102 lines
1.3 KiB
Markdown
102 lines
1.3 KiB
Markdown
|
# Intro Hacking (CTF)
|
||
|
|
||
|
---
|
||
|
|
||
|
## Wat is een CTF
|
||
|
|
||
|
Capture the Flag
|
||
|
|
||
|
`ZeusCTF{1k_b3n_33n_fl4g_H4DJ5D}`
|
||
|
|
||
|
---
|
||
|
|
||
|
## Belangrijke termen, dingen, systemen, encodings
|
||
|
|
||
|
- base64 (meme)
|
||
|
- binary
|
||
|
- hex
|
||
|
|
||
|
- veel dingen zijn een zip, `file` cmd docx, jar, apk
|
||
|
|
||
|
---
|
||
|
|
||
|
## Belangrijke tools
|
||
|
|
||
|
- Cyberchef (base64, binary, hex)
|
||
|
- pwntools
|
||
|
- curl
|
||
|
- netcat (nc)
|
||
|
|
||
|
---
|
||
|
|
||
|
- web
|
||
|
- sql injection (databanken)
|
||
|
- console
|
||
|
- cookies (local storage)
|
||
|
- request headers
|
||
|
- xss
|
||
|
|
||
|
---
|
||
|
|
||
|
- reversing
|
||
|
- packed binaries
|
||
|
- binary
|
||
|
- assembly (comparch)
|
||
|
- hexedit
|
||
|
- strings
|
||
|
- (ghidra) -> Vragen op voorhand installeren
|
||
|
- (gdb-gef) (run)
|
||
|
|
||
|
---
|
||
|
|
||
|
- mobile
|
||
|
- android (java)
|
||
|
- apk in zip ;)
|
||
|
- bytecode viewer
|
||
|
- native libraries
|
||
|
|
||
|
---
|
||
|
|
||
|
- forensic
|
||
|
- info in fotos (metadata, steganography (hidden data))
|
||
|
- wireshark (HTTP/DNS) (comnet)
|
||
|
|
||
|
---
|
||
|
|
||
|
- binary exploitation / pwn
|
||
|
- buffer/heap/stack overflow
|
||
|
- printf strings
|
||
|
|
||
|
---
|
||
|
|
||
|
- crypto
|
||
|
- XOR (raf)
|
||
|
- discover the key? met een gekende file header bv
|
||
|
- rsa :'(
|
||
|
|
||
|
---
|
||
|
|
||
|
- OSINT (Open Source INTelligence)
|
||
|
- Rare categorie die bestaat
|
||
|
- social media
|
||
|
- publiek toegankelijke data
|
||
|
|
||
|
---
|
||
|
|
||
|
CTF event volgende week
|
||
|
|
||
|
type challenges van: je eerste CTF challenge
|
||
|
|
||
|
---
|
||
|
|
||
|
Zin in meer
|
||
|
CTF NEXT WEEK
|
||
|
CSCBE 8-9 maart
|
||
|
|
||
|
|
||
|
Overthewire
|
||
|
|
||
|
https://picoctf.com/
|
||
|
https://pwn.college/
|
||
|
|
||
|
CSCBE
|