CTF
I've been playing lots of CTFs lately and there's lot to learn in them and some times the challenges are either repeated or are of similar type so it's better to keep a record of them. So I started making CTF notes.
Just some tools we use
Nikito:
SQLmap
Radare2
cutter:
GUI mode of radare2
pwndbg
with
pedas: https://github.com/longld/peda​
voltron: https://github.com/snare/voltron​
checksec
​https://github.com/slimm609/checksec.sh​
Check if canary etc are enabled or not
​https://quipqiup.com/​
caesar: https://cryptii.com/pipes/caesar-cipher​
vignere: https://www.guballa.de/vigenere-solver​
rot: https://www.dcode.fr/rot-cipher​
Substituion: https://www.guballa.de/substitution-solver​
​I.C calculator​
Use this if you have no clue which type of cipher it is.
General
​https://quipqiup.com/​
RSA:
​https://www.alpertron.com.ar/ECM.HTM​
Best for factorizing etc
Also some scripts written in python.
libnum
Python library
md5 hash
For mathematics
Use sympy or sage
sympy: https://github.com/sympy/sympy​
sage:
John the ripper
Metasploit framwork
Git related task:
gittools: https://github.com/internetwache/GitTools/​
vsftp
First thing to check is that if the given vsftp version isn't vulnerable to any kind of know vulnerability
Could be simple as: https://ctftime.org/writeup/12060​
​dirb​
Look for all the accesible directories on a server
Not always useful but sometime a life saver
hydra along with our lovely
rockyou.txt​
Ripgrep
strings
cat
|(pipe)
Hack scripts
CTF wiki
Terminator ?
There are already many great lists that would help you during CTF. Some good list to check out are:
trailofbit's CTF Guide​
A very good guide to get an idea about CTFs and different type of challenges
John Hammond's CTF Katana​
Really good and short notes.
He keeps track of all the
not so commonchallenges from CTFs
​CTF Candy​
Good notes on web challenges
​Security tips​
Very good notes on WEB and RE/PWN category
​CTF Wiki​
Good notes on WEB and CRYPTO
​Knowledge base​
