Scribd
Upload
71 views66 pages

CTF Misc

The document discusses various aspects of Capture The Flag (CTF) competitions, focusing on miscellaneous techniques and tools used in digital forensics and data analysis. It includes information on file signatures, data extraction methods, and the use of tools like Wireshark, Volatility, and others for analyzing different file types and protocols. Additionally, it touches on topics such as USB data extraction, SQL injection, and steganography techniques.

Uploaded by

gwenchill
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
71 views66 pages

CTF Misc

The document discusses various aspects of Capture The Flag (CTF) competitions, focusing on miscellaneous techniques and tools used in digital forensics and data analysis. It includes information on file signatures, data extraction methods, and the use of tools like Wireshark, Volatility, and others for analyzing different file types and protocols. Additionally, it touches on topics such as USB data extraction, SQL injection, and steganography techniques.

Uploaded by

gwenchill
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 66

MISC in CTF

t
MISC in CTF

! B2 ddUQ KMTTIVMW

• k??2 % 5 A4=B 2 % BC4 % 4T M
• k j
"
"
"
• k j j
'

FQZM PIZSq
q
! PL t I M
!
• dd j JTQUM
• dd j FQV7M

*> 16 *>
j s h
i s j s
v UIOQK V UJMZ

y ym

Linuxo j l
Mac Windowso j
kdocx zip
docxqzip

docx zipj
q
I ASCII
Win PE 4D>5A MZ
ELF 7F>45>4C>46 .ELF
RAR 52>61>72>21 Rar!....
ZIP 50>4B>03>04 PK..
7Z 37>7A>BC>AF>27>1C 7z¼¯'
JPEG FF>D8>FF>DB ÿØÿÛ
PNG 89>50>4E>47>0D>0A>1A>0A .PNG....
GIF 47>49>46>38>39>61 GIF89a
BMP 42>4D BM
PDF 25>50>44>46 %PDF
Java*class CA>FE>BA>BE Êþº¾
VMDK 4B>44>4D KDM

*>JPEG eFF D9f v


FILE & BINWALK

! 5QTM

! 1QV_ITS
• RFC document

• wikipedia
! ' 4LQ WZ CMU TI M
t
t j p
Office
!
• t
• LWK t

!
• 0L IVKML NNQKM
?I _WZL AMKW MZa
!

• 2A2)(
kziperello

!
! IK B QV h
:ITQi tj
bQ

! GQ 2MV RIZ

! + *1 ' (j '*
k

?I _IZM:Q
0L IVKML bQ ?I _WZL AMKW MZa

s A j s A FLAG

j
k Aq A h 7zi
CRC32

/ h i

x CRC
——> t CRC
Wireshark

!
• t u
• t

t u

strings k

s t u

t FLAGj
y strings FLAG
u

u
16 y

16
w kTCP UDP FTP HTTP SAMBA
z /
k t zip z r j r
——
! DB1


tshark.exe *r usb2.pcap *T fiel


ds *e usb.capdata > usbdata.txt

! Q7 J
• UsbKeyboardDataHacker
• UsbMiceDataHacker

USB
USB
nums = []
keys = open('data.txt','r')
posx = 0
posy = 0
for line in keys:
if len(line) != 12 :
continue
x = int(line[3:5],16)
y = int(line[6:8],16)
if x > 127 :
x *= 256
if y > 127 :
y *= 256
posx += x
posy += y
btn_flag = int(line[0:2],16)
if btn_flag == 1 :
print posx , posy
keys.close()
VNC

Key_down
*> o s

client_message_type
*>

tshark *n>*r>forensics.pcapng
'vnc.key_down ==>Yes'|awk
'{print>$8}'|tr '\n'>'>'>
!
• QZVO

• ?j


!
! s
&
!



!
• E 3:

!
• 3Q SOMVQ
• EQZ IT JW
• A B LQW
• Q W1 MZ
q
!
• t h i
• t
!
• QU
• EWTI QTQ a
• IM SMaNQVL
Volatility

volatility pslist *f target.vmem

! 3 U

volatility procdump –u –memory –D ./ *p PID *f target.vmem

volatility *f>target.raw **profile=Win10x64> memdump *p>PID –D ./


!
• B
• _MJ
!
• 0KKM TWO
• 4ZZWZ TWO
SQL

1 AND 7500=IF((ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM


misc.flag ORDER BY flag LIMIT 0,1),16,1)))!=83),SLEEP(1),7500)

k
• j np
• t y
• o IP
• ggg
(
! KW a
• KW a %J ( R O ' bQ W R O

! ?B p R O

! k JQV_ITS LL FQVA0A
EXIF

# n
X b

# 1 B
E
GIF

j QNB TQ MZ % 02 ZM QM_
IDAT

!
! t s
! G,,
! bTQJ
stegdetectz
! dd pngcheck *v>corrupt.v2.png

! dd h 30C 73A i
! dd w ?4
LSB
• m a f e f
• bJ( / /3 :
• 0 J 4

M /   .  

uT/
Stegsolve
LSB
LSB

| j

|
PIL

g l
# : :  
! F m p I im I m s IdS
m
PIL

! WZ h % i
! h i
! h i
! t h i
!
! y J
# no G
# n
# no
! bJ
# F
#
# B F
MP3 STEG
! R n I nx Ix h m c

! R bJB A B A

NNU MO Q ' U * IV N QUIOM(  W H +L R O  


SECCON 2015
)

g g g
) *
) * ( '* ( ()j t t ? * sm

Apnic | CN> | ipv4 | 1.2.2.0 | 256 | 20110331 | assigned>


c ? % c c ? c ? c c

cat delegated-apnic-20140223|grep "|CN|"|grep "ipv4" > ipv4.1.txt


awk -F "|" '{print $5}' ipv4.1.txt>ipv4.2.txt
awk '{sum+=$1;i++} END{print sum}' ipv4.2.txt
v _MJ PMTT W W

OM o
M IT PMTT PIKS I IKS M QT TWOQV I -
KWVNQO' P /IK .I IKS

QL
! j
+ +
Let’s Play games
Let’s Play games
IDE
m

PS
m

NTIO
16
NIVO Q

! uP sr

! MIS
! t

!
g

You might also like