Writeups for various CTFs competitions
Here is a list to various useful tools for CTF competitions.
- Wireshark to analyze network connections
- Postman to make HTTP requests
- OWASP ZAP for analysing website security. Features include requests analysis and forgery, fuzzing, etc...
- sqlmap for automatic SQL injection
- Ghidra to decompile
ccode. - Java decompiler
- gdb a C debugger
- OllyDbg a debugger for Windows programs
- Android studio to edit and analyse APK files and emulate APK
- Apktool for reversing APK files
- angr for symbolic execution. See writeup.
- pwntools a Python library for PWN
- ROPGadget search for gadget and ROP chain generation
- lib search database for ret2lib. See also writeup 32 bits and writeup 64 bits.
- file to determine file type
- strings to print all ASCII strings in file
- binwalk to find embedded files
- StegSolve an image solver
- Steg online for images
- Morse decoder
- MMSSTV for HAM transmissions
- Digital Invisible Ink Toolkit for images
- DeepSound for sound files
- Raw Pixels an online RAW image viewer
- Hexed.it to edit the bytes of a file
- Autopsy for device analysis
- https://www.dcode.fr/en It knows a lot of common cypher methods and does automatic uncyphering
- hlextend a Python library for length extension attacks on Merkle-Damgård hash functions
- Factorize big integers with http://factordb.com/
- Sherlock to scrap information on social media
- If you know the format of the flag, you can use
flag_converter.pyto quickly have the most common encoding of the flag, so you know what to look for during the competition ;) - https://www.asciitohex.com/ For quick conversion between ASCII, decimal, base64, binary, hexadecimal and URL
- https://gchq.github.io/CyberChef/ Same as asciitohex but more complete, with magic wand.
- https://upload.wikimedia.org/wikipedia/commons/d/dd/ASCII-Table.svg: An Ascci to decimal, hexadecimal, binary and octal table
- Deal with images in Python using PIL. See example writeup
This file holds some links to tasks I have failed in the past and whose writeup may be helpful later.
- Some task with Python bytecode: Puffer Overflow
- Ciphertexts with unknown but classical cipher: Video
- Hill cipher solver: Embrace the Climb
- Some task with an Arduino compiled binary: A Flash of Inspiration
- Blockchain: Bitcoin transaction vulnerability