diff --git a/README.md b/README.md index 218823f..202bbc9 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,20 @@ # CTF-Compendium -> UMass Pentest Club +## Overview ---- +A list of techniques and resources compiled by the UMass Pentest Club meant to serve as lookup table to solutions of CTF problems. -A list of CTF problems, techniques and guides mean to be a lookup table to possible solutions of CTF problems +## General Resources -## **Cryptography** +* [Awesome-CTF](https://github.com/apsdehal/awesome-ctf) + - A curated list of CTF frameworks, libraries, resources, softwares and tutorials. + +* [ctf-tools](https://github.com/zardus/ctf-tools) + + - A collection of setup scripts to install security research tools. + +## Cryptography * Caesar Cipher @@ -86,9 +93,9 @@ A list of CTF problems, techniques and guides mean to be a lookup table to possi //TODO -## **Web** +## Web -* General Tatics +* General Tactics Web exploits are usually able to be classified into three categories @@ -98,11 +105,36 @@ A list of CTF problems, techniques and guides mean to be a lookup table to possi - Access Control -* Robots.txt +* `robots.txt` + + When given a website, always check for a `robots.txt` file at the index. You may never know what will be hidden there. + +* SQL Injections - When given a website, always check for a /robots.txt file at the root link. You may never know what will be hidden there. + **Classic SQL Injection** + + Often when parsing user input in SQL, the request formed will be something along the lines of: + + ``` + SELECT author,title,year FROM books WHERE publisher = ‘O’Reilly’ and published=1 + ``` + + If the parsing of input is done incorrectly, you can use a ``` ' ``` in a input field and break out of the statement to inject your own code. + + Often an injection will be something along the lines of + + ``` + admin' OR 1=1-- + OR 1=1-- + ``` + +* JSON Web Tokens (JWT) -* Classic Tools + //TODO + + Tool: [jwt_tool](https://github.com/ticarpi/jwt_tool) + +* Tools * [Requests](https://pypi.org/project/requests/2.7.0/) @@ -114,42 +146,50 @@ A list of CTF problems, techniques and guides mean to be a lookup table to possi * [Burpsuite](https://portswigger.net/burp) - - Modern tool for analyzing web applications. + - Modern tool for analyzing web applications * [EditThisCookie](http://www.editthiscookie.com/) - - Open-source web browser extension for editing cookies. + - Open-source web browser extension for editing cookies * [DirBuster](https://tools.kali.org/web-applications/dirbuster) - - Multi-threaded java application that can use wordlists/brute force to find directories and files on web servers. + - Multi-threaded java application that can use wordlists/brute force to find directories and files on web servers -* SQL Injections - - **Classic SQL Injection** +## Forensics - Often when parsing user input in SQL, the request formed will be something along the lines of: +* Least Significant Bit - ``` - SELECT author,title,year FROM books WHERE publisher = ‘O’Reilly’ and published=1 - ``` + //TODO - If the parsing of input is done incorrectly, you can use a ``` ' ``` in a input field and break out of the statement to inject your own code. +* Tools - Often an injection will be something along the lines of + * [stegsolve](https://github.com/zardus/ctf-tools/blob/master/stegsolve/install) - ``` - admin' OR 1=1-- - OR 1=1-- - ``` + - Image steganography tool. -## Forensics + * [Sonic Visualizer](https://www.sonicvisualiser.org/) + + - Audio file analysis tool that can be used to extract and visualize data. + * [binwalk](https://github.com/ReFirmLabs/binwalk) + + - Analyze file formats and extract hidden file formats inside. ## Reversing -Ghidra is an open-source reverse engineering tool developed by the NSA. +* Tools + + * [Ghidra](https://www.nsa.gov/resources/everyone/ghidra/) + + - A powerful open-source reverse engineering tool developed by the NSA. + ## Binary Exploitation +* Resources + + * [LiveOverflow's Youtube channel](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w) + + - Very detailed youtube videos that thoroughly teach and explain many common binary exploitation methods. Heavily recommended especially if you are new to binary exploitation.