the

pain

a CTF project

bg

rose 🥀 (API based)

Rose is a pure API based CTF which covers a lot of common mistakes made by API developers, a few lesser known quirks in Django's framework, and also some of the recently disclosed techniques in API contexts. Your goal is to get the flag.txt file from the server.

Play rose 🌹

breezed 🍃 (web based)

Breezed is a web based CTF involving subtle real world scenarios - have an open mind and don't brute-force anything!

Play breezed 🍃

TakeMyFlag (Android based)

TakeMyFlag is an Android based CTF which revolves around an understanding of Android's application components. There are no hidden secrets in the code, or any obfuscation that needs to be reversed. There are, however, a few rules.

  • No frida allowed.
  • No manual invoking of activies using ADB / Drozer allowed.
Play TakeMyFlag

CTFlutter 🤖 (Android + Flutter based)

CTFlutter is an Android based CTF with an added layer of Flutter functionality. There are 2 flags to be found.

  • No manual invoking of activies using ADB / Drozer allowed
  • Yes, both the flags is stored in the app's private directory, simply reading them from a root shell is not the intended way.
  • Your goal is to find both the flags using dynamic analysis. You may create a 'malicious' app to interact with the app and get the first flag.
Play CTFlutter 🤖