Writeups for various CTFs competitions
Here is a list to various useful tools for CTF competitions.
- Wireshark to analyze network connections
- Postman to make HTTP requests
- OWASP ZAP for analysing website security. Features include requests analysis and forgery, fuzzing, etc...
- sqlmap for automatic SQL injection
- Ghidra to decompile
ccode. - Java decompiler
- gdb a C debugger
- OllyDbg a debugger for Windows programs
- Android studio to edit and analyse APK files and emulate APK
- Apktool for reversing APK files
- file to determine file type
- strings to print all ASCII strings in file
- binwalk to find embedded files
- StegSolve an image solver
- Steg online for images
- Morse decoder
- MMSSTV for HAM transmissions
- Digital Invisible Ink Toolkit for images
- DeepSound for sound files
- Raw Pixels an online RAW image viewer
- https://www.dcode.fr/en It knows a lot of common cypher methods and does automatic uncyphering
- hlextend a Python library for length extension attacks on Merkle-Damgård hash functions
- Sherlock to scrap information on social media
- If you know the format of the flag, you can use
flag_converter.pyto quickly have the most common encoding of the flag, so you know what to look for during the competition ;) - https://www.asciitohex.com/ For quick conversion between ASCII, decimal, base64, binary, hexadecimal and URL
- https://gchq.github.io/CyberChef/ Same as asciitohex but more complete, with magic wand.
- https://upload.wikimedia.org/wikipedia/commons/d/dd/ASCII-Table.svg: An Ascci to decimal, hexadecimal, binary and octal table
