Connecting to Challenges

Netcat

Netcat addresses can be recognised by the 'nc' command and should contain both a host address and a port number. Something like ::

nc some-address.host 1337

On Linux distributions the above can be ran directly from the terminal to engage manually with the challenge code. In order for it to work, make sure Netcat is installed following the instructions appropriate to your used Linux distribution. However, using Python's Pwntools package, we can interact with the address through Python. This allows us to fully automate our interactions, which is incredibly useful.

# Non-native imports
import pwn   # pip install pwntools

hostAddress = 'some-address.host'
hostPort    = 1337

s = pwn.connect(hostAddress, hostPort)

For more information on how to work with the pwntools library, check out CTF Basics :: How-to Pwntools.

Snicat

Snicat addresses are a feature of the CTFd PRO infrastructure and can be recognised by the 'sc' commmand, followed by just a host address. Something like ::

sc some-address.host

In order to work with Snicat from the terminal, it must be installed according to the instruction on the Snicat GitHub. The available apt-get package with an identical name is unrelated to the 'snicat' we want to use, so no need to install that. We can run a proxy in terminal by binding the address to some local port.

./sc -bind 5000 some-address.host

Now we can use netcat in another terminal to connect to it ::

nc localhost 5000

Alternatively, you can use the Pwntools library to directly connect to snicat addresses without the need to install Snicat itself, after which you can interact with it as you would otherwise. Note that CTFd configures the host port to 443 by default, so if your CTF host uses a different port you should change it accordingly.

# Non-native imports
import pwn   # pip install pwntools

hostAddress = 'some-address.host'

s = pwn.connect(hostAddress, 443, ssl=True, sni=hostAddress)

For more information on how to work with the Pwntools library, check out CTF Basics :: How-to Pwntools.

HTTP

https://some-challenge-address.com/

As you might expect, the above web address can be inspected and interacted with simply through any browser you might have. However, in many cases it might be helpful to automate the process of interacting with the web-address using a Python script. Luckily for us, the popular 'requests' library allows us to do just that.

# Non-native imports
import requests   # pip install requests

webAddress = 'https://some-challenge-address.com/'

s = requests.get(webAddress)

For more information on how to work with the requests library, check out CTF Basics :: How-to Requests.

Process

If the challenge files are available for download, it should be relatively easy to run it locally in most cases. Just make sure to replace any file/module calls with some dummy data if possible. The Pwntools library provides a function called 'process' wich we can use to run any binary or Python script and interact with it in the same way as we would otherwise.

For binaries ::

# Non-native imports
import pwn   # pip install pwntools

filePath = './some_binary'

s = pwn.process(filePath)

For Python scripts ::

# Non-native imports
import pwn   # pip install pwntools

filePath = './Challenge/chall.py'
fileType = 'python3'

s = pwn.process([fileType, filePath])

For Python scripts that include Sage calls it might be necessary to change the 'fileType' to 'sage --python' if your default Python does not recognise the 'sage.all' module.

For more information on how to work with the Pwntools library, check out CTF Basics :: How-to Pwntools.

CTF Basics

1/1

Table of Contents

About Us/Privacy Policy/Contact Us

This site is still in its beta phase!