Skip to content

zrnge/try-hack

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

🏴‍☠️ TRY-HACK.COM — Client-Side CTF Platform

A fully static Capture The Flag platform hosted on GitHub Pages. Learn cybersecurity by exploiting real vulnerabilities — all running in your browser with zero server infrastructure.

🌐 Live at: try-hack.com


🎮 What Is This?

TRY-HACK.COM is an educational CTF platform with 44 challenges across 8 categories. Every challenge runs entirely client-side — no backend, no databases, no server required.

Each challenge embeds a hidden flag (format: FLAG{...}) that can only be found by exploiting the intended vulnerability.


🧩 Categories

Category Count Challenges
🌐 Web Applications 21 Hidden Comment, Inspect Vault, Redirect Trap, Script Kiddie, Cookie Monster, Profile Peeker, Encoded Secrets, SQLite Injection, Token Forge, Template Trickster, Path Walker, Prototype Poisoner, DOM Clobber, Race the Clock, The Final Hack, Locked Down, Invisible Ink, Client-Side Login, Base32 Vault, Session Hunter, The Naive Filter
💥 Binary Exploitation 3 Stack Smasher, Format String, Integer Overflow
🌐 Network Forensics 3 Packet Detective, Header Inspector, DNS Exfil
🔍 Digital Forensics 3 Disk Dumpster, EXIF Detective, Log Sleuth
🔄 Reverse Engineering 4 Obfuscated Key, XOR Chain, Tiny VM, Caesar Wheel
🖼️ Steganography 3 Pixel Smuggler, Whitespace Message, Zero Width
📡 Recon / OSINT 3 Subdomain Sweep, Robots Disallow, Exposed .git
🎓 Academic Challenges 4 Weak RSA, Single-Byte XOR, Binary to ASCII, Vigenère

Total: 44 challenges


🚀 Getting Started

Play Online

Visit try-hack.com and start hacking!

Run Locally

# Clone the repository
git clone https://github.com/zrnge/try-hack.git
cd try-hack

# Serve with any static server
npx serve .
# or
python -m http.server 8000

Open http://localhost:8000 in your browser.


🔧 Tech Stack

  • Pure HTML/CSS/JS — No frameworks, no build step
  • sql.js (WASM) — Real SQLite database in the browser for SQL injection challenge
  • Web Crypto API — SHA-256 flag validation
  • GitHub Pages — Free static hosting

🛡️ Anti-Cheat

Flags are stored as SHA-256 hashes in the source code. While determined players could reverse-engineer the challenges, the real value is in learning the exploitation technique. Each flag is only obtainable through the intended vulnerability path.


Deploy to GitHub Pages

  1. Create a new repository on GitHub and push this project to the main branch.
  2. Go to Settings → Pages in the repo.
  3. Under Build and deployment, select Deploy from a branch and choose main / (root).
  4. The CNAME file already contains try-hack.com, so GitHub Pages will use your custom domain.
  5. In your DNS provider, add an A record for try-hack.com pointing to GitHub Pages IPs:
    • 185.199.108.153
    • 185.199.109.153
    • 185.199.110.153
    • 185.199.111.153 Or add a CNAME record for www pointing to zrnge.github.io.
  6. Wait a few minutes for DNS + HTTPS certificate provisioning, then visit https://try-hack.com.

No build step is required. Everything is static HTML/CSS/JS.


📝 License

MIT License — Use this for education, workshops, and CTF events.


❤️ Contributing

Found a bug? Want to add a challenge? PRs are welcome!

  1. Fork the repo
  2. Create your challenge in challenges/CATEGORY/XX-slug/index.html
  3. Add the challenge metadata to js/challenges.js with the matching category and categoryPath
  4. Submit a PR

👤 Developer

Built by zrngezrnge.com · github.com/zrnge/try-hack


Built with 🏴‍☠️ for the cybersecurity community.

About

Learn cybersecurity by exploiting real vulnerabilities — all running in your browser with zero server infrastructure.

Topics

Resources

License

Code of conduct

Contributing

Stars

0 stars

Watchers

0 watching

Forks

Contributors