Security Setup
不要做壞事
不要做壞事
不要做壞事
社團資源
- 社窩 * 1
- 大神學長同學 * N
- FB: 交大網路安全策進會
- FB Group: BambooFox CTF 討論區
- 社課錄影: Youtube Bamboofox
- Slack: https://bamboofox.herokuapp.com/
- 網站: https://bamboofox.github.io/
- 練習: https://bamboofox.cs.nctu.edu.tw/
CTF
What is CTF
- Capture The Flag ,簡稱CTF
- 由主辦單位設計帶有漏洞的程式或網站,讓參賽者進行解題或互相攻防
Type of CTF
- Jeopardy
- Attack and Defense
- King of the Hill
Category
- Reverse
- Pwnabl
- Crypto
- Forensics
- Web
- Misc
Kali
Why used
- Debian-based Linux distribution
- Penetration Testing and Security Auditing
- Include 600 penetration testing tools
- Single user, root access by design
Root
- 最高權限
- 擁有系統(幾乎)一切讀寫執行功能
Shell
- 連接 OS 與你的指令(command)的程式
[user]@[host]$ [command] -[short opt] --[long opt] argsroot@[host]# [command] -[short opt] --[long opt] args
32 / 64 bits
- i386 / amd64 (x86_64)
- 參考
sudo dpkg --add-architecture i386 udo apt-get update sudo apt-get install libc6:i386 libncurses5:i386 libstdc++6:i386
Sample
ls
ls: 列出目前資料夾下的東西ls -a: 全部ls -l: 清單ls -R: 遞迴
HELP!!
man--help- stack overflow
Commands
Commands
Commands
Commands
Commands
More
rm -rf /*- codecademy
- 鳥哥
Python
Why python
- easy
- strong module support
- script language
- portable on many platform
Getting Start
- python console
- python script
- comment
#!/usr/bin/env python # single line comment
I/O
Output
print('hahaha') print("%d %d" % (100, 20)) print("{1}{0}".format('hi', 'CA')) sys.stdout.write()
Input
s = input() s = raw_input()
Number
Integer
int() 0x00 int(x, 16) hex(23) #0x17 + - * / % ** //
Float
3.14... 2.12e-3 小數不精確性質
String
'single line string' ''' multi line string also comment ''' len('abcdefg1234567') s[3] s[:-2:3] 'a'.join(['b', 'c', 'd'])
ascii table
ord('a') chr(0x61) "7061756c".decode("hex") 'zzZ'.encode('hex')
List / Tuple
List
li = ['b', 1, 2, 'a'] li.append('abc') li.remove(2) li.sort() li.reverse() s.split('/')
Tuple
a = (2, 3, 5) zip('abc', '123')
Branch
if a == b and c == 0: print('a==b') elif a < b or c == 0: print('a<b') else: print('a>b')
Loop
for i in range(10): print i for x in 'abc123': print(x) while True: print('hi')
Function
def function_name(parameter): statement return (None)
Module
- import
- from
- as
- pip: apt install python(3)-pip
import requests from bs4 import BeautifulSoup import os as hi hi.system('echo $PATH')
Pwntools
Install
apt-get update apt-get install python2.7 python-pip python-dev git libssl-dev libffi-dev build-essential pip install --upgrade pip pip install --upgrade pwntools
from pwn import * context(arch = 'i386', os = 'linux') # 32bits context(arch = 'amd64', os = 'linux') # 64bits r = remote('exploitme.example.com', 31337) r.recv() r.sendline() r.senduntil() r.interactive() p32() p64()
Requests & BeautifulSoup
import requests r = requests.get('https://cs.nctu.edu.tw') r.status_code r.text
import requests from bs4 import BeautifulSoup soup = BeautifulSoup(html_doc, 'lxml') soup.prettify() soup.find_all('a')
Practice
Other Tips
Tmux
tmux attach tmux list Ctrl-B % Ctrl-B & Ctrl-B c Ctrl-B s Ctrl-B d Ctrl-B ${Number} ...
CTF-tools
CVE / 0days
- CVE
- 0days
- POC, github
- Awesome Hacking
- Web, PoC
- Web
Tor
import requests proxies = { 'http': 'http://127.0.0.1:9050', 'https': 'http://127.0.0.1:9050', } requests.get('http://www.president.gov.tw/', proxies=proxies)
Reference
Security Setup
{"metaMigratedAt":"2023-06-14T14:10:48.170Z","metaMigratedFrom":"YAML","title":"Security Setup","breaks":true,"lang":"zh-tw","dir":"ltr","robots":"index, follow","GA":"UA-100433652-1","disqus":"calee","contributors":"[]"}