WeCTF

Yet another Web-only CTF

Starting at 6/19 10:00AM - 6/20 10:00AM PDT. Join our Slack channel to get notifications and scroll down to find more details.

Join our Slack Channel!
mac

Introduction

WTF is CTF?
WeCTF is a Web-only CTF with both intro-level and diabolic challenges. Our vision is to help expose some of the latest vulnerabilities in the web technologies, such as side channeling and race condition, as well as reminding people about the good old times, like SQL Injection and SSRF. That said, here are a few points we would like you to know before you start playing WeCTF:

Programming Languages: Python, Golang, PHP, C++, Javascript. All challenges are coded in these languages and source code of most challenges would be released. Although it is not required (we do write a lot of comment to our code), we recommend participants to understand some basic stuffs about these programming languages.

Services: Redis, SQLite, Flask, etc. Most of the challenges are based on these services so get familiar with them! In case you would like to know where to learn, here is a great place: youtube.com


FAQ

  • Can pwners and crypto gurus participate?

    Yes, some challenges would even require you to leverage concepts from pwn. If you have no experience in Web part of CTF, then this would be a great way to start.

  • Are challenges guessy?

    No, though some challenges may require you to do a professional guess (e.g. SQL injection when you see ?id=1).

  • Would it be too easy for me?

    I dont know

Rules

  • We allow a team to have up to ∞ members

  • Sharing flags and solutions is strictly prohibited.

  • You are not allowed to DDoS and bruteforce in any challenges or this website.

  • Be respectful to other teams.

  • Please do not attack beyond the challenges based on common-sense.


Policies:


  • We may choose to disclose you team name & IP if you have conducted DDoSing against our infrastructure.

  • Do not use your daily password anywhere through out the CTF.

  • Follow common-sense.


Scoring:


Following CCC's algorithm:
-- @base + ( @top - @base ) / (1 + (max(0, solves -1)/ 11.92201) ** 1.206069)


Flag Format: we{[UUID]@[[email protected]\$%\^\(\)=]+}


Example Flag: we{[email protected]}


Flag Location: /flag.txt, SELECT flag FROM flags, COOKIE or specified in the challenge.


People

Sponsors:

This can be you!

Google Cloud

Past Sponsors:

Digital Ocean

Organizers:

shou 🐷

author of challenges && platform

qisu 🐼

author of challenges


Credits:


Version 4.1.1c