Skip to content
No description, website, or topics provided.
Python CSS TypeScript Shell JavaScript C HTML
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
angr
binary_analysis
exploits
misc
monitor_payload_client
monitor_payload_server
monitor_traffic
ssh
.DS_Store
.gitignore
README.md
requirements.txt

README.md

pctf

Get SSH Login Credentials

Example using in-class information:

python get_ssh.py -t 35.161.233.76 -u team1@example.com -p password

Installation

Install dependencies

pip install -r requirements.txt

Tools

  • manage_exploits.py - @kanak
    • Manage custom written exploits and ensure that they are used to exploit their specific services against each host, each tick, and then submit the retrieved flags.
    • Exploits are dynamically loaded in from exploits.py, which is where our custom exploits are generically written given a remote_connection and flag_id to return a flag, possibly using features from pwntools.
  • monitor_flag_traffic - @rang1, @tcrosenk, @mohseen
    • getPcap.bash Log all network traffic using tcpdump NOTE: should be run on the actual VM.
    • uploadPcap.bash Upload every pcap file generated by getPcap.bash. This should be run simultaneously with getPcap.bash (starting this script first). NOTE: should be run on the actual VM.
    • downloadPcap.bash This script will monitor this repository for any new changes (these changes should be from new pcap files being pushed). It will then pull and run the readPcap.py script on the newly pulled pcap file. NOTE: this should be run on a LOCAL machine.
    • readPcap.py Read packet captures, and log all tcp conversations in which a flag was sent out using scapy
    • Also stores tcp conversations in a database, not just files
    • Perform analysis on these conversations to identify those that are unique in order to quickly reverse engineer exploits sent at us.
  • analyze_service.py - @vc0622, @lzbaer, @eboderas
    • Analyze a service for potential vulnerabilities both statically and dynamically.
    • Statically report calls to unsafe system/library calls such as printf, strcpy, etc.
    • Dynamically try to determine unsafe code paths using angr and report them.
    • Produce a hardened service, if possible.
  • get_ssh.py - @kanak
    • Conveniently generate bash scripts that allow us to ssh into our game vm.

Related

  • angr python framework for analyzing binaries
  • pwntools CTF framework and exploit development library
  • scapy python framework for capturing and manipulating packets
  • reverse shell cheat sheet for possible command execution vulns
  • pypy python optimized for speed
You can’t perform that action at this time.