Skip to content
/ CTF-Compendium Public
forked from UMassCybersecurity/CTF-Compendium

A list of techniques and resources compiled by the UMass Pentest Club meant to serve as lookup table to solutions of CTF problems.

0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mathewjhan/CTF-Compendium

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
README.md
README.md
 
 

Repository files navigation

CTF-Compendium

Overview

A list of techniques and resources compiled by the UMass Pentest Club meant to serve as lookup table to solutions of CTF problems.

General Resources

  • Awesome-CTF

    • A curated list of CTF frameworks, libraries, resources, softwares and tutorials.

  • ctf-tools

    • A collection of setup scripts to install security research tools.

Cryptography

  • Caesar Cipher

    The most well known subsitution cipher. It is a type of substitution cipher in which each letter in the plaintext is 'shifted' a certain number of places down the alphabet. For example, with a shift of 1, A would be replaced by B, B would become C, and so on.

    Beware! Sometimes the alphabet used is more than just the 26 characters and can use custom character sets like all 255 ASCII characters.

  • Subsitution Cipher

    General subsitution ciphers are often hard to crack by hand. If your cipher text is letters only, you can use the tool quipqiup to try and solve them. If this can't solve it, it may not be a subsitution cipher.

  • Symmetric encryption

    For a stream cipher (ChaCha20 or AES-CTR), the keystream can be obtained by XORing the plaintext and the ciphertext. If nonces are reused, then this keystream can be used for message forgery. AES-GCM is also extremely fragile in this way. // TODO describe ECB-oracle attack

  • RSA

    Classic RSA

    //TODO Add factoring websites to help solve for p and q

    RSA (Rivest–Shamir–Adleman) is one of the first public-key cryptosystems and is widely used for secure data transmission.

    N is a modulus used in the private and public key, and is calculated by the product of two large primes, p and q. The security of RSA is dependent on the fact that N is often hard to.

     N = p * q

    Compute λ(n), where λ(n) is the Totient Function. In classical RSA, this equals the product of one less of the primes p and q.

     phi(n) = (p-1) * (q-1)

    Choose a value e, between 1 and λ(n), such that e and λ(n) are coprime.

    Often the plain text will be changed into it's ascii values, and then transformed into one decimal integer for the equation.

    Encrypt the plaintext by raising it's decimal value, m to the power e, then apply mod N to the result.

     c = (m^e) % N

    To decrypt the ciphertext, you must first calculate d. d is the modular multiplicative inverse of e mod λ(n).

     d = e mod^-1 λ(n)

    After obtaining d, raise c to the power of d mod N to get the original message.

     m = (c^d) mod N

    Small E Attack

    If e is a small number, usually 3 but it can be more, the cryptosystem may be vunerable to a small e attack. This is where c to the power e is less than N, allowing you to simply inverse the exponent for the plaintext.

     m = log(c, e) #First argument is the number, second is the baseß

    Chinese Reainder Theorm

    //TODO

    MultiPrime RSA

    //TODO

    LSB Oracle Attack

    //TODO

Web

  • General Tactics

    Web exploits are usually able to be classified into three categories

    • Authentication

    • Session Management

    • Access Control

  • robots.txt

    When given a website, always check for a robots.txt file at the index. You may never know what will be hidden there.

  • SQL Injections

    Classic SQL Injection

    Often when parsing user input in SQL, the request formed will be something along the lines of:

     SELECT author,title,year FROM books WHERE publisher = ‘O’Reilly’ and published=1

    If the parsing of input is done incorrectly, you can use a ' in a input field and break out of the statement to inject your own code.

    Often an injection will be something along the lines of

     admin' OR 1=1--
 OR 1=1--

  • JSON Web Tokens (JWT)

    //TODO

    Tool: jwt_tool

  • Tools

    • Requests

      • Python library used to create http requests, very useful for challenges

    • Curl

      • Terminal based tool to transfer data with URLs

    • Burpsuite

      • Modern tool for analyzing web applications

    • EditThisCookie

      • Open-source web browser extension for editing cookies

    • DirBuster

      • Multi-threaded java application that can use wordlists/brute force to find directories and files on web servers

Forensics

  • Least Significant Bit

    //TODO

  • Tools

    • stegsolve

      • Image steganography tool.

    • Sonic Visualizer

      • Audio file analysis tool that can be used to extract and visualize data.

    • binwalk

      • Analyze file formats and extract hidden file formats inside.

Reversing

  • Tools

    • Ghidra

      • A powerful open-source reverse engineering tool developed by the NSA.

Binary Exploitation

  • Resources

    • LiveOverflow's Youtube channel

      • Very detailed youtube videos that thoroughly teach and explain many common binary exploitation methods. Heavily recommended especially if you are new to binary exploitation.

About

A list of techniques and resources compiled by the UMass Pentest Club meant to serve as lookup table to solutions of CTF problems.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published