// the find
ab/stripe-ctf
Source code and sample exploits for the Stripe CTF Winter 2012
Source code and solution exploits for Stripe's 2012 winter CTF challenge — six levels of progressively harder C/PHP security vulnerabilities. Aimed at developers who want to study classic binary and web exploitation techniques by reading both the vulnerable code and the reference solution side-by-side.
Each level ships both the vulnerable program and a working exploit, so you can see exactly what the attack is targeting. The C code is intentionally minimal, which makes the vulnerability surface easy to read. Covers a practical spread: buffer overflows, format string bugs, PHP injection, and privilege escalation — all patterns still relevant today. The Stripe wrap-up post provides author commentary that most CTF archives skip.
Abandoned in 2012 — no updates, no tooling, and the original challenge infrastructure is long gone so you're running these offline with no leaderboard or hints system. 32 stars in 14 years tells you this never became a go-to reference. Six levels is thin; modern security curricula like pwn.college or picoCTF cover orders of magnitude more ground. The level05 binary ships without source, which is intentional for the challenge but annoying for study.