ctfbox

Release 1.12.5

A box for CTF challenges with some sugar functions, Just enjoy it

Homepage PyPI Python

License
MIT
Install
pip install ctfbox==1.12.5

Documentation

ctfbox

A box for CTF challenges with some sugar functions, Just enjoy it

Current version: 1.12.5

中文文档点这里

Please use python 3.6+

Guide

Install

All you need to do is

pip install ctfbox

Usage

Common

from ctfbox import * # Will not import the pwn part, please check the PWN Usage section below
# enjoy it

PWN

PWN Usage

Functions

Please refer to docstring for function's signatures and usages

utils

Some useful functions, close to intuition

  • url: url_encode(), url_decode(), force_url_encode()
  • html: html_encode(), html_decode()
  • base16: base16_encode(), base16_decode()
  • base32: base32_encode(), base32_decode()
  • base64: base64_encode(), base64_decode()
  • json: json_encode(), json_decode()
  • hex: bin2hex(), hex2bin()
  • jwt: jwt_encode(), jwt_decode()
  • rot: rot_encode()
  • hash: md5(), sha1(), sha256(), sha512()
  • random: random_int(), random_string()
  • prase od command data: od_parse()
  • A decorator to make it multi-threaded: Threader()
  • Decrypted in the usual way: auto_decode()

WEB

  • generate flask pin: get_flask_pin()

  • generate flask session: flask_session_encode(), flask_session_decode() (⚠️ There is no flask dependency in ctfbox itself, the following two functions need to install the dependency by yourself)

  • build a simple file server: provide()

  • burte force hash for ctf verification code: hashAuth()

  • Send raw request by python-requests: httpraw()

  • generate gopher reuqests: gopherraw()

  • generate php serialize escape payload: php_serialize_escape, php_serialize_escape_s2l(), php_serialize_escape_l2s()

  • change normal stirng to php serialize S string: php_serialize_S()

  • php serialize

    • serialize()
    • unserialize()
    • serialize_to_file()
    • unserialize_from_file()
    • ...

    for more information, please check docstring and here

  • generate php soapClient class payload for ssrf: soapclient_ssrf()

  • network scan

    • scan network path: scan()
    • scan for network backup file: bak_scan()

  • generate reverse shell command: reshell()

  • use for out of band: OOB()

  • build a server for blindXXE: blindXXE()

  • generate gopher payload for attack redis

    • write webshell: gopherredis_webshell()
    • write crontab: gopherredis_crontab()
    • ssh authorized keys: gopherredis_ssh()
    • rce by master-slave replication: gopherredis_msr()

  • generate gopher payload for attack fastcgi

    • arbitrary code execution: gopherfastcgi_code()

  • source code leaks, support .git .svn .DS_Store: leakdump()

  • reverse mt_rand seed without brute force: reverse_mt_rand()

REVERSE

  • print data in hex format: printHex()
  • pack number into bytes: p16(), p32(), p64()
  • unpack number from bytes: u16(), u32(), u64()

MISC

  • provide common file signatures and function to patch a file
    • patch file signature: repair_fileheader()
  • fix zip fake encrypt: repair_zip_fake_encrypt()

CRYPTO

  • srand for multiple platforms: windows_srand(), linux_srand(), android_srand(),
  • get random integer from multiple platforms: windows_rand(), linux_rand(), android_nextInt(), android_nextInt_bound()

PWN

  • Usage 
    # Doesn't support Windows
from pwn import * # import pwntools
# set pwntools config...
# context.os = 'linux'
# context.log_level = 'debug'
# context.arch = 'amd64'
from ctfbox.pwntools.config import Config # import confit for pwn part of ctfbox
# set necessary config 
"""
Attributes:
- local(bool) : connect to local binary / remote address, default: True
- bin(str)    : the binary path, e.g. './pwn'
- address(str): the remote address, e.g. '127.0.0.1:2333'
- pie(bool)   : whether the memory address is randomized, default: False
"""
Config.local = True
Config.address = "127.0.0.1:2333"
Config.bin = "./bin"
# import pwn part
from ctfbox.pwn import *
    now you can use the attributes/functions below 
    slog // empty dictionary, you can set the leaked address and corresponding name. e.g. slog['libc'] = libc_addr
elf  // pwntools.ELF(binaray)
cn   // a connect to local binary or remote address
re   // lambda of cn.recv(m, t)
recv // lambda of cn.recv()
ru   // lambda of cn.recvuntil(x)
rl   // lambda of cn.recvline()
sd   // lambda of cn.send(x)
sl   // lambda of cn.sendline(x)
ia   // lambda of cn.interactive()
sla  // lambda of cn.sendlineafter(a, b)
sa   // lambda of cn.sendafter(a, b)
ft   // ft(arg, f=pwnlib.util.cyclic.de_bruijn(), l=None) lambda of flat(*arg, filler=f, length=l)
gdba // gdba(bps) debug, argument bps save the breakpoint address, breakpoint can also be automatically set when pie is turned on, need pmap command
slog_show // print all set slogs, in hexadecimal format

Techniques

Depends

  • requests
  • PyJWT
  • python-socketio[client]==4.6.0
    • python-engineio==3.14.2

Contributors

Syclover

Other

Logs

1.12.5

  • fix a bug:
    • utils
      • can't work

1.12.0

  • add a function:
    • web
      • gopherfastcgi_code

1.11.0

  • update some function:
    • hashAuth: add prefix and suffix arguments

1.10.0

  • remove dependencies:
    • python-socketio[client]==4.6.0
    • python-engineio==3.14.2
  • update some functions:
    • printHex
  • rewrite some functions:
    • OOB
  • add some functions:
    • crypto
      • windows_srand
      • windows_rand
      • linux_srand
      • linux_rand
      • android_srand
      • android_nextInt
      • android_nextInt_bound

1.9.0

  • add some functions:
    • force_url_encode

1.8.0

  • add some functions:
    • php_serialize_S

1.7.0

  • update some functions:
    • leakdump
      • update docstring
      • support .DS_Store
      • better error output
      • fix some bugs
  • add some functions:
    • reverse_mt_rand

1.6.0

  • 添加中文文档
  • add some functions:
    • leakdump
  • update some functions:
    • get_flask_bin
      • update docstring
    • print_hex
      • pretty output

1.5.0

  • add some functions:

    • scan
    • bak_scan
    • reshell
    • OOB
    • blindXXE
    • php_serialize_escape
    • gopherredis_webshell
    • gopherredis_crontab
    • gopherredis_ssh
    • gopherredis_msr
    • repair_fileheader
    • repair_zip_fake_encrypt
    • base16_encode, base16_decode, base32_encode, base32_decode, html_encode, html_decode

  • add dependencies:

    • python-socketio[client]==4.6.0
    • python-engineio==3.14.2

1.4.2

  • fix bugs:
    • Threader
      • retry can't work
  • update some functions:
    • Threader
      • add docstring
      • add task attributes: traceback

1.4.1

  • fix bugs:
    • soapclient_ssrf
      • docstring about encode is error
      • encode arugment not work
    • md5
      • can't import
    • hashAuth
      • can't work
      • return type incorrect

1.4.0

  • add all for limit export
  • add some functions:
    • soapclient_ssrf
    • rot_encode
    • thirdparty: phpserialize(Origin)
  • add tests:
    • php_serialize_escape_l2s
    • php_serialize_escape_s2l
    • httpraw
  • update some functions:
    • httpraw
      • add kwargs: session, send
  • fix bugs:
    • php_serialize_escape_l2s
      • con't work correctly
    • httpraw
      • url irregular
      • no headers will be send
      • post data may be incorrect

1.3.0

  • refactor project structure
  • add some functions:
    • flask_session_encode
    • flask_session_decode
    • php_serialize_escape_l2s
    • php_serialize_escape_s2l
    • gopherraw

1.2.1

httpraw:

  • fix a bug that httpraw may not be able to send post request correctly
  • fix a bug that could not solve port
  • fix a bug that real_host could not use
  • fix a bug that may cause encoding error

1.2.0

  • add dev dependencies: icecream
  • add some functions:
    • od_parse
    • get_flask_pin
    • httpraw
    • p16 p32 p64 and uXX functions
    • Base32 and Base64 table getter

v1.1.1

  • move project to new directory
  • update Readme.md, added missing functions

v1.1.0

  • add pwn part, please see Pwn Usage
  • add some functions that may be used in reverse
  • update hashAuth functions
    • error if startIndex is less than endIndex
    • if startIndex is zero and length of hash(endIndex - startIndex) is not equal to length of answer, endIndex will be set to length of answer
  • update Readme.md, add usage and contributors, Supplementary dependency: PyJWT

v1.0.2

  • update Readme.md

V1.0.1

  • update Readme.md

V1.0.0

  • first commit

Stats

Dependencies
2
Dependent packages
0
Dependent repositories
0
Total releases
24
Latest release
First release
Stars
32
Forks
8
Watchers
3
Contributors
6
Repository size
267 KB
SourceRank
11

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

1.12.5
1.12.4
1.12.3
1.12.2
1.12.1
1.12.0
1.11.0
1.10.0
1.9.0
1.8.0
See all 24 releases

Contributors

Longlone Jiaxin Peng F4DE ev11ccaat yimianweishi AFKL


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2023-08-02 16:06:59 UTC

Login to resync this project