banner
Fei_xiangShi

FXLOG

你在这里发现了我, 说明了什么呢?
HomeArchives

CTF Tool Collection

#CTF77
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The document discusses the need for a comprehensive collection of CTF (Capture The Flag) tools, particularly for beginners who want to become proficient in scripting. The author expresses a preference for Linux and aims to categorize tools by type, name, and usage examples. Key tools mentioned include: 1. **Decoding Tools**: - **随波逐流**: A one-click decoding tool that requires internet access for updates. - **XXencode**: An online decoding tool, but not usable in offline competitions. 2. **Cryptography**: - **gmpy2**: A library for high-precision arithmetic in Python. 3. **PWN**: - **pwntools**: A Python library for CTF challenges. 4. **Digital Forensics**: - **Volatility**: A memory forensics tool with various plugins for extracting information from memory dumps, such as environment variables, process lists, and console sessions. 5. **Miscellaneous**: - **jwt.io**: An online tool for encoding and decoding JWT tokens. - **SQL Injection**: Mention of a specific string related to SQL injection. The author emphasizes the importance of these tools for CTF participants and provides examples of how to use some of them.

Why is there no comprehensive list of CTF tools? It seems that to get started and become a script kiddie, one needs to know which scripts can be used... Anyway, Feifei wants to organize this kind of information, with a structure of category - name - introduction & usage examples.

These are just tools we like, and we prefer using Linux, so we won't list those that can't run or have very low performance. Well-known tools like BurpSuite won't be included either.

I found that Flowing Software Station provides some tools, so I'll help consolidate them.

Encoding and Decoding#

Flowing#

One-click decoding, download link: Official Website

However, this actually requires an internet connection to check for updates, which triggers my cyber cleanliness. I'll crack it someday.
Using Bottles to run the exe experience is also terrible, poor rating.

XXencode#

An online one-click decoding tool. Some offline competitions prohibit internet access, so we can only use Flowing (ugh).
Click to visit

Crypto#

This is mainly a math problem, using some Python libraries.

gmpy2#

High precision and high efficiency big number computation library.

pip install gmpy2

PWN#

pwntools#

pip install pwntools

Digital Forensics#

Volatility#

Memory forensics tool.

git clone https://github.com/volatilityfoundation/volatility3.git
cd volatility3
pip install -r requirements.txt

Usage Example#

envars is a plugin of Volatility used to extract and list environment variables from memory dumps. Environment variables contain some information about system and user configurations, such as paths, system settings, etc.

.\volatility -f .\1.raw --profile=Win7SP1x64 envars | grep 'n0wayback'

image

pslist is a plugin in Volatility used to list all processes in memory. It analyzes the process linked list in memory to list all active process information, including PID, process name, parent process, etc.

.\volatility -f .\1.raw --profile=Win7SP1x64 pslist

0xfffffa8001a022a0 mspaint.exe            2052   1028      6      120      1      0 2024-03-04 05:50:22 UTC+0000

0xfffffa8003c68a80 cmd.exe                4188   1028      3      111      1      0 2024-03-04 05:50:26 UTC+0000

0xfffffa800418c060 Code.exe                888   1028     31      696      1      0 2024-03-04 05:52:52 UTC+0000

Found the mspaint.exe process, proceeding with a memory dump.

memdump is a plugin in Volatility used to extract the memory image of a specific process from memory. This plugin extracts the memory content of the process based on the specified PID.

.\volatility -f .\1.raw --profile=Win7SP1x64 memdump -p 2052 -D ./

consoles is a plugin in Volatility used to extract and list session information related to consoles. Console sessions refer to active sessions of command-line tools (like cmd.exe or powershell.exe), and Volatility will list their details. Specifically, the consoles plugin displays all relevant data of console sessions present in memory, including session ID, command history, executed commands, etc.

.\volatility -f .\1.raw --profile=Win7SP1x64 consoles

image

Miscellaneous#

jwt.io#

You can encode and decode JWT Tokens online.

SQL Injection#

ffifdyop#

md5(ffifdyop) = 'or'66�]��!r,��b

This universal truth constant can be used for injection after md5.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.