8000 GitHub - apoirrier/CTFs-writeups: Writeups for various CTFs competitions

More Web Proxy on the site http://driver.im/

Name		Name	Last commit message	Last commit date
Latest commit History 280 Commits
404CTF2022		404CTF2022
AUCTF2020		AUCTF2020
AwesomeCTF2020		AwesomeCTF2020
BrigitteFriang		BrigitteFriang
CSAWQual2021		CSAWQual2021
DGHack2020		DGHack2020
DGHack2021		DGHack2021
DGHack2022		DGHack2022
DarkCTF2020		DarkCTF2020
Dawg2020		Dawg2020
ECW2023		ECW2023
FCSC2022		FCSC2022
HouseplantCTF2020		HouseplantCTF2020
PBCTF2021		PBCTF2021
PicoCTF		PicoCTF
SharkyCTF2020		SharkyCTF2020
TAMUCTF2020		TAMUCTF2020
TJCTF2020		TJCTF2020
TMUCTF2021		TMUCTF2021
UTCTF2020		UTCTF2020
README.md		README.md
flag_converter.py		flag_converter.py

Repository files navigation

CTFs-writeups

Writeups for various CTFs competitions.

On this page you can find links to writeups for the following categories:

Blockchain
Cryptography
Forensics
Cheating in games
Miscellaneous
OSINT
Pwn
Brute-forcing passwords
Quantum cryptography
Reverse engineering
Web

You can also find a list of useful CTF tools.

Example of writeups

Blockchain

Eth

Bitcoin

Bitcoin transaction vulnerability

Cryptography

Easy crypto

General crypto

Double DES

AES

RSA

Hashes

Cryptography in subgroups of Z or Z*

Elliptic curves

Bad randomness

Esoteric

Forensics

Images

Audio

PDF

PDF recover streams and CMap

Network files

Dump files

Signal in a wire

Esoteric

Games

Misc

OSINT

PWN

Buffer overflow

Simple format string

ret2lib

File Struct Oriented Programming

Break PRNG

Guess randomness of rand with srand(time)

Privilege escalation

Heap exploitation

Python

Java

log4shell

Password cracking

Quantum

Quantum key distribution

Reversing

Java and Android

Java decompiler

Python

Assembly

Micro-controllers and circuits

Other static analysis

Static analysis

Dynamic analysis

Web

Language vulnerabilities

SQL attacks

Session tokens

RCE with SSTI

Jinja2 SSTI

XSS

XXE

Custom Wordpress vulnerability

Proxy stuff

WASM

Disassemble WASM

CVE

Tools for CTF

Here is a list to various useful tools for CTF competitions.

Network

Wireshark to analyze network connections

Web

Postman to make HTTP requests
OWASP ZAP for analysing website security. Features include requests analysis and forgery, fuzzing, etc...
sqlmap for automatic SQL injection
webhook for receiving requests. See Internal Support for an example of XSS attack.
See UpCredit for an example of CSRF attack (without csrf token).
flask-unsign for decoding, cracking and forging Flask cookies.

Reverse engineering

Ghidra to decompile c code.
Java decompiler
gdb a C debugger and its additional functionalities gef
OllyDbg a debugger for Windows programs
Android studio to edit and analyse APK files and emulate APK
Apktool for reversing APK files
angr for symbolic execution. See writeup.

PWN

pwntools a Python library for PWN
pwninit for automatically starting pwn challenges.
ROPGadget search for gadget and ROP chain generation
lib search database for ret2lib. See also writeup 32 bits and writeup 64 bits.
shellcodes

Steganography

file to determine file type
strings to print all ASCII strings in file
binwalk to find embedded files
StegSolve an image solver
Steg online for images
Morse decoder
MMSSTV for HAM transmissions
Digital Invisible Ink Toolkit for images
DeepSound for sound files
Raw Pixels an online RAW image viewer
Hexed.it to edit the bytes of a file
zsteg for images

Forensics

Autopsy for device analysis
Acoustic keylogger
Sigidwiki a signal identification guide
volatility

Cryptography

https://www.dcode.fr/en It knows a lot of common cypher methods and does automatic uncyphering
hlextend a Python library for length extension attacks on Merkle-Damgård hash functions
Factorize big integers with http://factordb.com/
Reverse seeds given inequality constraints for Java random: JavaRandomReverser
Solve integer inequalities with CSP

Password cracking

JohntheRipper

OSINT

Sherlock to scrap information on social media
Wayback Machine
Webpage archive

Misc

If you know the format of the flag, you can use flag_converter.py to quickly have the most common encoding of the flag, so you know what to look for during the competition ;)
https://www.asciitohex.com/ For quick conversion between ASCII, decimal, base64, binary, hexadecimal and URL
https://gchq.github.io/CyberChef/ Same as asciitohex but more complete, with magic wand.
https://upload.wikimedia.org/wikipedia/commons/d/dd/ASCII-Table.svg: An Ascci to decimal, hexadecimal, binary and octal table
Deal with images in Python using PIL. See example writeup
Cheat in WASM games: Cetus
Decompiler for GDScripts

About

Writeups for various CTFs competitions

Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

Languages

Python 100.0%

0