This won't be a long blog post, just a little pointer to an A/D CTF challenge that I created last year: A damn vulnerable web framework written in bash.
Last year, my university hosted the ENOWARS 3 A/D CTF and I created a completely new CTF challenge. Its name is Shittr and the code is on Github.
It is a web service built upon a self-made web framework. The best thing: It is completely written in bash and command-line tools.
There are a lot of vulnerabilities to find and to exploit. Have a look and have fun :-)
-=-