Try   HackMD

Security Setup

交大網路安全策進會

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

FB: 交大網路安全策進會

不要做壞事

不要做壞事

不要做壞事

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

CA Lee

calee@cs.nctu.edu.tw
交大資工 大三
交大 BambooFox 新手村成員

社團資源

CTF

What is CTF

  • Capture The Flag ,簡稱CTF
  • 由主辦單位設計帶有漏洞的程式或網站,讓參賽者進行解題或互相攻防

Type of CTF

  • Jeopardy
  • Attack and Defense
  • King of the Hill

Category

  • Reverse
  • Pwnabl
  • Crypto
  • Forensics
  • Web
  • Misc

Practice

Kali

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Why used

  • Debian-based Linux distribution
  • Penetration Testing and Security Auditing
  • Include 600 penetration testing tools
  • Single user, root access by design

Root

  • 最高權限
  • 擁有系統(幾乎)一切讀寫執行功能

Shell

  • 連接 OS 與你的指令(command)的程式
  • [user]@[host]$ [command] -[short opt] --[long opt] args
  • root@[host]# [command] -[short opt] --[long opt] args

32 / 64 bits

  • i386 / amd64 (x86_64)
  • 參考



sudo dpkg --add-architecture i386
udo apt-get update
sudo apt-get install libc6:i386 libncurses5:i386 libstdc++6:i386

Sample

ls

  • ls: 列出目前資料夾下的東西
  • ls -a: 全部
  • ls -l: 清單
  • ls -R: 遞迴

HELP!!

  • man
  • --help
  • google
  • stack overflow

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Commands

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Commands

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Commands

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Commands

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Commands

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

More

Python

Why python

  • easy
  • strong module support
  • script language
  • portable on many platform

Installation

Getting Start

  • python console
  • python script
  • comment



#!/usr/bin/env python

# single line comment

I/O

Output





print('hahaha')
print("%d %d" % (100, 20))
print("{1}{0}".format('hi', 'CA'))
sys.stdout.write()

Input



s = input()
s = raw_input()

Number

Integer







int()
0x00
int(x, 16)
hex(23) #0x17
+ - * / %
** //

Float




3.14...
2.12e-3
小數不精確性質

String










'single line string'
'''
multi line string
also comment
'''
len('abcdefg1234567')
s[3]
s[:-2:3]
'a'.join(['b', 'c', 'd'])

ascii table





ord('a')
chr(0x61)
"7061756c".decode("hex")
'zzZ'.encode('hex')

List / Tuple

List







li = ['b', 1, 2, 'a']
li.append('abc')
li.remove(2)
li.sort()
li.reverse()
s.split('/')

Tuple



a = (2, 3, 5)
zip('abc', '123')

Branch







if a == b and c == 0:
    print('a==b')
elif a < b or c == 0:
    print('a<b')
else:
    print('a>b')

Loop







for i in range(10):
    print i
for x in 'abc123':
    print(x)
while True:
    print('hi')

Function




def function_name(parameter):
    statement
    return (None)

Module

  • import
  • from
  • as
  • pip: apt install python(3)-pip




import requests
from bs4 import BeautifulSoup
import os as hi
hi.system('echo $PATH')

Pwntools

Install





apt-get update
apt-get install python2.7 python-pip python-dev git libssl-dev libffi-dev build-essential
pip install --upgrade pip
pip install --upgrade pwntools











from pwn import *
context(arch = 'i386', os = 'linux') # 32bits
context(arch = 'amd64', os = 'linux') # 64bits
r = remote('exploitme.example.com', 31337)
r.recv()
r.sendline()
r.senduntil()
r.interactive()
p32()
p64()

Requests & BeautifulSoup

requests






import requests

r = requests.get('https://cs.nctu.edu.tw')
r.status_code
r.text

beautiful soup







import requests
from bs4 import BeautifulSoup

soup = BeautifulSoup(html_doc, 'lxml')
soup.prettify()
soup.find_all('a')

Practice

Other Tips

SSH client

Tmux










tmux attach
tmux list
Ctrl-B %
Ctrl-B &
Ctrl-B c
Ctrl-B s
Ctrl-B d
Ctrl-B ${Number}
...

Regex

https://regexcrossword.com/

CTF-tools

https://github.com/zardus/ctf-tools

CVE / 0days

Tor


https://www.torproject.org/









import requests

proxies = {
  'http': 'http://127.0.0.1:9050',
  'https': 'http://127.0.0.1:9050',
}

requests.get('http://www.president.gov.tw/', proxies=proxies)

Resouce

Reference

Last changed by 
C.A.Lee
Master Student in CS, NCTU, TW
0
1
7656
Published on HackMD