CTF全栈指南（入门篇）.pdf_ctf

CTF

网络安全

3星 · 超过75%的资源需积分: 50 15 浏览量更新于2023-05-14 评论 7 收藏 40.43MB PDF 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

资源详情

资源评论

资源推荐

1
CTF全栈指南-作者：万事屋小贱
CTF全栈指南-作者：万事屋小贱 ......................................................................................1
misc ......................................................................................................................................9
网络通信 .......................................................................................................................10
TCP/IP.........................................................................................................................10
OSI七层模型与TCP/IP模型 .......................................................................................10
IPv4及子网掩码 ........................................................................................................10
pwn ....................................................................................................................................10
学习资源 .......................................................................................................................11
基础知识 .......................................................................................................................11
Linux管道“|”..............................................................................................................12
命令行参数 ...............................................................................................................12
环境变量参数 ...........................................................................................................12
objdump使用.............................................................................................................13
函数指针 ...................................................................................................................13
函数调用约定 ...........................................................................................................13
AT＆T与Inter汇编区别 .............................................................................................14
__builtin_return_address函数 ..................................................................................16
理解多层跳转 ...........................................................................................................16
strdup函数.................................................................................................................16
grep命令 ....................................................................................................................16
checksec脚本.............................................................................................................17
栈帧 ...........................................................................................................................17
NX选项.......................................................................................................................17
GOT和PLT...................................................................................................................18
信息泄露的实现 .......................................................................................................18
libc.so.6文件的作用 ..................................................................................................18
gdb .............................................................................................................................19
结合使用(信息泄露的实现, libc.so.6文件的作用)..................................................22
linux攻击........................................................................................................................22
基本linux攻击............................................................................................................22
高级linux攻击............................................................................................................26
常见漏洞 .......................................................................................................................26
缓冲区漏洞 ...............................................................................................................26
整数溢出 ...................................................................................................................34
格式化字符串漏洞 ...................................................................................................34
释放后使用 ...............................................................................................................35

2
逻辑漏洞 ...................................................................................................................35
shellcode ........................................................................................................................35
shellcode的加载与调试............................................................................................36
编码与解码 ...............................................................................................................37
用metasploit开发shellcode.......................................................................................38
Exploit漏洞利用 ............................................................................................................38
基本步骤 ...................................................................................................................38
用metasploit开发Exploit...........................................................................................39
逆向技巧 .......................................................................................................................39
关键数据结构分析 ...................................................................................................39
控制流分析 ...............................................................................................................40
数据流分析 ...............................................................................................................40
web ....................................................................................................................................41
ASCII码表 .......................................................................................................................41
HTML实体符号表..........................................................................................................41
通用知识 .......................................................................................................................41
前端基础 ...................................................................................................................42
伪造ip ........................................................................................................................52
用户登录 ...................................................................................................................53
验证码绕过 ...............................................................................................................53
浏览器的同源策略 ...................................................................................................54
信息收集 .......................................................................................................................56
全面扫描 ...................................................................................................................56
踩点网站 ...................................................................................................................57
获得网站真实ip ........................................................................................................57
收集二级域名 ...........................................................................................................58
扫路径 .......................................................................................................................58
DNS ............................................................................................................................59
whois..........................................................................................................................59
nmap ..........................................................................................................................59
cms扫描.....................................................................................................................59
robots.txt审计有用信息 ...........................................................................................59
扫描包含漏洞 ...........................................................................................................59
sql注入...........................................................................................................................60
1 挖掘经验 ................................................................................................................61
2 寻找注入点 ............................................................................................................62
3 绕过方法 ................................................................................................................63
4 判断类型 ................................................................................................................64
5 注入格式 ................................................................................................................65

3
6 cheat-sheet .............................................................................................................67
7 十种MySQL报错注入 .............................................................................................68
8 MSSQL注入.............................................................................................................70
9 SQLite注入..............................................................................................................70
10 PostgreSQL注入....................................................................................................70
11 常用参数 ..............................................................................................................71
12 理论基础 ..............................................................................................................73
13 手动注入详解 ......................................................................................................73
14 sqlmap...................................................................................................................73
15 读书笔记 ..............................................................................................................73
xss ..................................................................................................................................73
xss笔记 ......................................................................................................................73
XSS平台......................................................................................................................73
xss payload.................................................................................................................74
测试过滤了那些符号 ...............................................................................................82
cheatsheet .................................................................................................................82
构造思路 ...................................................................................................................83
那些年一起学xss模型 ..............................................................................................94
CSRF ...............................................................................................................................99
原理 ...........................................................................................................................99
检测 .........................................................................................................................100
点击劫持clickjacking ...................................................................................................101
图片覆盖 .................................................................................................................102
拖拽劫持 .................................................................................................................103
代码审计 .....................................................................................................................103
gbxxxx 系列的编码有宽字节漏洞..........................................................................103
mysql日志监控........................................................................................................103
seay代码审计系统 ..................................................................................................104
环境搭建 .................................................................................................................104
通用思路 .................................................................................................................104
PHP核心配置...........................................................................................................106
各种漏洞 .................................................................................................................109
PHP函数漏洞及逻辑漏洞.......................................................................................129
代码审计小技巧 .....................................................................................................139
数据库 .........................................................................................................................142
mysql........................................................................................................................142
密码学 .............................................................................................................................166
常用密码知识 .............................................................................................................166
md5和base64区别 ..................................................................................................166

4
凯撒密码 .................................................................................................................166
MD5原理 .................................................................................................................167
维吉尼亚密码 .........................................................................................................167
格栅密码 .................................................................................................................168
base64/32 ................................................................................................................168
密码工具 .....................................................................................................................168
jsfuck ........................................................................................................................168
自己写的工具 .........................................................................................................169
超级加密解密 .........................................................................................................169
编码工具 .................................................................................................................169
brainfuck/Ook ..........................................................................................................169
Jscript/VBScript/ASP解码 ........................................................................................169
古典密码 .................................................................................................................169
PYG_TOOL_VER5 .....................................................................................................169
思科密码破解器 .....................................................................................................169
有密码的Access数据库file.mdb .............................................................................169
分类 .............................................................................................................................170
对称密码 .................................................................................................................170
公钥密码 .................................................................................................................172
混合密码系统 .........................................................................................................175
单向散列函数 .........................................................................................................176
证书 .........................................................................................................................183
SSL/TLS .....................................................................................................................184
工具 .................................................................................................................................184
nmap ............................................................................................................................184
netcat ...........................................................................................................................185
metasploit ....................................................................................................................185
更新 .........................................................................................................................185
常用命令 .................................................................................................................185
rc 脚本 .....................................................................................................................186
后渗透 .....................................................................................................................187
各种模块 .................................................................................................................187
开发shellcode ..........................................................................................................188
开发exploit模块 ......................................................................................................189
搜jmp esp等跳板.....................................................................................................189
cobaltstrike ..................................................................................................................189
BEEF .............................................................................................................................191
burpsuite......................................................................................................................191
插件大全 .................................................................................................................191
intruder payloads.....................................................................................................191

5
hydra ............................................................................................................................191
问问题搜索引擎 .........................................................................................................191
ask.com ....................................................................................................................192
stackoverflow.com(荐) ............................................................................................192
git .................................................................................................................................192
工作流程 .................................................................................................................192
git reset --hard回到过去 .........................................................................................194
git reflog 回到未来..................................................................................................194
git checkout对单个文件回到过去 .........................................................................194
git log 查看提交历史 ..............................................................................................194
配置git .....................................................................................................................195
取得项目的git仓库 .................................................................................................196
忽略某些文件 .........................................................................................................196
git rm 移除...............................................................................................................197
git mv 移动 ..............................................................................................................197
git diff 查看没commit的和commit的不同 .............................................................197
git branch 分支 ........................................................................................................197
临时要修改别的分支，当前还没stage.................................................................199
上传github...............................................................................................................199
git reset --hard  HEAD@{xx}(git reset --hard回到过去, git reflog 回到未来).........200
vim ...............................................................................................................................200
Atom ............................................................................................................................201
pycharm .......................................................................................................................201
Inter转换AT&T.............................................................................................................201
api窥测器kerberos_API...............................................................................................201
非比赛技能 .....................................................................................................................202
暗网网址大全 .............................................................................................................202
tor proxychains ............................................................................................................202
shadowsocks服务端....................................................................................................202
钟馗之眼 .....................................................................................................................202
shodan语法 .................................................................................................................202
社工 .............................................................................................................................203
社工思路 .................................................................................................................203
社工裤 .....................................................................................................................203
hijack网络侦探........................................................................................................203
身份证制作 .............................................................................................................203
crazytalk刷脸...........................................................................................................205
定位 .........................................................................................................................205
常用密码猜测 .........................................................................................................205