ctf
pwndbg
ctf | pwndbg | |
---|---|---|
11 | 9 | |
1,743 | 6,726 | |
0.3% | 1.8% | |
2.5 | 9.5 | |
about 1 year ago | 5 days ago | |
Python | Python | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ctf
-
Audio Steganography
Audio can contain dial tones, or it can contain binary/morse code on some particular frequency, or it's not really "audio" but radio-transmission which needs to be decoded, or the audio can contain sounds of keyboard typing or even 3d printer head moving (like https://github.com/p4-team/ctf/tree/master/2020-05-10-spam-and-flags-teaser/3d_printer ), or maybe audio has multiple sources interleaved and you need to separate them and one has the flag, or maybe the audio file itself has specific format and some information can be passed there. There are infinite possibilities and it's impossible to say anything without analysing the file.
-
Failing to understand a flag
It's hard to say anything without actually seeing the page. Was there something inside the CSS files? You can do some crazy stuff there :) You can also do some fancy stuff like bypassing CSRF with CSS injection like in: https://github.com/p4-team/ctf/tree/master/2018-01-20-insomnihack/web_css
- CTF Question - reverse engineering keyboard Morse code
- Question about ECDSA
-
Stuck on a forensics challenge
One thing that immediately comes into mind is that archives are "weird", and an archive file can be also a totally different type of file at the same time. Just to clarify what I mean see: https://github.com/p4-team/ctf/blob/master/2016-04-15-plaid-ctf/web_pixelshop/README.md and specifically the magic file https://github.com/p4-team/ctf/blob/master/2016-04-15-plaid-ctf/web_pixelshop/exploit.png this is totally valid PNG file but at the same time it's also totally valid ZIP file with PHP shell inside.
-
Initial impact report about this week's EdDSA Double-PubKey Oracle attack in 40 affected crypto libs
Funny part is that even in CTF challenges made around this problem challenge authors were introducing some intentional bugs to account for this scenario, because they thought it would be too unrealistic otherwise :D See for example: https://github.com/p4-team/ctf/tree/master/2018-12-08-hxp/crypto_uff
-
Reduced Round AES CTR Attacks
See: https://github.com/p4-team/ctf/tree/master/2016-03-12-0ctf/peoples_square and also https://github.com/TFNS/writeups/tree/master/2020-06-05-DefenitCTF/spn (this one is not AES but some toy SPN, but the idea is exactly the same and maybe easier to understand)
-
Hey I was wondering if anyone knew a good place to post a challenge, a challenge with a reward
If it's some serious interesting cryptography (just to give you an example: https://github.com/p4-team/ctf/tree/master/2019-11-02-google-ctf/fractorization ), then perhaps consider talking to some CTF team to feature your challenge during an upcoming CTF
-
Help with factorizing n=p*q in an vulnerable RSA implementation
Also what you need doesn't require that much code, it's very similar to: https://github.com/p4-team/ctf/tree/master/2017-09-02-tokyo/crypto_rsa
- Cryptopals 2:12 - What real-world application of crypto does the solution actually break?
pwndbg
-
Any tips for newish C debugging please.
By far the best debugger for C is gdb+pwndbg (https://github.com/pwndbg/pwndbg)
- Need help installing pwndbg on Kali Linux
-
Hacked GDB Dashboard Puts It All on Display
There are a lot of these types of tools already in the reverse engineering community (in order of lowest chance of breaking when you throw really weird stuff at it):
GEF: https://gef.readthedocs.io/en/master/
PWNDBG: https://github.com/pwndbg/pwndbg
PEDA: https://github.com/longld/peda
They also come with a slew of different features to aid in RE/exploit dev, but many of them are also useful for debugging really weird issues.
-
Debugging with GDB
GDB is great. I definitely recommend checking out watchpoints as well, a very useful tool for monitoring how a variable changes over time.
GDB also has many good plugins - pwndbg has tons of features and UI improvements over stock GDB.
https://github.com/pwndbg/pwndbg
-
Making GDB Easier: The TUI Interface
I've recently started a new semester for my Master's program, and the first project for the semester involves using the GDB tool (GNU Debugger) to analyze a stack on a simple C program that contains a buffer overflow vulnerability. A couple of semesters ago, I had been given a VM pre-loaded with a more featured debugger tool called pwndbg. Pwndbg was excellent because it was easy to use and easily allowed accessed to information such as current assembly code being executed and a view of the program registers. So, going back to using GDB felt a little like stepping back into the stone age.
-
Awesome CTF : Top Learning Resource Labs
Pwndbg - A GDB plugin that provides a suite of utilities to hack around GDB easily.
- Trouble downloading pwndbg
-
Problem in downloading pwndbg
i have peda installed on my gdb and now i am trying to install pwndbg with git clone https://github.com/pwndbg/pwndbg cd pwndbg ./setup.sh
What are some alternatives?
CTFd - CTFs as you need them
gef - GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
RootTheBox - A Game of Hackers (CTF Scoreboard & Game Manager)
peda - PEDA - Python Exploit Development Assistance for GDB
ed25519-unsafe-libs - List of unsafe ed25519 signature libs
pwntools - CTF framework and exploit development library
gdb-dashboard - Modular visual interface for GDB in Python
libsodium - A modern, portable, easy to use crypto library.
one_gadget - The best tool for finding one gadget RCE in libc.so.6
pwndra - A collection of pwn/CTF related utilities for Ghidra
voltron - A hacky debugger UI for hackers