Attack-Defense CTF training for high-school students, which was developed by members of dtl and Rop Runners teams.
| Service | Language | Vulns | Authors |
|---|---|---|---|
| battlebots | C | got rw via integer overflow; overwrite printf to scanf; rop to system | @FlexMaster420 |
| crmka | JavaScript | Chain: bypass jwt authentication via logic bug in exception handler + insufficient filtering in dynamical import leads to RCE | @bytehope |
| enchaintix | Python | Prompt injection, SQL injection | @c3N1T3Lb |
| flagbin | C | Path traversal via retrieve flag; read maps - ../../proc/self/maps; read mem - ../../proc/self/mem | @FlexMaster420 |
| nevalashka | PHP | SQL injection, auth bypass, IDOR | @vanindm |