Skip to content

anocendi/copy-of.vulnerable.codes

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
add-challenge
add-challenge
 
 
challenges
challenges
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
banner.svg
banner.svg
 
 
logo.svg
logo.svg
 
 

Repository files navigation

Vulnerable Codes Logo Vulnerable Codes Platform

The Story of Vulnerable.Codes

This is how this whole thing started ✨ - I was in a restaurant and a guy I used to work with showed me a Facebook post of a source code review challenge and it clicked! 💡 I thought, what if I want to practice this skill? Especially as a vulnerability researcher 🔍 - is there a website or platform for this? When I couldn't find any, I decided to build it! 🛠️ Unfortunately, running and maintaining the platform is time consuming and expensive 💸, and I'm too busy hunting 0days 🐛, but at the same time I know this platform has helped a lot of people 💪. So I decided to open source it - which was always the plan to give back to the community ❤️. Now it can be totally in the hands of the community where it belongs! 🌱🌟

Features

  • Practical Learning: Focus on real-world code examples rather than theoretical concepts
  • Varied Difficulty Levels: Challenges range from Easy to Hard to accommodate learners at all stages
  • Categorized Challenges: Organized by vulnerability type, software, and impact
  • Community Driven: Submit your own challenges and solutions via GitHub

Getting Started

  1. Browse the /challenges directory to find a vulnerability that interests you
  2. Each challenge contains vulnerable code samples, context, and learning resources
  3. Try to identify and understand the security issue before checking the solution
  4. Submit your own solutions and challenge ideas through GitHub pull requests

Challenge Structure

Each challenge in this repository follows a standard format:

/challenges/
  /CVE-YYYY-NNNNN-Name/
    README.md         # Challenge description
    solution.md       # Detailed solution explanation

Challenge Format

Each challenge README.md follows a consistent template that includes:

  • Header: CVE number, product name, and an emoji representing the vulnerability type
  • Badges: Vulnerability type, programming language, and difficulty level
  • Description: Brief explanation of the vulnerability and its impact
  • Vulnerable Code: Code snippet showing the problematic code
  • Questions: Specific questions about the vulnerability for learners to answer
  • Hints: Progressive hints to guide learners (in collapsible sections)
  • References: Links to official CVE details and relevant security advisories

Solution Format

Each solution.md includes:

  • Vulnerability Analysis: Detailed explanation of the technical issue
  • Exploitation Details: Step-by-step explanation of how the vulnerability can be exploited
  • Correct Answers: Clear answers to the challenge questions
  • Mitigation: Explanation of how to fix the vulnerability, often including corrected code

Badge Guidelines

  • Difficulty:

    • Easy: Green (success)
    • Medium: Orange (orange)
    • Hard: Red (critical)

  • Vulnerability Type: Always Red (critical)

Emoji Guide for Vulnerability Types

  • 🔥 Command Injection/Code Execution
  • 💉 SQL Injection
  • 📃 XSS/HTML Injection
  • 📦 Deserialization
  • 🔓 Authentication Bypass
  • 🌐 SSRF
  • 📄 File Operations (read/write)
  • 🧠 Logic Flaws
  • 🧙 Image Processing
  • 💾 Memory Corruption

Contributing

We welcome contributions from the security community! To submit a new challenge:

  1. Fork this repository
  2. Create a new challenge following our template structure
  3. Submit a pull request with your addition

To help you get started, check out the /add-challenge/ folder, which contains:

  • Empty Challenge Template.md - Template for creating new challenge README files
  • Empty Solution Template.md - Template for creating solution files
  • Template Instructions.md - Detailed guidelines on using the templates

Please follow these templates to maintain consistency across challenges. For more detailed contribution guidelines, see our CONTRIBUTING.md.

Top Contributors

Xeno Kovah

Xeno Kovah

Low-Level Security Dude

GitHub

Community

  • Join our Discord server to discuss challenges
  • Follow us on LinkedIn for updates
  • Share your progress and insights using #VulnerableCodes

License

This repository contains materials under different licenses:

  1. Original template files and structure: Licensed under the MIT License - see the LICENSE file for details.

    • When using these templates, please credit Mohammad Hussam Alzeyyat (@mhzcyber) and other contributors to vulnerable.codes.

  2. Some challenge materials: Licensed under CC-BY-SA 4.0

    • These materials are derived from Xeno Kovah & Kc Udonsi's 'Vulnerabilities 1001: C-Derivative Software Implementation Vulnerabilities' class (https://ost2.fyi/Vulns1001) and 'Vulnerabilities 1002: C-Derivative Software Implementation Vulnerabilities' class (https://ost2.fyi/Vulns1002)
    • When using these specific challenges, you must maintain this attribution and license.

Which license applies to what?

  • MIT License: Applies to all template files and original challenges created by contributors to vulnerable.codes.
  • CC-BY-SA 4.0: Applies to any challenge that explicitly mentions this license within its files.

If you're uncertain about which license applies to specific content, please contact the repository owner.

This project is licensed under the MIT License - see the LICENSE file for details.

About

This is the open source version of vulnerable.codes platform.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published