OverTheWire is a set of wargames that teach various security concepts. I’ve collected a few notes from each of the games I’ve completed here.
file guesses file types based on the content of the file:
$ file test.py test.py: Python script text executable, ASCII text $ file ./cProgram cProgram: Mach-O 64-bit executable x86_64
find can take
tr can rot13 if you can remember that
M is the 13th letter of the
tr A-Za-z N-ZA-Mn-za-m.
nmap has lots of options, but usually I just want to scan a range of
nmap -p 31000-32000 example.com.
nc is great for passing things around in an open network.
nc -l 1234 to
nc example.com 1234 to connect.
openssl can open a TLS connection:
openssl s_client -connect example.com:443.
ltrace shows the library calls made by a program.
strace are for system calls.
gdb with TUI is good too.
Check common locations like robots.txt and try going up one level from known URLs.
mitmproxy is great for browsing while transparently modifying headers
(e.g. re-writing the Referer header to make it appear as though every page you
visit on a website is the first page you are visiting).
Sanitize your input. Better, use a library to sanitize it for your specific case (e.g. to use in a SQL query).