ctf-exploit-template

A tool to create files with some basic exploit template. Basically, this is simply a way to quickly get a exploit script to work with.

This will most likely be updated later on.

Table of content:

• Install
• Resources
  • Python librairies
  • Miscellaneous
• Exploits Template
  • Simple process
  • SSH
  • HTTP
• TODO

Install:

The templates are available in /exploit-templates if you wish to download them manually.

Otherwise you can install and use the tool ctf-exploit-template (can also be called with cet) that you can download with:

curl -fsSL https://raw.githubusercontent.com/JoyousOne/ctf-template-exploit/main/install.sh | $SHELL

(You may need to open another terminal to see the change take effect)

Currently supported shells:

(I am too lazy to do more)

• bash
• zsh
• tcsh
• csh
• fish

Resources:

When a script is using something more specific link will be added to it.

Python librairies:

• pwntools

• requests

Installation:

pip install requests pwntools

Miscellaneous:

• HackTricks
• ExploitNotes

Exploits Template:

Simple Process

To interact with simple process remotely or locally.

The template: Simple process

usage examples:

cet process                         Create a file 'exploit_process.py' with the process template
cet process -o wizardly_exploit.py  Create a file 'wizardly_exploit.py' with the process template
cet p       -o wizardly_exploit.py  Create a file 'wizardly_exploit.py' with the process template
cet P       -o wizardly_exploit.py  Create a file 'wizardly_exploit.py' with the process template

SSH

Exploit template that interacts within an ssh connection.

The template: SSH

additional resources: pwntools-ssh

usage examples:

cet ssh                             Create a file 'exploit_ssh.py' with the ssh template
cet ssh -o funky_exploit.py         Create a file 'funky.py' with the ssh template
cet s   -o funky_exploit.py         Create a file 'funky.py' with the ssh template
cet SSH -o funky_exploit.py         Create a file 'funky.py' with the ssh template

HTTP

Exploit template that uses HTTP/1.1 requests (GET, POST, PUT, DELETE, PATCH, etc.). Note that it can be useful to get the content of a website in order to interact with its content.

The template: HTTP

additional resources: HackTricks-requests

usage examples

  cet http                            Create a file 'exploit_http.py' with the http template
  cet http -o banana.py               Create a file 'banana.py' with the http template
  cet h    -o banana.py               Create a file 'banana.py' with the http template
  cet H    -o banana.py               Create a file 'banana.py' with the http template
  cet HTTP -o banana.py               Create a file 'banana.py' with the http template

Jailbreaker

jailbreaker for bash env

Jailbreaker template for an environment in a given bash shell.

Related resources:

• escaping-from-limited-bash
• bypass-bash-restrictions

The template: Jailbreak-Bash

usage example

cet jailbreaker-bash

jailbreaker for python env (TODO)

good ressources:

• python-jails-escape
• bypass-python-sandboxes
• My personal favorite pyjail-cheatsheet

The template: Jailbreak-Python

usage example

cet jailbreaker-python

TODO:

• Add gdb options

• Add shellcode/shellcraft option

• Add this pretty good resource https://gist.github.com/zeroone-kr/6c13381e945ce2dcfe9760dafafdf3e9

• add back to top option, parce qu'on est fancy comme ça

• add update option to update script