlinux
    tr: Illegal byte sequence
    tr: Illegal byte sequence
    tr: Illegal byte sequence
    tr: Illegal byte sequence
    tr: Illegal byte sequence
    tr: Illegal byte sequence
    tr: Illegal byte sequence
    extract-vmlinux.sh: Cannot find vmlinux.
    
    opened by nkbai 8
  • elgamal_signature补充与修改

    elgamal_signature补充与修改

    Thanks for contributing to CTF Wiki!

    Before you submit this pull request, please read

    Please remove these message before PR.

    opened by chrisyy2003 8
  • 不懂爆破canary所需次数

    不懂爆破canary所需次数

    stack_reading

    中级rop章节中:

    猜测出canary一个字节之后仍然crash,怎么判断这一个字节正确呢 32位下 不应该是2^8 * 2^8 * 2^8 * 2^8 为什么是2^8 * 4=1024呢 :)目前还没有看canary的原理,可能是原理不清楚的锅? 上一章花式rop中有一个 leak canary 通过read末尾不加\0实现,为了防止canary最后一位是\0覆盖了最后一个字节 canary的最后一个字节一定是\0吗?

    opened by Demon-Wang 7
  • Fix padding-oracle-attack.md

    Fix padding-oracle-attack.md

    The main problem is that the sentence 「如果 P 的最后一个字节是 i 的话,那么最后的 padding 就是 0x01」 is wrong, actually it should be 「如果 D_k(Y) 的最后一个字节是 i 的话,那么最后的 padding 就是 0x01」。

    Instead of modifying it, I adjust the context to make it more accurate and straightforward. Also I take the aforementioned CBC definition to better illustrate the process.

    Moreover, there are several minor fixes are made:

    • Fix notations to distinguish the crafted ones from the origin ones, such as P' and P, F' and F.
    • The byte range of padding characters should be 1 to n instead of 0 to n.
    • Wrap symbols with LaTeX '$' characters to improve readability.

    Reference: https://zh.wikipedia.org/zh-tw/%E5%AF%86%E6%96%87%E5%A1%AB%E5%A1%9E%E6%94%BB%E5%87%BB

    opened by Cycatz 6
  • Fix a possible typing error in docs/zh/docs/web/ssrf.md

    Fix a possible typing error in docs/zh/docs/web/ssrf.md

    "制定" in Chinese means "经过一定程序定出法律、规程、政策等" which I think was not fit for this sentense, so I replaced this word with "指定" whose meaning is "指明确定".

    opened by Nova-Noir 6
  • 勘误 格式化字符串漏洞例子-堆上的格式化字符串漏洞一节

    勘误 格式化字符串漏洞例子-堆上的格式化字符串漏洞一节

    该节介绍例子2015 年 CSAW 中的 contacts时,以下论述存在错误

    原文中 "其次,我们可以确定栈上存储格式化字符串的地址 0xffffcd2c 相对于格式化字符串的偏移为 6,得到这个是为了构造我们的联系人。 再者,我们可以看出下面的地址保存着上层函数的调用地址,其相对于格式化字符串的偏移为 11,这样我们可以直接修改上层函数存储的 ebp 的值。" 栈上存储格式化字符串的地址 0xffffcd2c 相对于格式化字符串的偏移应该为11, 而栈中保存着上层函数的调用地址的ebp,其相对于格式化字符串的偏移应该为6, 文中将上述两者颠倒了

    opened by fdgnneig 6
  • PHP.md

    PHP.md

    外链的修改

    Thanks for contributing to CTF Wiki!

    Before you submit this pull request, please read

    Please remove these message before PR.

    opened by miraitowa 6
  • 添加CBC字节反转攻击的介绍和例子

    添加CBC字节反转攻击的介绍和例子

    Thanks for contributing to CTF Wiki!

    Before you submit this pull request, please read

    Please remove these message before PR.

    opened by cla7aye15I4nd 5
  • A very initial Dockerfile to view ctf-wiki at local.

    A very initial Dockerfile to view ctf-wiki at local.

    ATT. Just build and serve using lighttpd. Still need to change CDN resource to local. Please create a new issue for me if accepted. And I also created a docker hub organization called ctfwiki (hyphen is not allowed by docker hub), more member need to be added. docker run -d xm1994/ctf-wiki:add-dockerfile and will run it now.

    opened by summershrimp 5
  • Update introduction.md

    Update introduction.md

    添加漏洞“IDOR”

    不安全的直接对象引用 (Insecure Direct Object References, IDOR) 是一种常见的 Web 应用程序漏洞,其允许攻击者访问应该被限制的资源或信息。下面是一些 IDOR 漏洞的例子:

    一个在线商店的 URL 包含了商品的编号,攻击者可以通过操纵这个编号来访问限制访问的商品。

    一个网站的 URL 包含了用户的用户名,攻击者可以通过操纵这个用户名来访问其他用户的信息。

    一个应用程序的 URL 包含了文件的编号,攻击者可以通过操纵这个

    opened by X-3306 0
  • mkdocs 本地部署问题

    mkdocs 本地部署问题

    您好,我在mkdocs build的时候遇到问题 [root@VM-0-5-centos ctf-wiki]# python3 scripts/docs.py build-all Updating en Updating zh Building docs for: zh Error reading page 'android/basic_operating_mechanism/native_layer/so.md': format() argument must be a formatter instance, not a class Traceback (most recent call last):

    File "/usr/local/lib64/python3.6/site-packages/pygments/init.py", line 61, in format formatter.format(tokens, realoutfile)

    File "/usr/local/lib64/python3.6/site-packages/pygments/formatter.py", line 94, in format return self.format_unencoded(tokensource, outfile)

    File "/usr/local/lib64/python3.6/site-packages/pygments/formatters/html.py", line 981, in format_unencoded source = self.wrap(source)

    TypeError: wrap() missing 1 required positional argument: 'outfile'

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):

    File "scripts/docs.py", line 458, in

    File "scripts/docs.py", line 279, in build_all

    File "/usr/local/lib/python3.6/site-packages/mkdocs/commands/build.py", line 292, in build _populate_page(file.page, config, files, dirty)

    File "/usr/local/lib/python3.6/site-packages/mkdocs/commands/build.py", line 174, in _populate_page page.render(config, files)

    File "/usr/local/lib/python3.6/site-packages/mkdocs/structure/pages.py", line 175, in render self.content = md.convert(self.markdown)

    File "/usr/local/lib/python3.6/site-packages/markdown/core.py", line 261, in convert self.lines = prep.run(self.lines)

    File "/usr/local/lib/python3.6/site-packages/pymdownx/superfences.py", line 863, in run return self.search_nested(lines)

    File "/usr/local/lib/python3.6/site-packages/pymdownx/superfences.py", line 697, in search_nested self.eval_quoted(ws, content, quote_level, start, end)

    File "/usr/local/lib/python3.6/site-packages/pymdownx/superfences.py", line 450, in eval_quoted self.process_nested_block(ws, content, start, end)

    File "/usr/local/lib/python3.6/site-packages/pymdownx/superfences.py", line 471, in process_nested_block attrs=self.attrs if self.attr_list else {}

    File "/usr/local/lib/python3.6/site-packages/pymdownx/superfences.py", line 794, in highlight code_block_count=self.highlight_ext.pygments_code_block

    File "/usr/local/lib/python3.6/site-packages/pymdownx/highlight.py", line 381, in highlight code = highlight(src, lexer, formatter)

    File "/usr/local/lib64/python3.6/site-packages/pygments/init.py", line 82, in highlight return format(lex(code, lexer), formatter, outfile)

    File "/usr/local/lib64/python3.6/site-packages/pygments/init.py", line 69, in format raise TypeError('format() argument must be a formatter instance, '

    TypeError: format() argument must be a formatter instance, not a class

    opened by iselt 0
  • basic-rop存在不适用的情况。ret2shellcode在ubuntu 20.04.1上运行时,.bss段无x权限。

    basic-rop存在不适用的情况。ret2shellcode在ubuntu 20.04.1上运行时,.bss段无x权限。

    位置:https://github.com/ctf-wiki/ctf-wiki/blob/master/docs/zh/docs/pwn/linux/user-mode/stackoverflow/x86/basic-rop.md 详情:我跟着ctf-wiki学习rop时发现,gdb运行ret2shellcode文件时,bss段并没有和网上截图一样是可执行的。是我操作有误吗?还是ubuntu更新造成的? image

    opened by chenjunhub 4
  • Update php.md

    Update php.md

    WEB-INF 主要包含一下文件或目录

    更新为:

    WEB-INF 主要包含以下文件或目录

    Thanks for contributing to CTF Wiki!

    Before submitting this pull request, please read

    Please remove these message before PR.

    opened by upcswads 2
Dueling Platform for Competitive Programming. Learn through Games.

CP-Dueling Dueling Platform for Competitive Programming. Learn through Games. Setting Up Minimum Python version needed = 3.9.9 Install Virtualenv and

Bhavesh 3 Feb 7, 2022
MCTS (among other things) for 2048

2048 Created by Chad Palmer for CPSC 474, Fall 2021 Overview: This is an application which can play 2048 and simulate games of 2048 with a variety of

Chad Palmer 1 Dec 16, 2021
Blender Game Engine Game Type Templates Logic Bricks (and Python script) based Game Templates for Blender

Blender-Game-Engine-Templates Blender Game Engine Game Type Templates Logic Bric

null 3 Oct 25, 2022
Scalable computer implemented in the game of life.

scalable-gol-computer This is a computer built in Conway’s game of life. It supports variable sizes of 8, 16 and 32 bit. Maximum program size: 256 lin

Nicolas Loizeau 19 Nov 19, 2022
Lucky Balls is gambling game where user try to guess 6 numbers from 1 to 48 that computer has picked.

LUCKY BALLS Lucky Balls is gambling game where user try to guess 6 numbers from 1 to 48 that computer has picked. INSTRUCTIONS User input his bet, tha

rile037 2 Dec 28, 2021
SnailJumper - A game that is developed as an assignment for Computer Intelligence course

Snail jumper Neuroevolution game assignment. Fall 2021 - Computer Intelligence.

Soroush Mehraban 22 Aug 22, 2022
TetrisAI - Tetris AI Bot using computer vision to play game automatically

Tetris AI Tetris AI Bot using computer vision to play game automatically bot.py

null 11 Aug 29, 2022
Mandaw 2 Mar 1, 2022
Snake game mixed with Conway's Game of Life

SnakeOfLife Snake game mixed with Conway's Game of Life The rules are the same than a normal snake game but you have to avoid cells created by Conway'

Aidan 5 May 26, 2022
Lint game data metafiles against GTA5.xsd for Rockstar's game engine (RAGE)

rage-lint Lint RAGE (only GTA5 at the moment) meta/XML files for validity based off of the GTA5.xsd generated from game code. This script accepts a se

GoatGeek 11 Sep 18, 2022
HTTP API for FGO game data. Transform the raw game data into something a bit more manageable.

FGO game data API HTTP API for FGO game data. Transform the raw game data into something a bit more manageable. View the API documentation here: https

Atlas Academy 51 Dec 26, 2022
A near-exact clone of google chrome's no internet game, or the "google dinosaur game", with some additions and extras.

dinoGame A near-exact clone of google chrome's no internet game, or the "google dinosaur game", with some additions and extras. Installation Download

null 1 Oct 26, 2021
Quantum version of the classical Nim game. An automatic opponent allows to game to not be as easy as it seems.

Nim game Running the game To run the program just launch : python3 game.py Rules This game is inspiring from the Nim game. You are 2 players face to f

Michaël 1 Jan 8, 2022
Average Clicker Game (AVG) is a Python made game using tkinter

Average-Clicker-Game Average Clicker Game (AVG) is a Python clicker game not made with pygame but with tkinter, it has worker, worker upgrades, times

Zacky2613 1 Dec 21, 2021
Ice-Walker-Game - This repository is about the Ice Walker game made in Python.

Ice-Walker-Game Ce dépot contient le jeu Ice Walker programmé en Python. Les différentes grilles du jeu sont contenues dans le sous-dossier datas. Vou

Mohamed Amine SABIL 1 Jan 2, 2022
Deal Or No Deal was a very popular game show. Even now, for a family party, it's a fun game to pass time

Deal Or No Deal was a very popular game show. Even now, for a family party, it's a fun game to pass time. I made a code to play the game right in your terminal/console. This isn't made to be a game which can be installed by everyone and played, I just made it as a fun project as I just started out with python. So if you have python installed and wanna have some fun, or just curious to see how I did this, feel free to check the code out!

null 1 Feb 15, 2022
Mastermind-Game - A game to test programming and logical skills

Bem vindo ao jogo Mastermind! O jogo consiste em adivinhar uma senha que será ge

Marcelo Daros 0 Jan 27, 2022
Quiz Game: answering questions naturally with a friendly UI to enjoy the game

About Quiz Game : The Game is about answering questions naturally with a friendl

null 4 Jan 19, 2022
This is a simple telegram bot for the game Pyal, a word guessing game inspired by Wordle

Pyal Telegram Bot This is a simple telegram bot for the game Pyal, a word guessing game inspired by Wordle. How does it work? Differently from the ori

Rafael Omiya 4 Oct 6, 2022