├── .gitignore ├── LICENSE ├── README.md ├── tools ├── README.md ├── bash │ └── README.md ├── file │ └── README.md ├── hex-editor │ └── README.md └── terminal │ └── README.md └── topics ├── README.md ├── binary-exploitation ├── README.md └── buffer-overflow │ └── README.md ├── cryptography ├── README.md ├── base64 │ └── README.md ├── caesar-cipher │ └── README.md ├── md5 │ └── README.md ├── rsa │ └── README.md ├── sha1 │ └── README.md └── vigenere-cipher │ └── README.md ├── reversing └── README.md ├── steganography ├── README.md ├── file-in-image │ ├── README.md │ ├── ctfexample.jpg │ └── example.jpg └── invisible-text │ ├── README.md │ ├── ctf-example.png │ └── example.png └── web ├── README.md ├── http └── README.md ├── php └── README.md ├── sql-injections └── README.md └── xss └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | *.swp 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | CC0 1.0 Universal 2 | 3 | Statement of Purpose 4 | 5 | The laws of most jurisdictions throughout the world automatically confer 6 | exclusive Copyright and Related Rights (defined below) upon the creator and 7 | subsequent owner(s) (each and all, an "owner") of an original work of 8 | authorship and/or a database (each, a "Work"). 9 | 10 | Certain owners wish to permanently relinquish those rights to a Work for the 11 | purpose of contributing to a commons of creative, cultural and scientific 12 | works ("Commons") that the public can reliably and without fear of later 13 | claims of infringement build upon, modify, incorporate in other works, reuse 14 | and redistribute as freely as possible in any form whatsoever and for any 15 | purposes, including without limitation commercial purposes. These owners may 16 | contribute to the Commons to promote the ideal of a free culture and the 17 | further production of creative, cultural and scientific works, or to gain 18 | reputation or greater distribution for their Work in part through the use and 19 | efforts of others. 20 | 21 | For these and/or other purposes and motivations, and without any expectation 22 | of additional consideration or compensation, the person associating CC0 with a 23 | Work (the "Affirmer"), to the extent that he or she is an owner of Copyright 24 | and Related Rights in the Work, voluntarily elects to apply CC0 to the Work 25 | and publicly distribute the Work under its terms, with knowledge of his or her 26 | Copyright and Related Rights in the Work and the meaning and intended legal 27 | effect of CC0 on those rights. 28 | 29 | 1. Copyright and Related Rights. A Work made available under CC0 may be 30 | protected by copyright and related or neighboring rights ("Copyright and 31 | Related Rights"). Copyright and Related Rights include, but are not limited 32 | to, the following: 33 | 34 | i. the right to reproduce, adapt, distribute, perform, display, communicate, 35 | and translate a Work; 36 | 37 | ii. moral rights retained by the original author(s) and/or performer(s); 38 | 39 | iii. publicity and privacy rights pertaining to a person's image or likeness 40 | depicted in a Work; 41 | 42 | iv. rights protecting against unfair competition in regards to a Work, 43 | subject to the limitations in paragraph 4(a), below; 44 | 45 | v. rights protecting the extraction, dissemination, use and reuse of data in 46 | a Work; 47 | 48 | vi. database rights (such as those arising under Directive 96/9/EC of the 49 | European Parliament and of the Council of 11 March 1996 on the legal 50 | protection of databases, and under any national implementation thereof, 51 | including any amended or successor version of such directive); and 52 | 53 | vii. other similar, equivalent or corresponding rights throughout the world 54 | based on applicable law or treaty, and any national implementations thereof. 55 | 56 | 2. Waiver. To the greatest extent permitted by, but not in contravention of, 57 | applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and 58 | unconditionally waives, abandons, and surrenders all of Affirmer's Copyright 59 | and Related Rights and associated claims and causes of action, whether now 60 | known or unknown (including existing as well as future claims and causes of 61 | action), in the Work (i) in all territories worldwide, (ii) for the maximum 62 | duration provided by applicable law or treaty (including future time 63 | extensions), (iii) in any current or future medium and for any number of 64 | copies, and (iv) for any purpose whatsoever, including without limitation 65 | commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes 66 | the Waiver for the benefit of each member of the public at large and to the 67 | detriment of Affirmer's heirs and successors, fully intending that such Waiver 68 | shall not be subject to revocation, rescission, cancellation, termination, or 69 | any other legal or equitable action to disrupt the quiet enjoyment of the Work 70 | by the public as contemplated by Affirmer's express Statement of Purpose. 71 | 72 | 3. Public License Fallback. Should any part of the Waiver for any reason be 73 | judged legally invalid or ineffective under applicable law, then the Waiver 74 | shall be preserved to the maximum extent permitted taking into account 75 | Affirmer's express Statement of Purpose. In addition, to the extent the Waiver 76 | is so judged Affirmer hereby grants to each affected person a royalty-free, 77 | non transferable, non sublicensable, non exclusive, irrevocable and 78 | unconditional license to exercise Affirmer's Copyright and Related Rights in 79 | the Work (i) in all territories worldwide, (ii) for the maximum duration 80 | provided by applicable law or treaty (including future time extensions), (iii) 81 | in any current or future medium and for any number of copies, and (iv) for any 82 | purpose whatsoever, including without limitation commercial, advertising or 83 | promotional purposes (the "License"). The License shall be deemed effective as 84 | of the date CC0 was applied by Affirmer to the Work. Should any part of the 85 | License for any reason be judged legally invalid or ineffective under 86 | applicable law, such partial invalidity or ineffectiveness shall not 87 | invalidate the remainder of the License, and in such case Affirmer hereby 88 | affirms that he or she will not (i) exercise any of his or her remaining 89 | Copyright and Related Rights in the Work or (ii) assert any associated claims 90 | and causes of action with respect to the Work, in either case contrary to 91 | Affirmer's express Statement of Purpose. 92 | 93 | 4. Limitations and Disclaimers. 94 | 95 | a. No trademark or patent rights held by Affirmer are waived, abandoned, 96 | surrendered, licensed or otherwise affected by this document. 97 | 98 | b. Affirmer offers the Work as-is and makes no representations or warranties 99 | of any kind concerning the Work, express, implied, statutory or otherwise, 100 | including without limitation warranties of title, merchantability, fitness 101 | for a particular purpose, non infringement, or the absence of latent or 102 | other defects, accuracy, or the present or absence of errors, whether or not 103 | discoverable, all to the greatest extent permissible under applicable law. 104 | 105 | c. Affirmer disclaims responsibility for clearing rights of other persons 106 | that may apply to the Work or any use thereof, including without limitation 107 | any person's Copyright and Related Rights in the Work. Further, Affirmer 108 | disclaims responsibility for obtaining any necessary consents, permissions 109 | or other rights required for any use of the Work. 110 | 111 | d. Affirmer understands and acknowledges that Creative Commons is not a 112 | party to this document and has no duty or obligation with respect to this 113 | CC0 or use of the Work. 114 | 115 | For more information, please see 116 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CTF Resources 2 | 3 | This repository aims to be an archive of information, tools, and references regarding CTF competitions. 4 | 5 | CTFs, especially for beginners, can be very daunting and almost impossible to approach. With some general overviews of common CTF topics and more in-depth research and explanation in specific technologies both beginners and veterans can learn, contribute, and collaborate to expand their knowledge. 6 | 7 | ## Quick Start 8 | 9 | 1. First time? [READ THIS!](http://trailofbits.github.io/ctf/) and then the section below. Once you understand the basics, use the resources in the [topics](./topics/) directory to try to solve challenges on websites like [OverTheWire](http://overthewire.org/wargames/) or [CanYouHack.it](https://www.wechall.net/site/details/65/CanYouHack.It). 10 | 11 | 2. Beginner? Use the guides found in the [topics](./topics/) directory to try to find out what type of challenges you are presented with and participate in some of the CTFs on [ctftime](https://ctftime.org/). 12 | 13 | 3. Intermediate? Navigate straight to the topic you are interested in to find extra online resources to help you solve more complex challenges. 14 | 15 | 4. Master? Help improve this repository! Have a new type of vulnerability you want to explain? Write about it and how to use it! Have a new tool people can use? Add it to the tools directory! 16 | 17 | ## What are CTFs? 18 | 19 | CTFs are computer security/hacking competitions which generally consist of participants breaking, investigating, reverse engineering and doing anything they can to reach the end goal, a "flag" which is usually found as a string of text. 20 | 21 | [DEF CON](http://en.wikipedia.org/wiki/DEF_CON) hosts what is the most widely known and first major CTF, occurring annually at the hacking conference in Las Vegas. Many different competitions have branched off since then, and numerous ones are available year round. One of the best places to see when CTFs are being scheduled is [CTFTime](https://ctftime.org/), an active website with calendars and team rankings. 22 | 23 | ### Example 24 | 25 | A very simple type of CTF challenge consists of looking at the source code of websites or programs to find flags and/or hints. For example, can you find the flag hidden on this page? 26 | 27 | 28 | 29 | ### Moving On 30 | 31 | You may be able to solve some CTF challenges after looking through the documents in this repository and understanding the basics of the technologies and subjects covered, but you won't be very proficient or successful for long. To be an adept CTF competitor you have to be able to combine many different strategies and tools to find the flag. Developing the ability to find flags quickly takes practice more than anything, and participating in numerous CTFs will allow you to expand your understanding and abilities, leading you to success. Spend some time on [CTFTime](https://ctftime.org/) working through CTFs to truly improve and learn. 32 | 33 | -------------------------------------------------------------------------------- /tools/README.md: -------------------------------------------------------------------------------- 1 | # Tools 2 | 3 | CTF tools are essential to the completion of tasks, and are extremely diverse, ranging from code debuggers and dissasemblers to image manipulators. Tools allow tedious processes to be done quickly and often make challenges much easier to solve. 4 | 5 | ## Operating Systems 6 | 7 | The operating system that you choose to use will not hinder your ability to solve CTF challenges, but can affect your speed and access to tools. Each of the three major consumer operating systems have their benefits and downsides, and it is up to you to decide which one you wish to use. Many people decide to either dual boot different operating systems or run them in virtual boxes, giving them maximum flexibility. 8 | 9 | ### Windows 10 | 11 | Microsoft Windows is still the most prolific operating system in the world, and the majority of all computers come pre-installed with it. The fact that it is based off of MS-DOS and does not run the Unix shell like Linux and OSX limits it's command line abilities, but it makes up for it in large, comprehensive software packages. For example IDA, likely the best dissasembling program, is best used in Windows and is utilized in almost every CTF. Windows is a good option if you are willing to give up simple command line tools and scripts for large, thorough software packages which are often pricey and/or proprietary. 12 | 13 | ### Mac 14 | 15 | Mac is a very versatile operating system for CTFs, as it can run almost any Linux command-line program while still having nice software packages for general use. It is typically seen as the cleanest and nicest operating system to work with, but at times has limited software options and tools. If you have already shelled out money for a mac, you are well prepared and will be able to run the majority of programs necessary on it. 16 | 17 | ### Linux 18 | 19 | Linux is typically seen as the 'hacking' operating system, and it is very often used in such context. It has the largest base of open source software and tools, and is based off of the versatile bash command line. If you are comfortable using the command line and want the versatility of quickly writing up scripts and using well-tested tools, Linux is a very good option. 20 | 21 | ## Getting Started 22 | 23 | * Linux/Mac - If you want to get started using Linux or Mac and have not had much experience with them, you want to get acquainted with the command line. The majority of these operating system's benefits stem from their command line tools, so once you have a solid basis in Bash you will be able to get started on tasks quickly. 24 | 25 | * Windows - As stated before, Windows is based heavily on large software tools, so it would be best to get acquainted with some of its core computer security software like IDA. 26 | -------------------------------------------------------------------------------- /tools/bash/README.md: -------------------------------------------------------------------------------- 1 | # Bourne-again Shell 2 | 3 | Bash is the most common and prolific unix shell, and is now shipped by default on almost all Linux distributions and OSX 4 | -------------------------------------------------------------------------------- /tools/file/README.md: -------------------------------------------------------------------------------- 1 | # File command 2 | 3 | `file` returns the detected type of a file. 4 | 5 | # Use 6 | 7 | Pass any file as a parameter for `file` to get the filetype 8 | 9 | ``` 10 | $ file file.c 11 | file.c: C program text 12 | ``` 13 | 14 | # More 15 | 16 | * `man file` 17 | 18 | * [file](https://en.wikipedia.org/wiki/File_command) 19 | -------------------------------------------------------------------------------- /tools/hex-editor/README.md: -------------------------------------------------------------------------------- 1 | # Hex Editor 2 | 3 | > With a hex editor, a user can see or edit the raw and exact contents of a file, as opposed to the interpretation of the same content that other, higher level application software may associate with the file format. For example, this could be raw image data, in contrast to the way image editing software would interpret and show the same file. - [Wikipedia](http://en.wikipedia.org/wiki/Hex_editor) 4 | 5 | In CTF challenge tasks, hex editors have many use cases - like Steganography, Reverse Engineering. 6 | 7 | ## Linux / OSX 8 | 9 | Most people seem to prefer [xxd](http://linuxcommand.org/man_pages/xxd1.html), as it is fairly simple to use, and you don't have to leave your terminal console. 10 | 11 | Sample output: 12 | 13 | ``` 14 | $ xxd isengard2 | head 15 | 00000000: 7f45 4c46 0201 0100 0000 0000 0000 0000 .ELF............ 16 | 00000010: 0300 3e00 0100 0000 380f 0000 0000 0000 ..>.....8....... 17 | 00000020: 4000 0000 0000 0000 0000 0000 0000 0000 @............... 18 | 00000030: 0000 0000 4000 3800 0300 4000 0000 0000 ....@.8...@..... 19 | 00000040: 0100 0000 0500 0000 0000 0000 0000 0000 ................ 20 | 00000050: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 21 | 00000060: 2b18 0000 0000 0000 2b18 0000 0000 0000 +.......+....... 22 | 00000070: 0000 2000 0000 0000 0100 0000 0600 0000 .. ............. 23 | 00000080: 0000 0000 0000 0000 0020 0000 0000 0000 ......... ...... 24 | 00000090: 0020 0000 0000 0000 0000 0000 0000 0000 . .............. 25 | ``` 26 | 27 | There is also [hexdump](http://man7.org/linux/man-pages/man1/hexdump.1.html), which is shipped by default. 28 | 29 | Sample output: 30 | 31 | ``` 32 | $ hexdump isengard2 | head 33 | 0000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 34 | 0000010 03 00 3e 00 01 00 00 00 38 0f 00 00 00 00 00 00 35 | 0000020 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 | 0000030 00 00 00 00 40 00 38 00 03 00 40 00 00 00 00 00 37 | 0000040 01 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 38 | 0000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 39 | 0000060 2b 18 00 00 00 00 00 00 2b 18 00 00 00 00 00 00 40 | 0000070 00 00 20 00 00 00 00 00 01 00 00 00 06 00 00 00 41 | 0000080 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 00 42 | 0000090 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 | ``` 44 | 45 | In case you are interested in a GUI based application - try [wxHexEditor](http://sourceforge.net/projects/wxhexeditor/). It is cross-platform so you can use the same setup over multiple OSes. 46 | 47 | Another excellent alternative is [010 Editor](https://www.sweetscape.com/010editor), by SweetScape Software. 48 | 49 | ## Windows 50 | 51 | There is a port of xxd for Win32 available in this [package](http://www.weihenstephan.de/~syring/win32/UnxUtilsDist.html). 52 | 53 | [HxD](http://mh-nexus.de/en/hxd/) is a nice GUI based editor. 54 | 55 | ## References 56 | 57 | [Comparison of Hex Editors](http://en.wikipedia.org/wiki/Comparison_of_hex_editors) 58 | -------------------------------------------------------------------------------- /tools/terminal/README.md: -------------------------------------------------------------------------------- 1 | # Terminal 2 | 3 | A terminal is the window where you can access multiple command-line interfaces, from the typical Bash shell to Python interpreter. Which emulator you choose is not very pertinent to CTFs, but if you are on windows you will have to go out of your way to find one. 4 | 5 | ## Linux 6 | 7 | Luckily, all flavors of Linux and OSX come with a terminal built-in. It is usually found under applications and you can instantly access most command line tools from it. 8 | 9 | ## Windows 10 | 11 | Since Windows is not based off of the same system as Linux and Mac, it has to rely on emulators to run shell commands. There are quite a few emulators available for Windows, but one that is definitely worth checking out is [Cmder](http://bliker.github.io/cmder/). It is not an emulator per se but a package of useful 3rd party applications. [GnuWin32](http://gnuwin32.sourceforge.net/) is also a good option to get some of the most common and popular Linux commands on windows. 12 | 13 | ## References 14 | 15 | [List of terminal emulators](http://en.wikipedia.org/wiki/List_of_terminal_emulators) 16 | -------------------------------------------------------------------------------- /topics/README.md: -------------------------------------------------------------------------------- 1 | # Topics 2 | 3 | CTF challenges are usually categorized into one of these broad groups, and although at times they may be labeled, it is usually up to the competitor to find out what type of challenge it is. Here are some broad guidelines to finding out what type of challenge is presented: 4 | 5 | * Is the challenge given as a web link? If following the link does not download a file, the challenge is most likely a [web](./web/) one. 6 | 7 | * Is the file provided an image or music file? If so, the challenge is most likely a [steganography](./steganography/) one. 8 | 9 | * If the file is a jumbled text file, it is most likely a [cryptography](./cryptography/) challenge. 10 | 11 | * If the challenge provides C source code and an ELF file, it is most likely a [binary exploitation](./binary-exploitation) challenge. 12 | 13 | * If the file provided is not readily identifiable, the best tool to use is the [file](../tools/file/README.md) command, which tells you what type of file it is. 14 | 15 | * If the file output is PCAP or relating to packets or the web, the challenge is likely a [web](./web) one. 16 | 17 | * If the file output is an ELF file, it is most likely a [reversing](./reversing/) challenge. 18 | 19 | * If the file output is an executable, it is most likely a [reversing](./reversing/) challenge. 20 | 21 | * Last resort, google the output of the `file` command on the file 22 | -------------------------------------------------------------------------------- /topics/binary-exploitation/README.md: -------------------------------------------------------------------------------- 1 | # Binary Exploitation 2 | 3 | ## Quick Start 4 | * For C and C++ programs: 5 | * Does the program use functions like that do not check user input gets, strcpy, or sprintf? 6 | * If so, possible buffer overflow vulnerability! 7 | * Does the program use printf or snprintf without using a format specifier? 8 | * If so, possible format string vulnerability! 9 | 10 | ## About 11 | > Binary exploitation is the process of identifying and taking advantage of 12 | > vulnerabilities in compiled code. They can be used to read or corrupt memory, 13 | > crash a program, or gain administrative access to a machine. 14 | > In CTFs, the source code is usually written in C and the binaries, or 15 | > executables, are in Linux ELF format. 16 | 17 | ## Examples 18 | Example of a buffer overflow vulnerability: 19 | ```c 20 | char buffer[32]; 21 | gets(buffer); // what if 32 or more bytes are entered? 22 | 23 | ``` 24 | 25 | Example of a format string vulnerability: 26 | ```c 27 | printf(argv[1]); // what happens if argv[1] = "%p %p %p %p"? 28 | ``` 29 | 30 | ## Sources 31 | [CTF 101 - Binary Exploitation](https://ctf101.org/binary-exploitation/overview/) 32 | 33 | 34 | [Trial of Bits - Exploiting Binaries 1](https://trailofbits.github.io/ctf/exploits/binary1.html) 35 | -------------------------------------------------------------------------------- /topics/binary-exploitation/buffer-overflow/README.md: -------------------------------------------------------------------------------- 1 | # Buffer Overflow 2 | A buffer overflow occurs when a buffer (i.e., an array) is filled with more data 3 | than it can hold. The excess bytes of data are written directly into memory, 4 | often causing a [segfault](https://en.wikipedia.org/wiki/Segmentation_fault) and crashing the program. 5 | 6 | 7 | Vulnerable programs can be explioted to redirect the instruction pointer to 8 | point to malicious code or [shell 9 | code](https://en.wikipedia.org/wiki/Shellcode). 10 | 11 | 12 | Buffer overflows are common in compiled langauges like C and C++, where array 13 | boundaries are not checked. 14 | 15 | ## Vulnerable Functions 16 | The table below shows several C and C++ functions vulnerable to buffer overflows 17 | and their safe alternative: 18 | 19 | | Vulnerable | Safe | 20 | | ------------- | ------------- | 21 | | strcpy | strncpy | 22 | | strcat | strncat | 23 | | sprintf | snprintf | 24 | | gets | fgets | 25 | 26 | 27 | ## Real World Examples 28 | Real world examples of buffer overflow exploits: 29 | * [Morris Worm](https://en.wikipedia.org/wiki/Morris_worm) 30 | * [Code Red Worm](https://en.wikipedia.org/wiki/Code_Red_worm) 31 | * [Twilight Princess Exploit](https://en.wikipedia.org/wiki/The_Legend_of_Zelda:_Twilight_Princess#Technical_issues) 32 | 33 | 34 | ## More 35 | [CTF 101 - Binary Exploitation](https://ctf101.org/binary-exploitation/buffer-overflow/) 36 | [Wikipedia](https://en.wikipedia.org/wiki/Buffer_overflow) 37 | -------------------------------------------------------------------------------- /topics/cryptography/README.md: -------------------------------------------------------------------------------- 1 | # Cryptography 2 | 3 | ## Quick Start 4 | 5 | * Is the text relatively small? a few sentences? 6 | 7 | * Is the text 32 characters long? Most likely an [md5](./md5/) hash 8 | 9 | * 40 characters long? Most likely a [SHA1](./sha1/) hash 10 | 11 | * Are there equal signs spread out through the text, often next to each other? Probably a [base64](./base64/) encoded string 12 | 13 | * Is the text only letters, without numbers or special characters? 14 | 15 | * Check if it is a [Caesar](./caesar-cipher/), [Vigenere](./vigenere-cipher/), or other type of cipher 16 | 17 | * Rarely, it may be a keyboard map as found in the [Olympic CTF 2014](https://github.com/ctfs/write-ups/tree/master/olympic-ctf-2014/crypting) 18 | 19 | * Any hints about keys? signing? most likely [RSA](./rsa/) 20 | 21 | 22 | ## About 23 | 24 | > Cryptography is the practice and study of techniques for secure communication in the presence of third parties. - [Wikipedia](http://en.wikipedia.org/wiki/Cryptography) 25 | 26 | In the case of CTFs, the goal is usually to crack or clone cryptographic objects or algorithms to reach the flag. 27 | 28 | ### Example 29 | 30 | If you look around the folders in this page you should be able to find a suitable way to solve this simple cipher: 31 | 32 | ``` 33 | Hint: Julius Caesar's favorite cipher 34 | 35 | kxn iye lbedec 36 | ``` 37 | 38 | ## Sources/See More 39 | 40 | [Introduction to Cryptography](http://www.cs.umd.edu/~waa/414-F11/IntroToCrypto.pdf) 41 | -------------------------------------------------------------------------------- /topics/cryptography/base64/README.md: -------------------------------------------------------------------------------- 1 | # Base64 Encoding 2 | 3 | Base64 encoding is a way to represent binary data as text. 4 | 5 | ## Use 6 | 7 | * Encode: 8 | 9 | * The [base64](http://linux.die.net/man/1/base64) command line program 10 | 11 | * Decode: 12 | 13 | * Online [here](http://www.base64decode.org/) 14 | 15 | * The [base64](http://linux.die.net/man/1/base64) command line program 16 | 17 | ## More 18 | 19 | [Base64](https://en.wikipedia.org/wiki/Base64) 20 | 21 | -------------------------------------------------------------------------------- /topics/cryptography/caesar-cipher/README.md: -------------------------------------------------------------------------------- 1 | # Caesar Cipher 2 | 3 | The Caesar Cipher is a very simple and common encryption method which shifts a string of letters a certain number of positions up or down the alphabet. 4 | 5 | ## Use 6 | 7 | * Create: 8 | 9 | * Online [here](http://tools.zenverse.net/caesar-cipher/) 10 | 11 | * [Python script](http://www.stealthcopter.com/blog/2009/12/python-cryptography-caesar-shift-encryption-shift-cipher/) 12 | 13 | * Crack: 14 | 15 | * Online [here](http://tools.zenverse.net/caesar-cipher/) 16 | 17 | * [Bash script](http://www.linux-support.com/cms/chris-lamb-decrypting-the-caesar-cipher-using-shell/) 18 | 19 | ## More 20 | 21 | [Caesar Cipher](https://en.wikipedia.org/wiki/Caesar_cipher) 22 | -------------------------------------------------------------------------------- /topics/cryptography/md5/README.md: -------------------------------------------------------------------------------- 1 | # MD5 Hashing 2 | 3 | MD5 is a hashing function which creates a 16-byte hash value (usually represented as a 32 digit hexadecimal number) from any file. 4 | 5 | # Use 6 | 7 | * Create a hash: 8 | 9 | * Online [here](http://www.md5-creator.com/) 10 | 11 | * The [md5sum](https://en.wikipedia.org/wiki/Md5sum) command line program 12 | 13 | * Crack a hash: 14 | 15 | * Online [here](http://www.md5decrypter.co.uk/) 16 | 17 | ## More 18 | 19 | [MD5](https://en.wikipedia.org/wiki/Md5) 20 | -------------------------------------------------------------------------------- /topics/cryptography/rsa/README.md: -------------------------------------------------------------------------------- 1 | # RSA 2 | 3 | RSA is a public-key cryptosystem which uses a public-private key pair to encrypt and decrypt information securely. 4 | 5 | ## Use 6 | 7 | * RSA library in [python](https://pypi.python.org/pypi/rsa) with easy to use [docs](http://stuvel.eu/files/python-rsa-doc/usage.html) 8 | 9 | * [Thorough explanation](http://www.muppetlabs.com/~breadbox/txt/rsa.html) of RSA with a [simple crack example](http://www.muppetlabs.com/~breadbox/txt/rsa.html#13) 10 | 11 | ## More 12 | 13 | [RSA](https://en.wikipedia.org/wiki/RSA_algorithm) 14 | -------------------------------------------------------------------------------- /topics/cryptography/sha1/README.md: -------------------------------------------------------------------------------- 1 | # SHA1 Hash 2 | 3 | SHA1 is a hash function which creates a 20-byte hash value (usually represented by a 40 digit hexadecimal number) from any file. 4 | 5 | ## Use 6 | 7 | * Create a hash: 8 | 9 | * Online [here](http://ratfactor.com/sha1) 10 | 11 | * The [sha1sum](https://en.wikipedia.org/wiki/Sha1sum) command line program 12 | 13 | * Crack a hash: 14 | 15 | * Online [here](http://www.stringfunction.com/sha1-decrypter.html) 16 | 17 | ## More 18 | 19 | [SHA1](https://en.wikipedia.org/wiki/Sha1) 20 | -------------------------------------------------------------------------------- /topics/cryptography/vigenere-cipher/README.md: -------------------------------------------------------------------------------- 1 | # Vigenère Cipher 2 | 3 | The Vigenère Cipher is an encrypting method which uses a series of different Caesar ciphers based on the letters of a keyword. It was first developed in the mid-16th century, and has ever since been popular in the cryptography and code-breaking community. It was considered unbreakable until 1863, when Friedrich Kasiski published the first successful generic attack method of the cipher (although Charles Babbage probably managed to break it earlier, but didn't explain his method). 4 | 5 | Several variants of the Vigenère Cipher exists, for example the Beaufort Cipher and the Gronsfeld Cipher. More recent ciphers, like the Enigma or the M-209 cipher machine, were also built on the same principles (polyalphabetic substitution ciphers). 6 | 7 | ## Use 8 | 9 | * Create: 10 | 11 | * Online [here](http://sharkysoft.com/vigenere/) 12 | 13 | * Crack: 14 | 15 | * Online [here](http://smurfoncrack.com/pygenere/index.php) 16 | 17 | ## Sources/See More 18 | 19 | * [Boxentriq](https://www.boxentriq.com/code-breaking/vigenere-cipher) - easy to use cracker and information about Vigenère Cipher (including variants such as Beaufort, Gronsfeld, etc) 20 | 21 | * [Online Vigenère cracker](http://www.mygeocachingprofile.com/codebreaker.vigenerecipher.aspx) 22 | 23 | 24 | -------------------------------------------------------------------------------- /topics/reversing/README.md: -------------------------------------------------------------------------------- 1 | # Reversing 2 | 3 | ## Quick Start 4 | 5 | *To-do* 6 | 7 | ## About 8 | 9 | Reversing in the context of CTFs is usually the reverse engineering of software (executables/bin files) into assembly code and at times the original source code to understand what is happening in a program, break a program (e.g. buffer overflows), or to decrypt encryptions done by a program. Challenges related to reversing are usually not as easy to pick up on as others, and require a lot of diligence and learning to truly understand and be able to tackle. 10 | 11 | ## Getting Started 12 | 13 | * [Reverse Engineering for Beginners](https://mirrors.ocf.berkeley.edu/parrot/misc/openbooks/programming/ReverseEngineeringForBeginners.en.pdf) - an extremely well-written and verbose free book which explains multiple CPU instruction sets and methods for writing and understanding them. 14 | 15 | ## Tools 16 | 17 | * gdb: Basic debugger (+gef/peda) 18 | 19 | * objdump: Very basic disassembler 20 | 21 | * ghidra: Sophisticated disassembler that can also decompile code ([link](https://ghidra-sre.org/)) 22 | -------------------------------------------------------------------------------- /topics/steganography/README.md: -------------------------------------------------------------------------------- 1 | # Steganography 2 | 3 | ## Quick Start 4 | 5 | * If the file is an image, see [File in an Image](./file-in-image/) or [Hidden Text](./invisible-text/) 6 | 7 | ## About 8 | 9 | Steganography involves concealing a message, image, or file within anotVher message, image, or file. 10 | 11 | In the context of CTFs steganography usually involves finding the hints or flags that have been hidden with steganography. Most commonly a media file will be given as a task with no further instructions, and the participants have to be able to uncover the message that has been encoded in the media. 12 | 13 | ## More 14 | 15 | [Steganography](http://en.wikipedia.org/wiki/Steganography) 16 | -------------------------------------------------------------------------------- /topics/steganography/file-in-image/README.md: -------------------------------------------------------------------------------- 1 | # Hiding a file in an image 2 | 3 | One of the most common steganography tricks is to hide a file inside of an image. The file will open normally as an image but will also hold hidden files inside, commonly zip, text, and even other image files. 4 | 5 | The reason this works is because when an image file is read it has starting and ending bytes dictating the size of the image. The image viewer that you use will use the information between these bytes to present an image to you, ignoring anything after the terminating byte. 6 | 7 | For example, The terminating byte for a JPEG is FF D9 in hex, so using a hex viewer ([xxd](http://linuxcommand.org/man_pages/xxd1.html) is good for linux, or something like [HxD](http://mh-nexus.de/en/hxd/) for windows) you can find out where the image finishes. These bytes are sometimes hard to find in a sea of numbers though, so looking at the dump of the hex (the text representing the hex bytes) can also help you find hidden .txt or .zip files. 8 | 9 | ### Example 10 | 11 | A very simple implementation of this strategy is used in the [example.jpg](example.jpg) file in this directory. If you save it to your computer and open it up with an image viewer, you should be presented with a simple jpg image. 12 | 13 | Now lets try to find the flag. Open up the image in your favorite hex editor and start looking around for something odd (You may find the flag itself from the dump at this point, but for the sake of example try extracting it). Near the bottom of the file you should see the terminating byte of a jpg `ffd9`: 14 | 15 | `01e17a0: 685c 7fab 8eb4 5b32 61f1 c4ff d950 4b03 h\....[2a....PK.` 16 | 17 | Another important part of this line is the `PK` near the end. `PK` are the initials of Phil Katz, the inventor of the zip file, and indicate that a zip file starts at that point. 18 | 19 | Using this information we can use another handy linux tool, [`dd`](http://en.wikipedia.org/wiki/Dd_(Unix)). The `dd` command is very versatile and allows for the copying and converting of a multitude of files. In our case, we are going to be using it to extract the zip file. 20 | 21 | We know where the location of the zip file is, but `dd` only takes decimal values, so we convert the hexadecimal location 0x01e17ad from hex to decimal to get 1972141. 22 | 23 | Pluging this into dd: 24 | 25 | `dd if=example.jpg bs=1 skip=1972141 of=foo.zip` 26 | 27 | This takes in the image example.jpg, the 'in file' if, reads one block at a time, 'block size' bs, skips to block 1972141, skip, and writes it to the 'out file' zip we call foo.zip. When this completes you should have a zip file you can easily unzip to access the text file inside. 28 | 29 | This is the long way of solving a simple steganography problem but shows how the strategy works. In the Solving section more concise and efficient methods are described. 30 | 31 | ## Detecting 32 | 33 | These challenges are usually presented as a simple picture with no other instructions, and it is up to the competitor to run it through a hex editor to find out if it involves steganography. If you are presented with an image and no instructions, your safest bet is that is has something hidden after the closing tags of the image. 34 | 35 | ## Solving 36 | 37 | Although it is possible and at times practical to solve these tasks using linux tools like `dd`, there are some tools that make it much easier. [`Binwalk`](http://binwalk.org/) is an immensely useful tool which automatically detects and extracts files hidden with steganography tools 38 | 39 | ## CTF Example 40 | 41 | Steganography of this type is usually not scored very highly but is decently widespread. BackdoorCTF 2014 created one which is generally straightforward, [ctfexample.jpg](ctfexample.jpg), but involves multiple layers. 42 | 43 | ## Sources/See More 44 | 45 | [XXD](http://linuxcommand.org/man_pages/xxd1.html) 46 | 47 | [HxD](http://mh-nexus.de/en/hxd/) 48 | 49 | [DD](https://en.wikipedia.org/wiki/Dd_%28Unix%29) 50 | 51 | [Binwalk](http://binwalk.org/) 52 | -------------------------------------------------------------------------------- /topics/steganography/file-in-image/ctfexample.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ctfs/resources/68c4287943f5714ae86fff4af714d1a493175181/topics/steganography/file-in-image/ctfexample.jpg -------------------------------------------------------------------------------- /topics/steganography/file-in-image/example.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ctfs/resources/68c4287943f5714ae86fff4af714d1a493175181/topics/steganography/file-in-image/example.jpg -------------------------------------------------------------------------------- /topics/steganography/invisible-text/README.md: -------------------------------------------------------------------------------- 1 | # Hidden Text in Images 2 | 3 | Text can be hidden by making it nearly invisible (turning down it's opacity to below 5%) or using certain colors and filters on it. Although the text is indiscernible to the naked eye, it is still there, and there are a variety of tools which allow the text to be extracted. 4 | 5 | ## Use 6 | 7 | * Create 8 | 9 | * Watermark example [in GIMP](http://www.wikihow.com/Create-Hidden-Watermarks-in-GIMP) 10 | 11 | * Find 12 | 13 | * [GIMP](http://www.gimp.org/) or [Photoshop](http://www.photoshop.com/) can be used to uncover the flag by using different filters and color ranges, as shown in the same [watermark guide](http://www.wikihow.com/Create-Hidden-Watermarks-in-GIMP) as above. 14 | 15 | * [Stegsolve](https://www.wechall.net/forum/show/thread/527/Stegsolve_1.3/page-1) is an immensely useful program for many steganography challenges, allowing you to go through dozens of filters to try to uncover hidden text. 16 | 17 | * There are many scripts that have been written to substitute certain colors and make hidden the text legible, for example [this](http://pastebin.com/46VmzrRU) Ruby script highlights colors passed to it in the image. 18 | 19 | ## More 20 | 21 | 22 | -------------------------------------------------------------------------------- /topics/steganography/invisible-text/ctf-example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ctfs/resources/68c4287943f5714ae86fff4af714d1a493175181/topics/steganography/invisible-text/ctf-example.png -------------------------------------------------------------------------------- /topics/steganography/invisible-text/example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ctfs/resources/68c4287943f5714ae86fff4af714d1a493175181/topics/steganography/invisible-text/example.png -------------------------------------------------------------------------------- /topics/web/README.md: -------------------------------------------------------------------------------- 1 | # Web 2 | 3 | ## Quick Start 4 | 5 | * Login field/text input a central part of website? Two major possible options: 6 | 7 | * If a databse is involved, likely a [SQL injection](./sql-injections/) 8 | 9 | * If the input is used in the website, possible [XSS vulnerability](./xss/) 10 | 11 | 12 | ## About 13 | 14 | Web challenges in CTF competitions usually involve the use of HTTP (or similar protocols) and technologies involved in information transfer and display over the internet like PHP, CMS's (e.g. Django), SQL, Javascript, and more. There are many tools used to access and interact with the web tasks, and choosing the right one is a major facet of the challenges. Although web browsers are the most common and well known way of interacting with the internet, tools like `curl` and `nc` allow for extra options and parameters to be passed and utilized. 15 | 16 | ## More 17 | 18 | [Internet Security](https://en.wikipedia.org/wiki/Internet_security) 19 | -------------------------------------------------------------------------------- /topics/web/http/README.md: -------------------------------------------------------------------------------- 1 | # HTTP (Hypertext Transfer Protocol) -------------------------------------------------------------------------------- /topics/web/php/README.md: -------------------------------------------------------------------------------- 1 | # PHP 2 | 3 | PHP is [a server-side scripting language designed for web development](http://en.wikipedia.org/wiki/PHP). 4 | 5 | ## More 6 | 7 | [PHP](http://en.wikipedia.org/wiki/PHP) 8 | -------------------------------------------------------------------------------- /topics/web/sql-injections/README.md: -------------------------------------------------------------------------------- 1 | # SQL Injections 2 | 3 | ## Use 4 | 5 | * Learn: 6 | 7 | * Good [introduction and database](https://owasp.org/www-community/attacks/SQL_Injection) of SQL injections 8 | 9 | ## More 10 | 11 | [SQL Injection](https://en.wikipedia.org/wiki/SQL_injection) 12 | -------------------------------------------------------------------------------- /topics/web/xss/README.md: -------------------------------------------------------------------------------- 1 | # Cross-site Scripting 2 | 3 | Cross-site scripting (XSS) is a typical web vulnerability which allows attackers to inject their own client-side code into the website. 4 | 5 | ## Use 6 | 7 | * Learn: 8 | 9 | * Introduction by [Google](https://www.google.com/about/appsecurity/learning/xss/index.html) to the topic 10 | 11 | * Game by [Google](https://xss-game.appspot.com/) for fun and practice 12 | 13 | ## More 14 | 15 | [Cross-site scripting](https://en.wikipedia.org/wiki/Cross-site_scripting) 16 | --------------------------------------------------------------------------------