[toc]
CTF Framework, Save you time and exploit quickly
pwn docker
python3 start_docker.py 20.04
git clone https://github.com/r888800009/CTF-tool
cd CTF-tool
pdm install
$(pdm venv activate)
import r809pwn.lib
toolbox should run after apogiatzis/gdb-peda-pwndbg-gef
installed
python3 ./instal_gdb_toolbox.py
current toolbox include
fork is backup if original repo is deleted
there are some useful tools, but not include in this repo,
- symbolic execution
- SQLab/symgdb
- only support python2
- andreafioraldi/angrgdb
- crash on new version angr, because of
angr
api change
- crash on new version angr, because of
- SQLab/symgdb
- misc
- io12/pwninit: pwninit - automate starting binary exploit challenges
- it may be useful for finding unstrip binary, maybe
- io12/pwninit: pwninit - automate starting binary exploit challenges
We call binwalk on the backend
import r809firmware
r809firmware.list_file_system('~/firmware.img')
- docker
- pwntools
>>> r809web.mysql.concat('asd')
'concat(0x61,0x73,0x64)'
import r809web.hash_tools
use
hash_extractor(['sensitive.html', 'sensitive.txt'])
a tool extract all passable hash value from html or text file, after that can be cracked by rainbow table
md5
:[0-9a-f]{32}
ref:
a tool search hash on rainbow table online or local database
use
rainbow_table(['21232f297a57a5a743894a0e4a801fc3', 'ee11cbb19052e40b07aac0ca060c23ee'])
Output
['admin', 'user']
or
'could not find a hash in the databases'
test_pwn_heap_rwx.cpp
用來檢查 mappings- heap 能否執行和 kernel 版本有關聯
- 如果採用 docker 需要注意 host kernel
- Old Ubuntu Releases
./libc-extractor.sh 20.04
- format string leak analyser
- find Leak return address and %?$p location
- [ ]格式化字串攻擊 (Format String Attack) | r809's Notes
-
exploit.py
template - Predefined hook function for angr an triton
Todo
- Auto-gen payload reading
/proc/pid/*
pwn_docker/
./setup_docker.sh 20.04
Build docker
cd pwn_docker/
docker build . -t ctf_ubuntu1804 --target ctf
# only devtools
docker build . -t ubuntu1804 --target basic
docker build . -t ubuntu_latest --target basic --build-arg VERSION=latest
# ubuntu 20.04
docker build . -t ctf_ubuntu2004 --target ctf --build-arg VERSION=20.04
# latest
docker build . -t ctf_ubuntu_latest --target ctf --build-arg VERSION=latest
Run docker
docker run --rm -it ctf_ubuntu1804 /bin/bash
docker run --rm -it -v $(pwd):/work ctf_ubuntu_latest bash
check ubuntu version
docker run --rm -it ctf_ubuntu1804 cat /etc/os-release
docker run --rm -it ctf_ubuntu2004 cat /etc/os-release
docker run --rm -it ctf_ubuntu_latest cat /etc/os-release
Maybe need --cap-add=SYS_PTRACE