nikost 
5
Place
23900
Points
569
Challenges
42
Compromissions
97%
应用程序 - 脚本
900 Points32 / 33
- o Bash - System 1
- o sudo - weak configuration
- o Bash - System 2
- o LaTeX - Input
- o Powershell - Command Injection
- o AppArmor - Jail Introduction
- o Bash - unquoted expression injection
- o Docker - I am groot
- o Perl - Command injection
- o Powershell - SecureString
- o Bash - cron
- o LaTeX - Command execution
- o Python - input()
- o R : Code Execution
- o Powershell - Basic jail
- o Python - pickle
- o Bash - quoted expression injection
- o Docker - Sys-Admin’s Docker
- o Shared Objects hijacking
- o SSH - Agent Hijacking
- o AppArmor - Jail Medium
- o Bash - race condition
- o Docker - Talk through me
- o Python - format string
- o Python - PyJail 1
- o PHP - Jail
- o Python - PyJail 2
- o Python - Jail - Exec
- o Javascript - Jail
- o Python - Jail - Garbage collector
- o Bash - Restricted shells
- o Python - Eval Is Evil
- x Deep learning - Malicious model
95%
应用程序 - 系统
6585 Points88 / 93
- o ELF x86 - Stack buffer overflow basic 1
- o ELF x64 - Basic heap overflow
- o ELF x86 - Stack buffer overflow basic 2
- o PE32 - Stack buffer overflow basic
- o ELF x86 - Format string bug basic 1
- o ELF x64 - Stack buffer overflow - basic
- o ELF x86 - Format string bug basic 2
- o ELF x86 - Race condition
- o ELF ARM - Stack buffer overflow - basic
- o ELF MIPS - Stack buffer overflow - No NX
- o ELF x64 - Double free
- o ELF x86 - Stack buffer overflow basic 3
- o ELF x86 - Use After Free - basic
- o ELF ARM - Stack Spraying
- o ELF x64 - Stack buffer overflow - PIE
- o ELF x86 - BSS buffer overflow
- o ELF x86 - Stack buffer overflow basic 4
- o ELF x86 - Stack buffer overflow basic 6
- o ELF x86 - Format String Bug Basic 3
- o PE32 - Advanced stack buffer overflow
- o ELF ARM - Basic ROP
- o ELF MIPS - Basic ROP
- o ELF RISC-V - Intro - let’s do the ROP
- o ELF x64 - Stack buffer overflow - Stack pivot
- o ELF x86 - Stack buffer overflow - C++ vtables
- o PE32+ Format string bug
- o ELF x64 - Logic bug
- o ELF x86 - Bug Hunting - Several issues
- o ELF x86 - Stack buffer and integer overflow
- o ELF x86 - Stack buffer overflow - ret2dl_resolve
- o ELF x86 - Stack buffer overflow basic 5
- o ELF x64 - Stack buffer overflow - advanced
- o ELF MIPS - Format String Glitch
- o ELF x64 - Heap Filling
- o ELF x86 - Information leakage with Stack Smashing Protector
- o ELF x64 - File Structure Hacking
- o ELF ARM - Race condition
- o ELF x64 - Browser exploit - Intro
- o ELF x64 - Buggy VM
- o ELF x64 - Heap Safe-Linking Bypass
- o ELF x64 - ret2dl_init
- o ELF x86 - Out of bounds attack - French Paradox
- o ELF x86 - Remote BSS buffer overflow
- o ELF x86 - Remote Format String bug
- o PE32+ Basic ROP
- o ELF x64 - Remote heap buffer overflow - tcache
- o ELF x86 - Blind remote format string bug
- o LinKern ARM - vulnerable syscall
- o LinKern x86 - Buffer overflow basic 1
- o ELF x64 - Sigreturn Oriented Programming
- o LinKern x86 - Null pointer dereference
- x ELF x64 - Syscall chaining
- o LinKern x64 - Race condition
- o ELF ARM - Alphanumeric shellcode
- o ELF MIPS - URLEncoded Format String bug
- o ELF x64 - Blind SROP
- x ELF x64 - Heap Hop
- o ELF x86 - Hardened binary 1
- o ELF x86 - Hardened binary 2
- o ELF x86 - Hardened binary 3
- o ELF x86 - Hardened binary 4
- o LinKern MIPSel - Vulnerable ioctl
- o LinKern x64 - reentrant code
- o ELF ARM - Heap format string bug
- o ELF ARM - Format String bug
- o ELF ARM - Use After Free
- o ELF x64 - FILE structure hijacking
- o ELF x64 - Heap feng-shui
- o ELF x64 - Off-by-one bug
- o ELF x86 - Hardened binary 5
- o LinKern ARM - Stack Overflow
- o LinKern x86 - basic ROP
- o ELF ARM - Heap Off-by-One
- x ELF x64 - Advanced blind format string exploitation
- o ELF x64 - Remote Heap buffer overflow 1
- o ELF x86 - Hardened binary 6
- o ELF x86 - Hardened binary 7
- o ELF x86 - Remote stack buffer overflow - Hardened
- o LinKern x64 - RowHammer
- o LinKern x64 - SLUB off-by-one
- o ELF ARM - Heap buffer overflow - Wilderness
- o ELF ARM - Heap Overflow
- o ELF ARM64 - Heap Underflow
- o ELF x64 - Seccomp Whitelist
- o ELF x86 - Blind ROP
- o LinKern x64 - Memory exploration
- x WinKern x64 - Advanced stack buffer overflow - ROP
- x WinKern x64 - Use After Free
- o ELF x64 - Remote Heap buffer overflow 2
- o ELF x64 - Advanced Heap Exploitation - Heap Leakless & Fortified
- o ELF x64 - Blind ROP
- o ELF x64 - Browser exploit - BitString
- o ELF ARM64 - Multithreading
94%
裂缝
2525 Points66 / 70
- o ELF x86 - 0 protection
- o ELF x86 - Basic
- o PE x86 - 0 protection
- o ELF C++ - 0 protection
- o Godot - 0 protection
- o PE DotNet - 0 protection
- o APK - Introduction
- o ELF MIPS - Basic Crackme
- o ELF x64 - Golang basic
- o ELF x86 - Fake Instructions
- o ELF x86 - Ptrace
- o Godot - Bytecode
- o WASM - Introduction
- o APK - Flutter Debug
- o ELF ARM - Basic Crackme
- o ELF x64 - Basic KeygenMe
- o Unity3D Save handling
- o Godot - Mono
- o PE DotNet - Basic Anti-Debug
- o PE DotNet - Basic Crackme
- o PYC - ByteCode
- o Basic ? crackme
- o ELF x86 - No software breakpoints
- o Lua - Bytecode
- o MachO x64 - keygenme or not
- o ELF ARM - crackme 1337
- o ELF x86 - CrackPass
- o ELF x86 - ExploitMe
- o ELF x86 - Random Crackme
- o GB - Basic GameBoy crackme
- o PDF - Javascript
- o PE x86 - Xor Madness
- o Powershell DeObfuscation
- o ELF ARM - Crypted
- o ELF x64 - Crackme automating
- x EVM - Bytecode
- o Godot - 3D model
- o NRO ARM - Switch homebrew
- o PE x86 - SEHVEH
- o APK - Anti-debug
- o APK - Insomni’Droid
- o ELF x64 - Rust backdoor
- o ELF x64 - Rust Crackme
- o PE x64 - UEFI Secure Boot
- o APK - Root My Droid
- o ELF x64 - Nanomites - Introduction
- o ELF x86 - Anti-debug
- o PE DotNet - KeygenMe
- o PE x64 - Tables in shambles
- o PE x86 - AutoPE
- o PYC - Self Modifying (Byte)Code
- o PYC - Snakeygen
- o ELF x86 - KeygenMe
- o HackerMan
- o Unity - Mono - Basic Game Hacking
- o WASM - Find the NPC
- x PE DotNet - Memory Protect
- o Bash - VM
- o ELF x64 - KeyGenMe
- o ELF x64 - Anti-debug and equations
- x Unity - IL2CPP - Basic Game Hacking
- o ELF x64 - Nanomites
- o ELF x86 - Packed
- o PE x86 - RunPE
- x PE32+ - KeygenMe
- o ELF x86 - VM
- o ELF x64 - Hidden Control Flow
- o Ringgit
- o Voracious Nanomites
- o White-Box Cryptography #2
95%
密码分析
2435 Points71 / 75
- o Encoding - ASCII
- o Encoding - UU
- o Hash - DCC
- o Hash - DCC2
- o Hash - LM
- o Hash - Message Digest 5
- o Hash - NT
- o Hash - SHA-2
- o Shift cipher
- o CISCO - Salted Password
- o Pixel Madness
- o ELF64 - PID encryption
- o File - PKZIP
- o Monoalphabetic substitution - Caesar
- o Circular Bit Shift
- o Known plaintext - XOR
- o Code - Pseudo Random Number Generator
- o Encoding - Codebook
- o File - PKZIP 2
- o File - Insecure storage 1
- o Polyalphabetic substitution - Vigenère
- o System - Android lock pattern
- o Transposition - Rail Fence
- o AES - CBC - Bit-Flipping Attack
- o AES - ECB
- o AES - ECB - Copy Paste
- o DSA - Implementation error
- o LFSR - Known plaintext
- o RSA - Factorisation
- o RSA - Decipher Oracle
- o Service - Timing attack
- o Monoalphabetic substitution - Polybe
- o Twisted secret
- o Initialisation Vector
- o Hill Cipher
- o GEDEFU
- o OTP - Implementation error
- o RSA - Corrupted key 1
- o RSA - Continued fractions
- o RSA - Common modulus
- o Service - Hash length extension attack
- o Shamir Secret Sharing - Introduction
- o AES - 4 Rounds
- o ECDSA - Introduction
- x ElGamal - Fault attack (Introduction)
- o RSA - Padding
- o RSA - Signature
- o Shamir Secret Sharing - Traitor
- o AES128 - CTR
- o PHP - mt_rand
- o Discrete logarithm problem
- o RSA - Corrupted key 2
- o RSA - Corrupted key 3
- o RSA - Multiple recipients
- o AES - Fault attack #1
- o FEAL - Differential Cryptanalysis
- x Goldreich Goldwasser Halevi | Weak Parameter
- o Enigma Machine
- o Side Channel - AES : CPA
- o ECDHE
- x NTRU | Multiple Transmission
- x NTRU | Weak Parameter
- o RSA - H-rabin
- o RSA - Lee cooper
- o Service - CBC Padding
- o Side Channel - AES : first round
- o Polyalphabetic substitution - One Time Pad
- o White-Box Cryptography
- o AES - Weaker variant
- o Shamir Secret Sharing - Reduction
- o Hash - SHA-3
- o AES - Fault attack #2
- o Shamir Secret Sharing - Irreducible ?
- o AES-PMAC
- o ECDSA - Implementation error
98%
法医
1605 Points43 / 44
- o Deleted file
- o Capture this
- o Command & Control - level 2
- o MasterKee
- o Oh My Grub
- o Docker layers
- o Windows - LDAP User KerbeRoastable
- o Windows - NTDS Secret extraction
- o Logs analysis - web attack
- o Command & Control - level 5
- o Supply chain attack - Docker
- o Find the cat
- o Ugly Duckling
- o Windows - LDAP User ASRepRoastable
- o Active Directory - GPO
- o Command & Control - level 3
- o DNS exfiltration
- o Open My Vault
- o Web3 - Put on your mask - Step 1
- o C2 Mythic
- o Command & Control - level 4
- o Job interview
- o Homemade keylogger
- o macOS - Keychain
- o Malicious Word macro
- o Ransomware Android
- o Supply chain attack - Python
- o Air-gap exfiltration
- o iOS - Introduction
- o The Artist
- o Multi-devices
- o Command & Control - level 6
- o Find me
- o Rootkit - Cold case
- o Second job interview
- o Web3 - Put on your mask - Step 2
- o Find me again
- o Find me back
- o Find me on Android
- o Zeus Bot
- o Try again
- o The Lost Case - Mobile Investigation
- x Remote Support
- o Try again 2
100%
编程
1010 Points29 / 29
- o TCP - Back to school
- o TCP - Encoded string
- o TCP - The Roman wheel
- o TCP - Uncompress Me
- o CAPTCHA me if you can
- o Deep Learning - Introduction
- o Ethereum - Tutoreum
- o Mathematic progression
- o ELF x64 - Shellcoding - Sheep warmup
- o Ethereum - tx.origin
- o Second degree polynomial solver
- o Ethereum - Takeover
- o Various encodings
- o Apprentice Scraper
- o ARM - Shellcoding - Egg hunter
- o Ethereum - Bunker
- o Ethereum - NotSoPriv8
- o Adversarial Attack - GAN
- o Deep Learning - Captcha
- o ELF x64 - Shellcoding - Polymorphism
- o Ethereum - Architect
- o Ethereum - Reentrancy
- o Quick Response Code
- o WinKern x64 - shellcoding : token stealing
- o Ethereum - BadStack
- o ELF x64 - Sandbox shellcoding
- o Ethereum - King of the EVM
- o ELF x86 - Shellcoding - Alphanumeric
- o Adversarial Attack - Prison Break
85%
现实主义者
2780 Points51 / 60
- o It happens, sometimes
- o End Droid
- o Windows - KerbeRoast
- o ComCyber - Challenge
- o P0wn3d
- o Windows - ASRepRoast
- o Windows - Group Policy Preferences Passwords
- o The h@ckers l4b
- o Windows - ZeroLogon
- o Neonazi inside
- x Windows - krbtgt history
- x Windows - sAMAccountName spoofing
- o Mersenne with 2
- o Bash/Awk - netstat parsing
- o Breaking Root-Me like it’s 2020
- o PyRat Auction
- o Root them
- o IPBX - call me maybe
- o Marabout
- o Root-We
- o Starbug Bounty
- o Ultra Upload
- o Well-known
- o A bittersweet shellfony
- o Bash - System Disaster
- o Django unchained
- o Imagick
- o MALab
- o SSHocker
- o Web TV
- o DasBox1 : Rififi in the lizardmen
- o SamBox v2
- o SamCMS
- o BBQ Factory - First Flirt
- x Extractor
- o Getting root Over it !
- o reQUACKier
- o Texode
- o BBQ Factory - Back To The Grill
- x In Your Kubernetass
- o DjangocatZ
- o Red Pills
- o Root Me, for real
- o SamBox v1
- o SAP Pentest 007
- o Crypto Secure
- o Bozobe Hospital
- o SamBox v3
- x ARM FTP Box
- o Bohemian RhapC2
- o I’m a Bl4ck H4t
- o SAP Pentest 000
- o Texode Back
- x Bluebox 2 - Pentest
- x Nodeful
- x Matrix terminal
- o Bluebox - Pentest
- o C for C-cure
- o Highway to shell
- x SamBox v4
80%
网络
685 Points28 / 35
- o FTP - authentication
- o TELNET - authentication
- o ETHERNET - frame
- x Kerberos - Authentication
- x NTLM - Authentication
- o Twitter authentication
- o Bluetooth - Unknown file
- o CISCO - password
- o DNS - zone transfert
- o IP - Time To Live
- o LDAP - null bind
- o OSPF - Authentication
- o POP - APOP
- o RF - AM Transmission
- o Data extraction
- o RF - FM Transmission
- o RF - Key Fixed Code
- o SIP - authentication
- o ETHERNET - Patched transmission
- o Global System Traffic for Mobile communication
- o HTTP - DNS Rebinding
- o SSL - HTTP exchange
- o Netfilter - common mistakes
- o SNMP - Authentification
- o Wired Equivalent Privacy
- o ICMP payload
- x Analog video
- o ARP Spoofing - Active listening
- o XMPP - authentication
- o RF - Satellite transmission
- x WPA2 - Enterprise
- x ARP Spoofing - The man in the middle
- o RF - L Band
- x RIPv1 - no authentication
- x WPA3 - SAE
96%
隐写术
505 Points23 / 24
- o EXIF - Metadata
- o Dot and next line
- o Steganomobile
- o Twitter Secret Messages
- o TXT - George and Alfred
- o WAV - Noise analysis
- o Poem from Space
- o Yellow dots
- o EXIF - Thumbnail
- o Mimic - Dummy sight
- o WAV - Spectral analysis
- o APNG - Just A PNG
- o Crypt-art
- o ELF x64 - Duality
- o PDF - Embedded
- o Genius ID
- o Kitty spy
- o PNG - Least Significant Bit
- o PNG - Pixel Indicator Technique
- o PNG - Pixel Value Differencing
- o Angecryption
- o Base Jumper
- o Hide and seek
- x PNG - EMD
100%
网络 - 客户端
1825 Points42 / 42
- o HTML - disabled buttons
- o Javascript - Authentication
- o Javascript - Source
- o Javascript - Authentication 2
- o Javascript - Obfuscation 1
- o Javascript - Obfuscation 2
- o Javascript - Native code
- o Javascript - Webpack
- o Javascript - Obfuscation 3
- o XSS - Stored 1
- o AST - Deobfuscation
- o CSP Bypass - Inline code
- o CSP Bypass - Nonce 2
- o CSRF - 0 protection
- o Web Socket - 0 protection
- o XSS DOM Based - Introduction
- o Flash - Authentication
- o XSS DOM Based - AngularJS
- o XSS DOM Based - Eval
- o CSP Bypass - Dangling markup
- o CSP Bypass - JSONP
- o CSRF - token bypass
- o XSS - Reflected
- o CSP Bypass - Dangling markup 2
- o CSP Bypass - Nonce
- o CSS - Exfiltration
- o Javascript - Obfuscation 4
- o Relative Path Overwrite
- o XSS - Stored 2
- o XSS DOM Based - Filters Bypass
- o Self XSS - DOM Secrets
- o CSPT - The Ruler
- o DOM Clobbering
- o Javascript - Obfuscation 6
- o Self XSS - Race Condition
- o Browser - bfcache / disk cache
- o HTTP Response Splitting
- o Javascript - Obfuscation 5
- o XS Leaks
- o XSS - Stored - filter bypass
- o XSS - DOM Based
- o Same Origin Method Execution
99%
网络 - 服务器
3045 Points96 / 97
- o HTML - Source code
- o HTTP - IP restriction bypass
- o HTTP - Open redirect
- o HTTP - User-agent
- o Weak password
- o PHP - Command injection
- o API - Broken Access
- o Backup file
- o HTTP - Directory indexing
- o HTTP - Headers
- o HTTP - POST
- o HTTP - Improper redirect
- o HTTP - Verb tampering
- o Install files
- o Nginx - Alias Misconfiguration
- o Nginx - Root Location Misconfiguration
- o API - Mass Assignment
- o CRLF
- o File upload - Double extensions
- o File upload - MIME type
- o Flask - Unsecure session
- o GraphQL - Introspection
- o HTTP - Cookies
- o Insecure Code Management
- o JWT - Introduction
- o XSS - Server Side
- o Directory traversal
- o File upload - Null byte
- o JWT - Revoked token
- o JWT - Weak secret
- o JWT - Unsecure File Signature
- o PHP - assert()
- o PHP - Apache configuration
- o PHP - Filters
- o PHP - register globals
- o PHP - Remote Xdebug
- o Python - Server-side Template Injection Introduction
- o File upload - ZIP
- o Flask - Development server
- o GraphQL - Injection
- o Command injection - Filter bypass
- o Java - Server-side Template Injection
- o JWT - Public key
- o JWT - Header Injection
- o Local File Inclusion
- o Local File Inclusion - Double encoding
- o Nginx - SSRF Misconfiguration
- o Node - Eval
- o PHP - Loose Comparison
- o PHP - preg_replace()
- o PHP - type juggling
- o Remote File Inclusion
- x Ruby on Rails - ransack
- o SQL injection - Authentication
- o SQL injection - Authentication - GBK
- o SQL injection - String
- o XSLT - Code execution
- o Elixir - EEx
- o JWT - Unsecure Key Handling
- o LDAP injection - Authentication
- o Node - Serialize
- o NoSQL injection - Authentication
- o PHP - Path Truncation
- o PHP - Serialization
- o SQL injection - Numeric
- o SQL Injection - Routed
- o SQL Truncation
- o XML External Entity
- o XPath injection - Authentication
- o Yaml - Deserialization
- o API - Broken Access 2
- o GraphQL - Backend injection
- o GraphQL - Mutation
- o Java - Spring Boot
- o Local File Inclusion - Wrappers
- o PHP - Eval
- o PHP - Eval - Advanced filters bypass
- o SQL injection - Error
- o SQL injection - Insert
- o SQL injection - File reading
- o XPath injection - String
- o File upload - Polyglot
- o NodeJS - Prototype Pollution Bypass
- o NoSQL injection - Blind
- o SQL injection - Time based
- o Java - Custom gadget deserialization
- o NodeJS - vm escape
- o Server Side Request Forgery
- o SQL injection - Blind
- o LDAP injection - Blind
- o PHP - Unserialize overflow
- o PHP - Unserialize Pop Chain
- o SQL Injection - Second Order
- o Python - dotenv
- o Python - Blind SSTI Filters Bypass
- o XPath injection - Blind
- o SQL injection - Filter bypass