A box for CTF challenges with some sugar functions, Just enjoy it
Project description
ctfbox
A box for CTF challenges with some sugar functions, Just enjoy it
Current version: 1.5.0
Please use python 3.6+
Guide
Install
All you need to do is
pip install ctfbox
Usage
Common
from ctfbox import * # Will not import the pwn part, please check the PWN Usage section below
# enjoy it
PWN
Functions
Please refer to docstring for function's signatures and usages
utils
Some functions with names similar to PHP, close to intuition
- url:
url_encode(),url_decode() - html:
html_encode(),html_decode() - base16:
base16_encode(),base16_decode() - base32:
base32_encode(),base32_decode() - base64:
base64_encode(),base64_decode() - json:
json_encode(),json_decode() - hex:
bin2hex(),hex2bin() - jwt:
jwt_encode(),jwt_decode() - rot:
rot_encode() - hash:
md5(),sha1(),sha256(),sha512() - random:
random_int(),random_string() - prase od command data:
od_parse() - A decorator to make it multi-threaded:
Threader()
WEB
-
generate flask pin:
get_flask_pin() -
generate flask session:
flask_session_encode(),flask_session_decode()(⚠️ There is no flask dependency in ctfbox itself, the following two functions need to install the dependency by yourself) -
generate php serialize escape payload:
php_serialize_escape,php_serialize_escape_s2l(),php_serialize_escape_l2s() -
build a simple file server:
provide() -
burte force hash for ctf verification code:
hashAuth() -
Send raw request by python-requests:
httpraw() -
generate gopher reuqests:
gopherraw() -
php serialize
serialize()unserialize()serialize_to_file()unserialize_from_file()- ...
for more information, please check docstring and here
-
generate php soapClient class payload for ssrf:
soapclient_ssrf() -
network scan
- scan network path:
scan() - scan for network backup file:
bak_scan()
- scan network path:
-
generate reverse shell command:
reshell() -
use for out of band:
OOB() -
build a server for blindXXE:
blindXXE() -
generate gopher payload for attack redis
- write webshell:
gopherredis_webshell() - write crontab:
gopherredis_crontab() - ssh authorized keys:
gopherredis_ssh() - rce by master-slave replication:
gopherredis_msr()
- write webshell:
REVERSE
- print data in hex format:
printHex() - pack number into bytes:
p16(),p32(),p64() - unpack number from bytes:
u16(),u32(),u64()
MISC
- provide common file signatures and function to patch a file
- patch file signature:
repair_fileheader()
- patch file signature:
- fix zip fake encrypt:
repair_zip_fake_encrypt()
PWN
- Usage
# Doesn't support Windows from pwn import * # import pwntools # set pwntools config... # context.os = 'linux' # context.log_level = 'debug' # context.arch = 'amd64' from ctfbox.pwntools.config import Config # import confit for pwn part of ctfbox # set necessary config """ Attributes: - local(bool) : connect to local binary / remote address, default: True - bin(str) : the binary path, e.g. './pwn' - address(str): the remote address, e.g. '127.0.0.1:2333' - pie(bool) : whether the memory address is randomized, default: False """ Config.local = True Config.address = "127.0.0.1:2333" Config.bin = "./bin" # import pwn part from ctfbox.pwn import *
now you can use the attributes/functions belowslog // empty dictionary, you can set the leaked address and corresponding name. e.g. slog['libc'] = libc_addr elf // pwntools.ELF(binaray) cn // a connect to local binary or remote address re // lambda of cn.recv(m, t) recv // lambda of cn.recv() ru // lambda of cn.recvuntil(x) rl // lambda of cn.recvline() sd // lambda of cn.send(x) sl // lambda of cn.sendline(x) ia // lambda of cn.interactive() sla // lambda of cn.sendlineafter(a, b) sa // lambda of cn.sendafter(a, b) ft // ft(arg, f=pwnlib.util.cyclic.de_bruijn(), l=None) lambda of flat(*arg, filler=f, length=l) gdba // gdba(bps) debug, argument bps save the breakpoint address, breakpoint can also be automatically set when pie is turned on, need pmap command slog_show // print all set slogs, in hexadecimal format
Techniques
Depends
- requests
- PyJWT
- python-socketio[client]==4.6.0
- python-engineio==3.14.2
Contributors
Syclover
Other
Logs
1.5.0
-
add some functions:
- scan
- bak_scan
- reshell
- OOB
- blindXXE
- php_serialize_escape
- gopherredis_webshell
- gopherredis_crontab
- gopherredis_ssh
- gopherredis_msr
- repair_fileheader
- repair_zip_fake_encrypt
- base16_encode, base16_decode, base32_encode, base32_decode, html_encode, html_decode
-
add dependencies:
- python-socketio[client]==4.6.0
- python-engineio==3.14.2
1.4.2
- fix bugs:
- Threader
- retry can't work
- Threader
- update some functions:
- Threader
- add docstring
- add task attributes: traceback
- Threader
1.4.1
- fix bugs:
- soapclient_ssrf
- docstring about encode is error
- encode arugment not work
- md5
- can't import
- hashAuth
- can't work
- return type incorrect
- soapclient_ssrf
1.4.0
- add all for limit export
- add some functions:
- soapclient_ssrf
- rot_encode
- thirdparty: phpserialize(Origin)
- add tests:
- php_serialize_escape_l2s
- php_serialize_escape_s2l
- httpraw
- update some functions:
- httpraw
- add kwargs: session, send
- httpraw
- fix bugs:
- php_serialize_escape_l2s
- con't work correctly
- httpraw
- url irregular
- no headers will be send
- post data may be incorrect
- php_serialize_escape_l2s
1.3.0
- refactor project structure
- add some functions:
- flask_session_encode
- flask_session_decode
- php_serialize_escape_l2s
- php_serialize_escape_s2l
- gopherraw
1.2.1
httpraw:
- fix a bug that httpraw may not be able to send post request correctly
- fix a bug that could not solve port
- fix a bug that real_host could not use
- fix a bug that may cause encoding error
1.2.0
- add dev dependencies: icecream
- add some functions:
- od_parse
- get_flask_pin
- httpraw
- p16 p32 p64 and uXX functions
- Base32 and Base64 table getter
v1.1.1
- move project to new directory
- update Readme.md, added missing functions
v1.1.0
- add pwn part, please see Pwn Usage
- add some functions that may be used in reverse
- update hashAuth functions
- error if startIndex is less than endIndex
- if startIndex is zero and length of hash(endIndex - startIndex) is not equal to length of answer, endIndex will be set to length of answer
- update Readme.md, add usage and contributors, Supplementary dependency: PyJWT
v1.0.2
- update Readme.md
V1.0.1
- update Readme.md
V1.0.0
- first commit
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ctfbox-1.5.0.tar.gz.
File metadata
- Download URL: ctfbox-1.5.0.tar.gz
- Upload date:
- Size: 49.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.0 pkginfo/1.5.0.1 requests/2.25.1 setuptools/45.1.0 requests-toolbelt/0.9.1 tqdm/4.50.2 CPython/3.7.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
112d4f763166b515c887320939911925ff430e10c4fb65d479a8aaa22f302bfa
|
|
| MD5 |
a631c15a3c74c2d404506bcbfcaac30e
|
|
| BLAKE2b-256 |
755001803337a4a2f20f0baba9320ba72b63a10eb413b46d2c0855b13c4e7616
|
File details
Details for the file ctfbox-1.5.0-py3-none-any.whl.
File metadata
- Download URL: ctfbox-1.5.0-py3-none-any.whl
- Upload date:
- Size: 53.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.0 pkginfo/1.5.0.1 requests/2.25.1 setuptools/45.1.0 requests-toolbelt/0.9.1 tqdm/4.50.2 CPython/3.7.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
be86518f769f99c4a2b3496d1f6a7ae53b2a5f83a5629f5a62205a92dc371cfd
|
|
| MD5 |
c6bfe11599bde70175d1cef5dd5baeb0
|
|
| BLAKE2b-256 |
d0a09cb40fcd30143ad7facbbda243da5b14129998baaae738c6fd7eb7b4edc8
|
