First, customize the variable org-babel-load-languages, save, and then you can work as normal
You can do this with eww
This book covers the practical tools, tips, and references for CTF hacking contests. I assume you have what I call the “hacker spirit”, where you can do self-directed exploration of a subject. If you are the type of person who needs an instructor to point you to the next thing to learn, then computer security is probably not the right field for you.
In this book we assume you already have a working knowledge of:
- UNIX and the command line. Personally years ago I learned reading UNIX in 24 hours.
- You have access to a UNIX system. For example, you can rent a server for $5/month at Digital Ocean, or you can install a virtual machine, e.g., via vagrant.
- The ability to use a UNIX text editor. Some get by on
nano, I recommend learningvimas well. (Real programmers knowemacs; consider learning it eventually.) - Some python experience. I’ve found that really good CTF hackers are also typically very experienced with python. You can use Learn Python the Hard Way as a good introduction.
In addition, to solve many reversing and binary exploitation challenges you must know:
- The C Programming Language. (Note: C++ is a related, but different language. I recommend C). I do not have any experience recommending books. One possibility is the free wikibooks Little C Primer.
- Compilation and basic debugging of compiled programs on x86. We
call compilied programs “binaries”. At CMU, we require most
students to take Introduction to Computer Systems. As part of that
course, students read Computer Systems:A Programmers Perspective.
I highly recommend this book. In particular, you should be an
expert in material at least up to Chapter 3. In particular, I
assume you know the GNU debugger
gdb, and theobjdumputility.
This book is the product of the Spring 2015 18739L class at Carnegie Mellon University.
This e-book is mostly written and edited in emacs org-mode. This is my first time using org-mode for a book. Most of the links and tools were provided by students in the 18-739L course in Spring 2015.
peda is a GDB plugin that provides enhanced UI and python integration. Highlights disassembly. searchmem is useful for searching for your input string. checksec also checks general security properties of the executable.
IDA Pro is the DE factor standard tool for navigating binaries. The free version is adequate for most needs. You should get use to solving problems without the decompiler plugin. The full decompiler is nice, but don’t make it a crutch.
The most common tasks, by shortcut, are:
xto see what calls a function.nto rename (usually to something memorable)
Spending a few days with the IDA Pro book is worthwhile, especially Section 2 on basic IDA usage.
Reliability in connections.
Fuzzers tend to have less value in CTF problems that real world
security scenarios. However, it is still useful to know how to
fuzz. In practice, zzuf and afl-fuzz tend to be the most popular
currently for quick, black-box fuzzing.
While we assume basic UNIX experience, there are unique CTF-specific tasks often crop up. This is grab-bag of such tricks and tips. We use the program named `ctf` to stand in for any CTF program.
Suppose you want to provide a long input to a program. We can use our
one-liners from above to generate the input, and use the modern shell
feature of using (<cmd>).
For example, the following command will run python in a subshell
with a small one-liner that prints 40 A characters in a row.
echo $(python -c 'print "A"*40')The results are:
Of course you can run any unix command. The following echos /bin/ls
to objdump, which then pipes to head to print the first 5 results:
objdump -D $(echo /bin/ls) | head -5Another (and older) method is to use backticks:
echo `python -c 'print "B"*40'`The results are:
Using the (<cmd>) syntax is newer and the recommended method for
invoking a command. The backticks have been deprecated in favor of $()
for command substitution because $() can easily nest within itself as
in $(echo foo$(echo bar)). There are also minor differences such as
how backslashes are parsed in the backtick version[fn:1].
[fn:1] See Shell Programming: What’s the difference between $(command) and `command`
- tjis is an item
On level 13 of IO, you are not given read access to the binary. The
trick here is to use ptrace. ptrace allows a parent process to
step through a child. You can also use xobinary potentially.
SAGE. Nice example is rsa picoctf problem. tjbecker has the example. (need to implement your own gcd)
atm: