Skip to content

CTF Wiki

WildWestCyberSecurity/ctf-wiki-ENGLISH

Start
Start
- Introduction
- How to use CTF Wiki
- Contributing Guide
  Contributing Guide
- Discussion
Introduction
Introduction
Misc
Misc
- Introduction to Misc
- Information Gathering Techniques
- Encoding Analysis
  Encoding Analysis
- Prerequisites for Forensics and Steganography
- Image Analysis
  Image Analysis
- Audio Steganography
  Audio Steganography
  - Audio Steganography
- Traffic Analysis
  Traffic Analysis
  - Introduction to Traffic Packet Analysis
  - PCAP File Repair
  - Protocol Analysis
    Protocol Analysis
    
    Protocol Analysis Overview
    
    Wireshark
    
    HTTP
    
    HTTPS
    
    FTP
    
    DNS
    
    WIFI
    
    USB
  - Data Extraction
- Archive Analysis
  Archive Analysis
  - ZIP Format
  - RAR Format
- Disk & Memory Analysis
  Disk & Memory Analysis
  - Disk and Memory Analysis
  - Challenges
- Other
  Other
  - pyc Files
Crypto
Crypto
- Introduction to Cryptography
- Basic Mathematics
  Basic Mathematics
  - Fundamental Mathematical Knowledge
- Classical Ciphers
  Classical Ciphers
- Stream Ciphers
  Stream Ciphers
  - Stream Ciphers
  - Pseudo-Random Number Generators
    Pseudo-Random Number Generators
    
    Introduction to Pseudorandom Number Generators
    
    Cryptographically Secure Pseudorandom Number Generator
    
    Challenges
  - Linear Congruential Generator
    Linear Congruential Generator
    
    Linear Congruential Generator
    
    Challenges
  - Feedback Shift Register
    Feedback Shift Register
    
    Feedback Shift Register
    
    Linear Feedback Shift Register - LFSR
    
    Nonlinear Feedback Shift Register
  - Special Stream Ciphers
    Special Stream Ciphers
    
    RC4
- Block Ciphers
  Block Ciphers
  - Block Cipher
  - ARX
    ARX
    
    ARX: Add-Rotate-Xor
  - DES
    DES
    
    DES
  - IDEA
    IDEA
    
    IDEA
  - AES
    AES
    
    AES
  - Simon and Speck
    Simon and Speck
    
    Simon and Speck Block Ciphers
  - Block Cipher Modes
    Block Cipher Modes
    
    Block Cipher Modes
    
    Padding Methods
    
    ECB
    
    CBC
    
    PCBC
    
    CFB
    
    OFB
    
    CTR
    
    Padding Oracle Attack
- Asymmetric Encryption
  Asymmetric Encryption
  - Introduction
  - RSA
    RSA
    
    RSA Introduction
    
    Modulus-Related Attacks
    
    Public Exponent Related Attacks
    
    Private Key d Attacks
    Private Key d Attacks
    
    Attacks on Private Key d
    
    Extending Wiener's Attack
    
    Coppersmith Related Attacks
    
    RSA Chosen Plaintext/Ciphertext Attack
    
    RSA Side-Channel Attack
    
    Bleichenbacher's Attack
    
    RSA Complex Problems
  - Knapsack Cipher
    Knapsack Cipher
    
    Knapsack Encryption
  - Discrete Logarithm
    Discrete Logarithm
    
    Discrete Logarithm
    
    ElGamal
    
    ECC
  - Lattice Cryptography
    Lattice Cryptography
    
    Lattice Overview
    
    Basic Introduction
    
    Lattice Basis Reduction Algorithms
    
    CVP
- Hash Functions
  Hash Functions
  - Hash Function
  - MD5
    MD5
    
    MD5
  - SHA1
    SHA1
    
    SHA1 SHA1
    Table of contents
    
    Basic Description
    
    Cracking
    
    2017 SECCON SHA1 is dead
    
    References
  - FNV
    FNV
    
    Fowler–Noll–Vo hash function
  - Hash Attack
    Hash Attack
    
    Hash Attack
  - Comprehensive Challenges
- Digital Signatures
  Digital Signatures
  - Digital Signatures
  - RSA Digital Signature
    RSA Digital Signature
    
    RSA Digital Signature
  - ElGamal Digital Signature
    ElGamal Digital Signature
    
    ElGamal
  - DSA Digital Signature
    DSA Digital Signature
    
    DSA
- Attack Summary
  Attack Summary
  - Introduction
  - Meet-in-the-Middle Attack
    Meet-in-the-Middle Attack
    
    Meet-in-the-Middle Attack - MITM
  - Bit Attack
    Bit Attack
    
    Bit Attack
- Certificate Format
  Certificate Format
  - Certificate Formats
Web
Web
- Web Introduction
- SQL Injection
  SQL Injection
  - SQL Injection
- XSS Cross-Site Scripting
  XSS Cross-Site Scripting
  - XSS
- CSRF Cross-Site Request Forgery
  CSRF Cross-Site Request Forgery
  - CSRF
- SSRF Server-Side Request Forgery
  SSRF Server-Side Request Forgery
  - SSRF
- PHP Code Audit
  PHP Code Audit
  - PHP Code Auditing
Assembly
Assembly
- x86_x64
- MIPS
- ARM
- RISC-V
Executable
Executable
- ELF Files
  ELF Files
  - ELF File Basic Structure
    ELF File Basic Structure
    
    ELF Files
    
    Sections
    
    Code Section
    
    Data Related Sections
    
    Symbol Table
    
    String Sections
    
    Dynamic Sections
    
    Misc Sections
  - Program Loading
    Program Loading
    
    Program Loading
  - Program Linking
    Program Linking
    
    Program Linking
    
    Symbol Resolve
  - Program Execution Flow
    Program Execution Flow
    
    Program Execution Flow
Reverse
Reverse
- Reverse Overview
  Reverse Overview
  - Introduction to Software Reverse Engineering
- Tools
  Tools
  - Static Analysis
    Static Analysis
    
    IDA Pro
    
    Ghidra
    
    jadx
    
    Dnspy
  - Dynamic Debugging
    Dynamic Debugging
    
    gdb
    
    ollydbg
    
    x64dbg/x32dbg
    
    windbg
  - Constraint Solving
    Constraint Solving
    
    z3
  - Simulated Execution
    Simulated Execution
    
    angr
    
    Unicorn Engine
- Algorithm Reversing
  Algorithm Reversing
  - Common Encryption Algorithm and Encoding Identification
- Code Obfuscation
  Code Obfuscation
- Maze Reversing
  Maze Reversing
  - Maze Problems
- VM Reversing
  VM Reversing
  - Virtual Machine Analysis
- Platform related
  Platform related
  - Linux Reverse
    Linux Reverse
    
    LD_PRELOAD
    
    False Disassembly
    
    Detecting Breakpoints
    
    Detecting Debugging
  - Windows Reverse
    Windows Reverse
    
    Unpacking Techniques
    Unpacking Techniques
    
    Introduction to Packers
    
    Single-Step Tracing Method
    
    ESP Law Method
    
    Direct OEP Method
    
    Memory Image Method
    
    Last Exception Method
    
    SFX Method
    
    DUMP and IAT Reconstruction
    
    Manually Finding IAT and Rebuilding with ImportREC
    
    Unpacking DLL Files
    
    Anti-Debugging Techniques
    Anti-Debugging Techniques
    
    NtGlobalFlag
    
    Heap Flags
    
    The Heap
    
    Interrupt 3
    
    IsDebuggerPresent
    
    CheckRemoteDebuggerPresent
    
    NtQueryInformationProcess
    
    ZwSetInformationThread
    
    Junk Code
    
    Anti-Debugging Techniques Example
- Language related
  Language related
  - Introduction
  - Python
    Python
    
    Introduction to Python Reverse Engineering
  - Rust
    Rust
    
    Introduction to Rust Reverse Engineering
  - Golang
    Golang
    
    Introduction to Golang Reverse Engineering
Pwn
Pwn
- Linux Platform
  Linux Platform
  - User Mode
    User Mode
    
    Environment
    Environment
    
    Environment
    
    Exploitation
    Exploitation
    
    Stack Overflow
    Stack Overflow
    
    x86
    x86
    
    Stack Introduction
    
    Stack Overflow Principle
    
    Basic ROP
    
    Intermediate ROP
    
    Advanced ROP
    Advanced ROP
    
    Advanced ROP
    
    ret2dlresolve
    
    ret2VDSO
    
    SROP
    
    Fancy Stack Overflow
    Fancy Stack Overflow
    
    Fancy Stack Overflow Techniques
    
    arm
    arm
    
    Environment Setup
    
    Arm ROP
    
    mips
    mips
    
    mips - ROP
    
    risc-v
    risc-v
    
    RISC-V
    
    Format String
    Format String
    
    Introduction
    
    Exploitation
    
    Examples
    
    Detection
    
    Heap Exploitation
    Heap Exploitation
    
    Ptmalloc2
    Ptmalloc2
    
    Heap Exploitation
    
    Heap Overview
    
    Heap-Related Data Structures
    
    Deep Dive into Ptmalloc2
    Deep Dive into Ptmalloc2
    
    In-Depth Understanding of Heap Implementation
    
    Basic Operations
    
    Heap Initialization
    
    Allocating Memory Chunks
    
    Freeing Memory Chunks
    
    tcache
    
    malloc_state Related Functions
    
    Testing Support
    
    Heap Overflow
    
    Off-By-One in the Heap
    
    Chunk Extend and Overlapping
    
    Unlink
    
    Use After Free
    
    Fastbin Attack
    
    Unsorted Bin Attack
    
    Large Bin Attack
    
    Tcache attack
    
    House Of Einherjar
    
    House Of Force
    
    House of Lore
    
    House of Orange
    
    House of Rabbit
    
    House of Roman
    
    House of Pig
    
    Musl-mallocng
    Musl-mallocng
    
    Readme
    
    IO_FILE Exploitation
    IO_FILE Exploitation
    
    FILE Structure
    
    Faking vtable to Hijack Program Flow
    
    FSOP
    
    IO_FILE Exploitation under glibc 2.24
    
    Integer Overflow
    Integer Overflow
    
    Integer Overflow
    
    Type Confusion
    Type Confusion
    
    Type Confusion
    
    Uninitialized Memory
    Uninitialized Memory
    
    Uninitialized Memory
    
    Race Condition
    Race Condition
    
    Race Condition
    
    Problems
    
    Defense
    Defense
    
    Canary
    
    Summary
    Summary
    
    Getting Addresses
    
    Hijacking Program Control Flow
    
    Shell Acquisition Summary
  - Kernel Mode
    Kernel Mode
    
    Basic Knowledge
    Basic Knowledge
    
    Introduction to Linux kernel
    
    Environment
    Environment
    
    Introduction
    
    Downloading and Compiling the Kernel Source Code
    
    Writing a Loadable Kernel Module
    
    Setting Up the Kernel Runtime Environment
    
    Real Device
    
    System.map
    
    Aim
    Aim
    
    Introduction
    
    Privilege Escalation
    Privilege Escalation
    
    Introduction
    
    Change Self
    
    Change Others
    
    Information Disclosure
    
    DoS
    
    Defense
    Defense
    
    Introduction
    
    Isolation
    Isolation
    
    Introduction
    
    User and Kernel
    User and Kernel
    
    Introduction
    
    User Code Not Executable
    
    User Data Not Accessible
    
    KPTI - Kernel Page Table Isolation
    
    Inside Kernel
    Inside Kernel
    
    Internal Isolation
    
    Access Control
    Access Control
    
    Introduction
    
    Information Disclosure
    
    Misc
    
    Detection
    Detection
    
    Introduction
    
    Kernel Stack Canary
    
    Randomization
    Randomization
    
    Introduction
    
    KASLR
    
    FGKASLR
    
    Exploitation
    Exploitation
    
    Introduction
    
    Returned Oriented Programming
    Returned Oriented Programming
    
    Kernel ROP
    
    Kernel ROP with KPTI bypass
    
    ret2usr (Deprecated)
    
    bypass-smep (Deprecated)
    
    Using pt_regs to Construct Universal Kernel ROP
    
    ret2dir
    
    Heap Exploitation
    Heap Exploitation
    
    Kernel Heap Overview
    
    slub allocator
    slub allocator
    
    Introduction
    
    Kernel UAF
    
    Heap Spray
    
    Freelist Hijacking
    
    Buddy System
    Buddy System
    
    Cross-Cache Overflow & Page-level Heap Fengshui
    
    Cross-Cache UAF
    
    Page-level UAF
    
    Race Condition
    Race Condition
    
    Double Fetch
    
    Using userfaultfd to Create Race Conditions
    
    Tricks
    Tricks
    
    Searching for the Flag Directly in Memory
    
    Reading the Flag via QEMU Monitor
    
    Directly Overwriting the Root Filesystem
    
    Triggering OOM Killer via Memory Overflow to Obtain a Root Shell
- Windows Platform
  Windows Platform
  - Overview
  - User Mode
    User Mode
    
    Readme
    
    Stack Overflow
    Stack Overflow
    
    Stack Introduction
    
    Stack Overflow Principle
    
    Executing Shellcode
    
    ret2dll Exploitation
  - Kernel Mode
    Kernel Mode
    
    Basic Knowledge
    Basic Knowledge
    
    Basic Knowledge
- MacOS Platform
  MacOS Platform
  - MacOS
- Misc OS Platform
  Misc OS Platform
  - Readme
- Sandbox Escape
  Sandbox Escape
  - python
    python
    
    Python Sandbox
  - shell
    shell
    
    Shell Sandbox
  - seccomp
    seccomp
    
    C Sandbox Escape
  - namespace
    namespace
    
    Namespace
  - chroot
    chroot
    
    Chroot
  - docker
    docker
    
    Docker
- Virtualization
  Virtualization
  - Basic Knowledge
    Basic Knowledge
    
    Introduction to Virtualization Technology
    
    CPU Virtualization
    
    Memory Virtualization
    
    I/O Virtualization
  - QEMU
    QEMU
    
    Basic Knowledge
    Basic Knowledge
    
    QEMU Memory Management
    
    QEMU Device Emulation
    
    Environment Setup
    Environment Setup
    
    Downloading and Building QEMU
    
    Writing QEMU Emulated Devices
    
    Exploitation
    Exploitation
    
    Introduction to QEMU Escape
    
    Tricks
    Tricks
    
    Reading Flags Using QEMU Monitor
  - Virtual Box
    Virtual Box
    
    VirtualBox
  - VMWare
    VMWare
    
    VMWare
  - Parallels
    Parallels
    
    Parallels
- Browser
  Browser
  - Chrome
    Chrome
    
    Chromium
    
    V8 Engine
    V8 Engine
    
    V8 Engine Intro
    
    Ignition Interpreter
    
    TurboFan JIT Compiler
    
    V8 Design History
    
    Mutable Heap Numbers
  - Firefox
    Firefox
    
    Firefox
  - Safari
    Safari
    
    Safari
- Hardware
  Hardware
  - CPU
    CPU
    
    Introduction
    
    Side Channel Attack
    Side Channel Attack
    
    prefetch side-channel attack
  - Trusted Computing
    Trusted Computing
    
    Trusted Execution Environment
Android
Android
- Android Development Basics
- Android Runtime Mechanism
  Android Runtime Mechanism
  - Brief Introduction to Android Application Operating Mechanism
  - Android Java Layer Runtime
    Android Java Layer Runtime
    
    Java Layer Operating Mechanism in Android
    
    Smali
    
    Dex && ODEX
    Dex && ODEX
    
    DEX File
    
    ODEX Files
  - Android Native Layer
    Android Native Layer
    
    Introduction to SO Files
- Android Reverse Engineering Basics
  Android Reverse Engineering Basics
  - Basic Introduction to Android Reverse Engineering
  - Android Key Code Location
  - Android Simple Static Analysis
    Android Simple Static Analysis
    
    Static Analysis Java Layer Examples
    
    Static Analysis of Native Layer Programs
    
    Comprehensive Static Analysis Challenges
  - Android Simple Dynamic Analysis
    Android Simple Dynamic Analysis
    
    Android Dynamic Debugging
    
    IDA Dynamic Debugging of Native Layer Programs
ICS
ICS
Blockchain
Blockchain
- Blockchain Security Overview
- Ethereum Security
  Ethereum Security
  - Ethereum Overview
  - Ethereum Basics
  - Function Selector and Argument Encoding
  - Ethereum Storage
  - Ethereum Opcodes
  - Known Attacks
    Known Attacks
    
    Introduction
    
    Re-Entrancy
    
    Integer Overflow and Underflow
    
    Randomness
    
    Airdrop Hunting
    
    Short Address Attack
    
    Delegatecall
    
    Uninitialized Storage Pointer
    
    Arbitrary Writing
    
    CREATE2
    
    Jump Oriented Programming
  - Smart Contract Reverse
  - Learning Resources
- Public Blockchain Security
  Public Blockchain Security
  - Public Blockchain Security Overview
  - Blockchain Weaknesses
- Blockchain Security Challenges

SHA1¶

Basic Description¶

The input and output of SHA1 are as follows:

Input: A message of arbitrary length, divided into 512-bit blocks. First, a bit 1 is appended to the right of the message, then several 0 bits are appended until the bit length of the message satisfies the condition of being congruent to 448 modulo 512.
Output: A 160-bit message digest.

For a detailed introduction, please search on your own.

Generally, we can determine whether a function is a SHA1 function by its initialization. If a function has the following five initialization variables, we can guess that it is a SHA1 function, as these are the initialization IVs of the SHA1 function.

0x67452301
0xEFCDAB89
0x98BADCFE
0x10325476
0xC3D2E1F0

The first four are similar to MD5, and the last one is newly added.

Cracking¶

As of now, SHA1 is no longer secure, because Google previously published two PDFs with the same SHA1 value. For details, please refer to shattered.

There is also an interesting website here: https://alf.nu/SHA1.

2017 SECCON SHA1 is dead¶

The challenge description is as follows:

file1 != file2
SHA1(file1) == SHA1(file2)
SHA256(file1) <> SHA256(file2)
2017KiB < sizeof(file1) < 2018KiB
2017KiB < sizeof(file2) < 2018KiB

Where 1KiB = 1024 bytes

We need to find two files satisfying the above constraints.

This immediately brings to mind the documents Google previously published. Moreover, very importantly, as long as the given first 320 bytes are used, appending the same bytes afterwards will still produce the same hash. Here we test as follows:

➜  2017_seccon_sha1_is_dead git:(master) dd bs=1 count=320 <shattered-1.pdf| sha1sum
320+0 records in
320+0 records out
320 bytes copied, 0.00796817 s, 40.2 kB/s
f92d74e3874587aaf443d1db961d4e26dde13e9c  -
➜  2017_seccon_sha1_is_dead git:(master) dd bs=1 count=320 <shattered-2.pdf| sha1sum
320+0 records in
320+0 records out
320 bytes copied, 0.00397215 s, 80.6 kB/s
f92d74e3874587aaf443d1db961d4e26dde13e9c  -

Then we can directly write the program as follows:

from hashlib import sha1
from hashlib import sha256

pdf1 = open('./shattered-1.pdf').read(320)
pdf2 = open('./shattered-2.pdf').read(320)
pdf1 = pdf1.ljust(2017 * 1024 + 1 - 320, "\00")  #padding pdf to 2017Kib + 1
pdf2 = pdf2.ljust(2017 * 1024 + 1 - 320, "\00")
open("upload1", "w").write(pdf1)
open("upload2", "w").write(pdf2)

print sha1(pdf1).hexdigest()
print sha1(pdf2).hexdigest()
print sha256(pdf1).hexdigest()
print sha256(pdf2).hexdigest()

References¶

https://www.slideshare.net/herumi/googlesha1