breakthenet/HackMe-File-Upload-Challenges breakthenet/HackMe-File-Upload-Challenges

  • Stars
    star
    101
  • Rank 337,126 (Top 7 %)
  • Language
    PHP
  • Created over 8 years ago
  • Updated almost 8 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
breakthenet/HackMe-File-Upload-Challenges
github

breakthenet

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Hack your friend's online MMORPG game - specific focus, php file upload scripts

File Upload Challenges

These challenges are set in a Text-Based 'MM'ORPG Game based off Mccode Lite Game Engine (GPL)

Deploy to your own Heroku instance with this button below, then complete the challenges!

Deploy

For each challenge, you have 'beat' it if you can successfully get php code you wrote to run on the server. A quick and easy test script would look like this:

Challenges:

Challenge 1: File extension validation

Challenge 2: Mime types client-side

Challenge 3: Mime types & image validation server-side

Challenge 4: More strict file extension validation

Challenge 5: Combo attack with local file inclusion

Challenge 6: Seeing what's possible with file upload (such as php web shells).

Note that useful information for testing and debugging will be logged to the Papertrail app in your heroku instance. Open papertrail to view those streaming logs.

More Repositories

1

HackMe-SQL-Injection-Challenges

Pen test your "friend's" online MMORPG game - specific focus, sql injection opportunities
PHP
413
star
2

HackMe-Social-Engineering-Challenges

Help a buddy prank his colleagues! Show your mettle with spoofing emails, malicious attachments, spoofing sms, and spoofing phone calls to get access to voicemail
Python
93
star
3

HackMe-XSS-CSRF-Challenges

Hack your friend's online MMORPG game - specific focus, csrf/xss attacks
PHP
89
star
4

Tools-and-Techniques

A repository of knowledge accumulated that may help in the other BTN challenge repos
13
star
5

CTF-XSS

XSS cookie stealing challenge - single button deploy, just set your custom CTF Flag in the setup process!
PHP
7
star
6

CTF-Wordpress-Metasploit

PHP
2
star
7

CTF-SQL-Injection-AuthCode

SQL Injection bypass auth code challenge - single button deploy, just set your custom CTF Flag in the setup process!
HTML
2
star
8

CTF-SQL-Injection-Login

SQL Injection login as admin challenge - single button deploy, just set your custom CTF Flag in the setup process!
HTML
2
star
9

CTF-SQL-Truncation

SQL Truncation challenge - single button deploy, just set your custom CTF Flag in the setup process!
PHP
1
star