CTF guide (a)

Others 2019-09-28 09:08:45 views: null

ctf Preliminaries:

Video: https://www.bilibili.com/video/av62214776?from=search&seid=1436604431801225989

 

CTF game: "Capture the Flag Contest"

  Competitions:

    Mining vulnerabilities, exploits into the other computer, get key documents:

    /home/www/flag

    /home/www/flag

    ....

 

content:

  ctf online game:

    web binary Miscellaneous

  ctf Line game:

    mining and the use of web vulnerabilities - - - - -

    pwn vulnerability and exploit - - - - -

    Offensive and defensive style

 

 

Knowledge base:

  Exploit:

    Binary code - - - Trojans shellcode powershell

    python  pwntools

    web mechanism php js html

 

  web vulnerability mining capabilities:

      Code audit

    Debugging environment

  pwn Vulnerability Mining:

    Reverse analysis

    Linux system knowledge

    Scripting exploits

    Remote trigger vulnerability

  Server security operation and maintenance personnel

    shell

    python

    operation and maintenance of linux knowledge

  Traffic analysis capabilities

    Protocol Analysis

    ("cheat")

 

CTF game Artifact:

  Kali System:

    nmap - - - - - port scanning - - - - - - - - For example: nmap [ip / segment])

   139 443 445 514 912 .....

    searchsploit - - - - - - - Vulnerability query - - - - - - - - (for example: searchsploit [service / common port or has produced a vulnerability])

           - - - - - - - (example: 445 port: searchsploit smb) - - - - - - Display and exploit possible exploits - - - - - - - - - exploit Dictionary

    metasploit exploit framework - - - - - - - (start mode: msfconsole) - - - - - - (for example: use exploit / windows / smb / ms17_010_eternalblue (show view))

    sqlmap - - - - - - - - - sql injection batch scanning

    hydra - - - - - - - - ssh brute force

    burpsuite - - - - - - - - - sql injection batch scanning

  Vulnerability:

    pwn environment installation: pwntools

    Reverse: ida pro - - - - - - -kpathch plug (patch plug-in)

    gdb and plug-ins - - - - - - gef, gdb-peda, gdbdg, gdbsever

    notepad++

    ue

    winhex

  Traffic Analysis:

    wireshark

    pcap python lib

// The following video file to the teacher issue, has not identified relevant documents:

    Secret Weapon

  O & M:

    File monitoring arms

    Permissions retrieve weapons

    Trojan killing weapon

  Attack personnel:

    Batch framework attack

    Trojan: tly (Troy)

    kitchen knife

 

Guess you like

Origin www.cnblogs.com/yidianhan/p/11600856.html
Recommended
"U.S. Threats and Damage to Global Cyberspace Security and Development" report released
Ranking
[DP] expected [UVA1498] Activation
What is the ABAP Dynpro program
记录一下halcon例程报错和两个视觉库感兴趣区域绘制
characterReplacement-the longest repeated character after replacement
Target element by id somewhere within an element targeted by id
Test classification
NOI 8780 interceptor missile linear dp
Equipment inspection management wants to fine, light streams Weapon children
sql packet takes the value of the most
Computer java project recommendation SSM (Spring+SpringMVC+MyBatis) takeaway ordering management system
Daily
More
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)

Code World

© 2018 codetd.com