CTF Cheat Sheet

This is a small cheat sheet I was going to use in a CTF event during my stay at Hurb.

Check page source: Inspect the page source for commented-out credentials, file paths, hidden inputs, or any other information that might be useful.

Manipulate URLs and page source: Utilize the browser console to manipulate the URL parameters, input fields, or JavaScript functions to uncover hidden information or exploit vulnerabilities.

Explore common website files: Look for files like robots.txt or sitemap.xml, as they may contain valuable clues or hidden paths.

Use parsing tools: When dealing with encoded or binary data, employ parsing tools like codebeautify.org for quick conversions between different formats.

Useful links

codebeautify.org: A general-purpose conversion website that supports various formats such as base64, binary, ROT13, hex, and more.
maildrop.cc: A service for generating temporary or “burner” email addresses quickly. Useful for CTF challenges that require email verification.
hashcat.net: Hashcat’s official wiki with a wealth of information on password cracking techniques and tutorials.
unix-ninja.com: A cheat sheet specifically focused on password cracking, providing valuable tips and techniques.
RockYou2021.txt: A popular wordlist commonly used for password cracking.
mayfrost/guides: A comprehensive list of alternatives to common bloatware software, including sections on pentesting and security tools.
osintbrazuca/osint-brazuca: A curated list of OSINT (Open Source Intelligence) tools specifically focused on the Brazilian context.

Hashcat: An advanced password recovery tool that supports various hashing algorithms and attack modes.
OWASP ZAP: An automated vulnerability scanner designed to identify security flaws in web applications.

Here are some other assorted links I used as sources:

zacheller.dev: A website providing solutions and explanations for DefendTheWeb (DTW) introductory challenges.

Written by