Skip to content
Snippets Groups Projects
Select Git revision
  • ffc4a46c72a416c3246eaf1f935eca1e983069a8
  • main default protected
2 results

README.md

Blame
  • Daniel Petri's avatar
    Daniel Petri authored
    ffc4a46c
    History

    CTF Tools

    This is a collection of tools and installation instructions of tools we commonly use in CTFs. This is not a complete list and any instructions are only suggestions.

    Feel free to adapt anything to your needs, if you prefer a different way, and submit feedback. Also use this as a starting point to learn about any of the tools that are new to you.

    Note

    macOS Users: Start with the macOS section.

    Required Tools

    Docker

    In Docker we can run Containers, which are isolated Linux environments.

    For example, many CTF challenges contain Dockerfiles that allow us to recreate the environment in which the challenge was created, so we can avoid any compatibility issues.

    Docker Desktop is fine if your host is Windows or macOS.

    On Linux, look up how to install Docker for your distribution.

    Alternative: Podman.

    Decompilers

    Ghidra is a powerful disassembling tool made by the NSA (Yes, that NSA).

    Binary Ninja is a more easy-to-use alternative. Does some things better than Ghidra and a few more things worse.

    Python and virtual environments

    We use Python often to write small scripts that automate tasks for exploits.

    Install Python 3.10 or higher using your package manager, if possible with the venv extension.

    sudo apt install python3 python3-pip python3-venv

    There are many useful Python packages, that help us with common taks, but installing them can interfere with other Python projects you might do later. Virtual environments are a way to isolate Python projects from each other.

    I like to have one virtual environment per CTF, but you can also have one global virtual environment.

    cd ~/ctf # Example path
    python3 -m venv .venv
    source .venv/bin/activate
    
    # Example packages
    pip install pwntools
    pip install requests

    In any new terminal, run source .venv/bin/activate to activate the virtual environment from the directory in which you created your venv. This will be indicated by the (.venv) prefix in your terminal prompt. You can also use deactivate to leave the virtual environment.

    In modern versions of Python, using pip install without being in a virtual environment will result in an error.

    IDEs like PyCharm and VSCode can also create and manage virtual environments for you.

    Other CLI Tools

    Note

    Everything in this section is already available in the Docker image, but you can also install them in your Linux environment, if you prefer.

    Main Tools

    There are probably way more useful tools, but here's a list to get started.

    sudo apt install -y xxd gdb gdb-multiarch gdbserver binutils binutils-multiarch \
        tmux wget curl socat strace ltrace git git-lfs \

    pwndbg

    This is a GDB plugin that adds a lot of useful features to GDB.

    The preferred installation method is now nix but this also works:

    cd ~
    git clone https://github.com/pwndbg/pwndbg .pwndbg
    cd .pwndbg
    ./setup.sh

    pwntools

    This is a Python library that makes it easier to write exploits.

    This should be installed in any virtual enviroment you use for CTFs.

    pip install --upgrade pwntools

    Pwnenv Docker Image

    This is a Docker image based on Ubuntu that already has the CLI tools we need installed.

    docker pull registry.git-ce.rwth-aachen.de/pwn-la-chapelle/ctf-tools:latest
    
    ## Create container
    docker run -it --name pwnenv --cap-add=SYS_PTRACE --security-opt seccomp=unconfined -v $(pwd):/workdir registry.git-ce.rwth-aachen.de/pwn-la-chapelle/ctf-tools:latest
    
    ## Attach second terminal
    docker exec -it pwnenv bash
    ## Stop container
    docker stop pwnenv
    ## Reset container
    docker rm pwnenv

    macOS

    Usually, when dealing with binaries, it will be x64 binaries that need to run in a VM on Apple Silicon Macs.

    Xcode Command Line Tools

    xcode-select --install

    You may have already done this.

    Homebrew

    https://brew.sh

    Package manager for macOS. Install it with the following command:

    /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

    Protip:

    • Most common CLI applications are available via Homebrew.
    • Homebrew also lets you manage your regular Desktop apps, so no more .dmg files.

    Install Tools

    brew install --cask docker
    brew install colima

    Docker Desktop emulates x64 with the flag docker run --platform linux/amd64 with significantly higher performance. It's missing capabilities like ptrace needed to debug binaries.
    Colima creates a full Virtual Machine with QEMU and has all capabilities we need.

    Create Colima VM

    colima start -a x86_64 -c2 -m4 --vm-type qemu
    
    colima ssh # SSH into the VM, User folder is mounted at /Users
    
    colima stop # Stop the VM
    colima delete # Reset the VM
    
    # More than 1 VM possible with -p <name> flag´

    Creates a 2 CPU, 4GB RAM VM with QEMU. Has Ubuntu and Docker preinstalled. While the VM is running, the Docker CLI on macOS controls Docker inside the VM. So don't have Docker Desktop running at the same time.

    From here, you can choose to either use the Docker image or install the tools directly in your VM.

    Windows

    WSL2 is the easiest way to start.

    wsl --install
    wsl --set-default-version 2
    wsl --install -d Ubuntu-24.04
    # Launch the Ubuntu app from the start menu to set a password