Skip to main content


In this page you will go through the structure and most important features of this repository. It is ideal that you become familiar with its structure before you start trying to post solutions, as it is big and you might feel lost.

Solutions are stored in the following folders of the repository:


Folder to store programming challenges.


<site> (directory)
โ””โ”€โ”€ <challenge-id> (directory)
โ”œโ”€โ”€ <login-gitlab.ext> (solution file)
โ””โ”€โ”€ <login-gitlab.yml> (YAML file)


1.1. Rules#

  • The naming of all files and folders, must not exceed 35 characters, written in lowercase, without any special characters and in case a white space needed use a - (dash) to replace it.

  • Vulnerability folders in vbd have the following naming structure:

    • <cwe-code>-<exploit-name> where:
    • <cwe-code> is the four digit code of the vulnerability
    • <exploit-name> is the name of the vulnerability
    • Example 0384-smgmt-cookies-httponly

1.2. Files#

Some of the folders described in the structure contain special files:

  • LINK.lst: Contains the challenge URL. This file must only have one line with the challenge link and it must give an HTTP 200 response when visiting it (No redirection).

  • DATA.lst: Contains the test cases with which the challenge was validated. This file should only contain test cases that are immediately processable by any solution file.

  • OTHERS.lst: It contains the links to the external solutions found on the Internet for that challenge. They must not be read or used as a reference to solve the challenge. This file allows an automatic script to perform a similarity analysis with the challenges sent by the candidates.