lucasmaurice/CTF Cheat Sheet.md

Last active April 22, 2024 10:44

Star (1) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/lucasmaurice/a90a01686c9c837150ce180712fcbc16.js"></script>
Save lucasmaurice/a90a01686c9c837150ce180712fcbc16 to your computer and use it in GitHub Desktop.

Download ZIP

A Cheat Sheet for CTF.

Raw

CTF Cheat Sheet.md

Sysadmin CTF Cheat Sheet

SYSADMIN

STEPS

bash history
Check Home folder and inspect files
Check running process (ps aux)
Check files for containing infos (strarting with /etc) (grep -r "info" 2>/dev/null)
Check readables files (find . -readable -and -user $(whoami) 2>/dev/null | head -n 10)
Check accessibles commands (sudo -l)
Check by attaching to a running process (strace -ewrite -p $PID)

HINTS

Find a word in all file in the current password (grep -i flag *)
.E01 files : user ewflib

TOOLS

CyberChef - String analyser
Volatility - A tool for analyse Memory Dump.
OWASP ZAP - Proxy for analyse Web requests.
Burp Community - (An other) Proxy for analyse Web requests.
BeEF - XSS tool.
sqlmap - Automatic SQL injection and database takeover tool.

TO CHECK

Binwalk

Trainings

picoCTF Easy - Medium
RingZer0 Medium - Hard
Websec Medium - Hard | Web Only
Hack The Box Hard
Root Me

Author

lucasmaurice commented Jul 2, 2019

find / \( -user root -o -group root \) \( -perm -u=s -o -perm -g=s \) -type f -ls 2>/dev/null

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment