Hi there! This is a (hopefully) beginner friendly CTF I developed at UC Davis as a course called ECS189M (Hands-On Cybersecurity). Now that the course is concluded, I'm going to make all the challenges public so anyone can attempt them. There are challenges covering Linux basics, webapp exploitation, binary exploitation (memory corruption) and some light cryptography, and some final challenges that tests all of the above. If it sounds fun, feel free to register an account and get started! (You may use fake emails if you care about privacy, I won't check.)
Even if you don't know anything about computer security, it's totally fine! You should have some C, and preferrably Python, programming experience, and a willingness to learn, and that's it! (Although knowing assembly will help out a lot.) You can check out my slides to get you started:
https://drive.google.com/open?id=1QfTjGH16r33FNQ-s73DkWUMvABW9faLb. Feel free to ask me to clarify stuff if it's not clear.
The source code for everything is also public on Github:
https://github.com/rkevin-arch/ECS189M, but it
might contain spoilers if you want to attempt the challenges legit. I also ask you to
not post public solutions, since we might end up changing some content and reusing it as a part of another course at Davis. That said, if you're looking to host your own CTF, this repo has solved some problems for you, like letting people SSH into an isolated container and allowing people to work on different instances of the same webapp without interfering with one another. Let me know if you need help setting it up.
Keep in mind that this is hosted on a crappy personal server in my closet, so it's probably decently easy to Denial-of-Service it.
Please be courteous to others who are also solving the challenges and not overwhelm the server. If you did break something accidentally or found a privilege escalation to root or container breakout, please let me know at rk@rkevin.dev, thanks!
Anyway, good luck, and have fun!
ECS{W3LC0M3_0E08436ACF7DA35A9D508E7A3BF8690A}