Skip to content

Latest commit

 

History

History
180 lines (126 loc) · 3.89 KB

README.md

File metadata and controls

180 lines (126 loc) · 3.89 KB

CTF Framework

[toc]

CTF Framework, Save you time and exploit quickly

Start

pwn docker

python3 start_docker.py 20.04

r809pwn

git clone https://github.com/r888800009/CTF-tool
cd CTF-tool
pdm install
$(pdm venv activate)
import r809pwn.lib

gdb toolbox

toolbox should run after apogiatzis/gdb-peda-pwndbg-gef installed

python3 ./instal_gdb_toolbox.py

current toolbox include

fork is backup if original repo is deleted

there are some useful tools, but not include in this repo,

firmware analyze

We call binwalk on the backend

import r809firmware
r809firmware.list_file_system('~/firmware.img')

Dependencies

  • docker
  • pwntools

Web

SQL encoder

>>> r809web.mysql.concat('asd')
'concat(0x61,0x73,0x64)'

Hash Tool chains (TODO)

import r809web.hash_tools

Hash Extractor (TODO)

use

hash_extractor(['sensitive.html', 'sensitive.txt'])

a tool extract all passable hash value from html or text file, after that can be cracked by rainbow table

  • md5: [0-9a-f]{32}

ref:

Rainbow table searcher (TODO)

a tool search hash on rainbow table online or local database

use

rainbow_table(['21232f297a57a5a743894a0e4a801fc3', 'ee11cbb19052e40b07aac0ca060c23ee'])

Output

['admin', 'user']

or

'could not find a hash in the databases'

PWN

  • test_pwn_heap_rwx.cpp 用來檢查 mappings
    • heap 能否執行和 kernel 版本有關聯
    • 如果採用 docker 需要注意 host kernel
  • Old Ubuntu Releases
  • ./libc-extractor.sh 20.04

todo

Fuzzer

Sensitive Path

Todo

  • Auto-gen payload reading
/proc/pid/*

Docker

  • pwn_docker/
    • ./setup_docker.sh 20.04

Build docker

cd pwn_docker/
docker build . -t ctf_ubuntu1804 --target ctf

# only devtools
docker build . -t ubuntu1804 --target basic
docker build . -t ubuntu_latest --target basic --build-arg VERSION=latest

# ubuntu 20.04
docker build . -t ctf_ubuntu2004 --target ctf --build-arg VERSION=20.04

# latest
docker build . -t ctf_ubuntu_latest --target ctf --build-arg VERSION=latest

Run docker

docker run --rm -it ctf_ubuntu1804 /bin/bash
docker run --rm -it -v $(pwd):/work ctf_ubuntu_latest bash

check ubuntu version

docker run --rm -it ctf_ubuntu1804 cat /etc/os-release
docker run --rm -it ctf_ubuntu2004 cat /etc/os-release
docker run --rm -it ctf_ubuntu_latest cat /etc/os-release

Maybe need --cap-add=SYS_PTRACE