picoCTF toolkit
Tools in picoCTF
- catagory
- tool
- format
- link(s)
- if anything below format is empty / incomplete its probs coz i havent used it enough or forgot about how to use it when i wrote this, and or its self explanitory
- description if applicable
- sub notes
- end with a RTFM for any more info coz if you need any more info it could be outdated this is just to quick remember things exist / how to download it
- sub notes
- description if applicable
- format
- tool
- General Exploit tools
- pwntools
- Python, CLI
- https://docs.pwntools.com/en/stable/
- pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.
- if you do
import pwn
orfrom pwn import *
, you will have access to everything you need to write an exploit. - Pwntools is best supported on 64-bit Ubuntu LTS releases (14.04, 16.04, 18.04, and 20.04). Most functionality should work on any Posix-like distribution (Debian, Arch, FreeBSD, OSX, etc.). so get ready to use wsl or a linux machine :D
- if you must use python 2 u need a specific version of pip
$ apt-get update $ apt-get install python python-pip python-dev git libssl-dev libffi-dev build-essential $ python2 -m pip install --upgrade pip==20.3.4 $ python2 -m pip install --upgrade pwntools
- otherwise python 3 works as normal
$ apt-get update $ apt-get install python3 python3-pip python3-dev git libssl-dev libffi-dev build-essential $ python3 -m pip install --upgrade pip $ python3 -m pip install --upgrade pwntools
- When installed with
sudo
the above commands will install Pwntools’ command-line tools to somewhere like/usr/bin
. An error will occur, so add~/.local/bin
to your$PATH
environment variable.
- if you must use python 2 u need a specific version of pip
- heres a link to the tutuorial https://docs.pwntools.com/en/stable/intro.html#tutorials
- if you do
- pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.
- https://docs.pwntools.com/en/stable/
- Python, CLI
- pwntools
- Disk Analasys
- Autopsy
- GUI
- GUI
- Sleuthkit
- CLI
- fls
- cli
-
$ fls -o 360448 disk.flag.img 3981 r/r * 2082(realloc): flag.txt r/r 2371: flag.uni.txt
-
- cli
- icat
- cli
- read sector data
-
$ icat -o 360448 disk.flag.img 2371 picoCTF{flag_you_arnt_allowed_to_get_for_free}
-
- read sector data
- cli
- Gunzip
- CLI
- man gunzip
- works on .gz files
- using ```gunzip disk.flag.img.gz``` basically spits out the copressed file then deletes file from the few times ive used it but idk
- man gunzip
- CLI
-
Dump the partition table of the disk image. We want to find the offset to the main partition:
$ mmls disk.flag.img DOS Partition Table Offset Sector: 0 Units are in 512-byte sectors Slot Start End Length Description 000: Meta 0000000000 0000000000 0000000001 Primary Table (#0) 001: ------- 0000000000 0000002047 0000002048 Unallocated 002: 000:000 0000002048 0000206847 0000204800 Linux (0x83) 003: 000:001 0000206848 0000360447 0000153600 Linux Swap / Solaris x86 (0x82) 004: 000:002 0000360448 0000614399 0000253952 Linux (0x83)
- Autopsy
- Packet Sniffer?
- wireshark
- gui
- tshark
- cli
- wireshark
- files?
- find
- cli
-
find / -type f -name "*flag*" -print
-
- cli
- general linux commands that i keep forgetting
- uname -a
- general system informatiojn
- lshw
- hardware info
- lscpu
- cpu info
- free -m
- memory info
- df -h
- disk usage
- lsusb
- usb devices
- ip addr
- network config
- ifconfig
- other network config
- htop
- cli task manager
- ps aux
- lists pid/tasks
- lshw
- ???
- uname -a
chroot to other linux drive from img
┌──(root㉿NaruZKurai)-[~]
└─# mmls flag_drive.img
mmls flag_drive.img
DOS Partition Table
Offset Sector: 0
Units are in 512-byte sectors
Slot Start End Length Description
000: Meta 0000000000 0000000000 0000000001 Primary Table (#0)
001: ------- 0000000000 0000002047 0000002048 Unallocated
002: 000:000 0000002048 0000206847 0000204800 Linux (0x83)
003: 000:001 0000206848 0000411647 0000204800 Linux Swap / Solaris x86 (0x82)
004: 000:002 0000411648 0000819199 0000407552 Linux (0x83)
┌──(root㉿NaruZKurai)-[~]
└─#
sudo mkdir /mnt/flag_drive
sudo mount -o loop,offset=$((2048*512)) flag_drive.img /mnt/flag_drive #Linux (0x83) is after offset 2047 *512 bytes so 2048
sudo mount -t proc /proc /mnt/flag_drive/proc
sudo mount -o bind /sys /mnt/flag_drive/sys
sudo mount -o bind /dev /mnt/flag_drive/dev
sudo chroot /mnt/flag_drive #possibly need to add /bin/bash or /bin/sh or depending on the operating system fish or ash or whatever else that system uses. look in /bin/ to see what shell it uses
#and just coz im hella forgetfull
find / -type f -name "*words*" 2>/dev/null
#im serious super forgetfull
grep -R "picoCTF{" / 2>/dev/null