A composite list of various vulnerabilities and tools to look for and use while exploiting common CTF challenges
Tool |
Description |
Link |
Wireshark |
Capture packets sent by devices and analyze pcap files |
Wireshark |
pkcrack |
Crack zip passwords or run known plaintext attacks |
pkcrack |
volatility |
Analyze memory dumps |
volatility |
rockyou.txt |
List of common passwords helpful in many categories |
rockyou.txt |
Aperi Solve |
Image forensics tool that runs many stegonography tools |
Aperi Solve |
Audacity |
Analyze, visualize, and modify audio files |
Audacity |
SleuthKit |
Analyze disk drives and dumps |
SleuthKit |
John The Ripper |
General purpose password cracker |
John The Ripper |
dsniff |
Sniff passwords from packet capture files |
dsniff |
foremost |
Extract files from other files by header |
sudo apt install foremost |
stegsnow |
white space steganography |
sudo apt install steganography |
Tool |
Description |
Link |
RequestBin |
Capture web requests |
RequestBin |
revshells |
Generate reverse web shells for upload to a variety of different server types |
revshells |
BurpSuite |
Intercept http requests, analyze them, and modify them before sending |
BurpSuite |
sqlmap |
Automate sending sql injection payloads and detect sql injections on webpages |
sqlmap |
SQL Injection |
SQL Injection authentication bypass cheatsheet |
sql cheatsheet |
SUID Find |
Find SUID binaries on a linux system using find / -perm -u=s -type f 2>/dev/null |
|
root binary find |
Find binaries that run with root privileges |
sudo -l |
Dirbuster |
Find hidden directory and file paths on web servers |
Dirbuster |
Postman |
General purpose HTTP request debugger and generator |
Postman |
Tool |
Description |
Link |
ir0nstone |
PWN tutorials containing many resources/scripts for solving pwn challenges |
ir0nstone |
pwntools |
Python library for prototyping and writing exploits |
pwntools |
ROPGadget |
Tool for find ROP tools and crafting ROP chains |
ROPGadget |
shellstorm |
Database of shellcode in both assembly and byte format |
shellstorm |
Wiremask Buffer Overflow |
Buffer overflow pattern generator that when combined with gdb can determine the offset to EIP/RIP when no canary is present |
Wiremask |
one_gadget |
Find ROP gadgets specifically for spawning a shell i.e ROPing to execve('/bin/sh/, NULL, NULL) |
one_gadget |
checksec |
check binary security properties of the executable revealing which attack vectors will be possible |
sudo apt-get install checksec |
Guide to Reading Assembly |
The faker's guide to reading (x86) assembly language |
Assembly Guide |
Tool |
Description |
Link |
Ghidra |
Reverse Engineering toolkit for decompiling binaries into C code for static analysis |
Ghidra |
Uncompyle |
Decompile Python binaries |
Uncompyle |
angr |
Binary analysis platform for Python with static/dynamic analysis support and symbolic execution |
angr |
jdgui |
Java decompiler for .class files |
jdgui |
IDA Freeware |
Binary code analysis and reverse engineering |
IDA Freeware |
ImHex |
Hex Editor for reverse engineering with patterns |
ImHex |
Tool |
Description |
Link |
alpertron |
Factor very large integers |
alpertron |
factordb |
Database of many factored large integers |
factordb |
CyberChef |
Generally useful for analyze encoded/encrypted strings and files |
CyberChef |
z3 |
Theorem prover |
z3 |
OR-Tools |
Similar to z3 but supposedly faster |
OR-Tools |
RsaCtfTool |
Python script for automatically running known RSA attacks given various inputs |
RsaCtfTool |
sage |
Fast math good. Fast math as python library good for quick scripting solutions |
sage |
xortool |
Good for multi-byte xor analysis |
xortool |
randcrack |
Predict values generated by Python's random module |
randcrack |
RSA Algorithm |
A nice explanation of the RSA algorithm by Lei Mao |
RSA Tutorial |
Elliptic Curves |
Elliptic Curve notes by Ben Lynn |
Elliptic Curves |
cryptopals |
Website with learning tools and challenges for learning about cryptography |
cryptopals |
Tool |
Description |
Link |
ARPSyndicate |
List of helpful OSINT resources |
ARPSyndicate |
Epieos |
OSINT Tool search engine that performs a variety of searches |
Epieos |
Category |
Title |
Link |
crypto |
Solving problems with the LLL algorithm |
LLL |