XploitBase
Practical CTF tools that actually work. No fluff.
Quick Encode/Decode
CTF Tools
Hash Identifier
JWT Decoder
Number Converter
Caesar Brute Force
XOR Cipher
Text ↔ Binary/Hex
String Analyzer
Flag Decoder
ASCII Lookup
Payload Generators
Reverse Shell Generator
XSS Payloads
SQLi Payloads
Wordlist Generator
Common Paths
Quick Reference
Common Ports
21 FTP 80 HTTP 22 SSH 443 HTTPS 23 Telnet 445 SMB 25 SMTP 3306 MySQL 53 DNS 3389 RDP 139 NetBIOS 5432 PostgreSQL 111 RPC 27017 MongoDB
File Signatures (Magic Bytes)
PNG: 89 50 4E 47 0D 0A 1A 0A JPG: FF D8 FF E0/E1 GIF: 47 49 46 38 39/37 61 PDF: 25 50 44 46 2D ZIP: 50 4B 03 04 RAR: 52 61 72 21 1A 07 ELF: 7F 45 4C 46 EXE: 4D 5A
Hash Lengths
MD5: 32 hex / 128 bit SHA1: 40 hex / 160 bit SHA256: 64 hex / 256 bit SHA512: 128 hex / 512 bit NTLM: 32 hex / 128 bit bcrypt: 60 chars ($2a$...) MySQL5: 41 chars (*...)
Linux Privesc Checks
sudo -l find / -perm -4000 2>/dev/null cat /etc/crontab ls -la /etc/passwd getcap -r / 2>/dev/null cat /etc/sudoers ps aux | grep root env | grep -i pass
Useful Nmap Commands
nmap -sC -sV -oN scan IP nmap -p- --min-rate 5000 IP nmap -sU --top-ports 100 IP nmap --script vuln IP nmap -sV --script=banner IP nmap -Pn -sS -F IP
Common LFI/Path Traversal
/etc/passwd /etc/shadow /var/log/apache2/access.log /proc/self/environ ....//....//etc/passwd ..%252f..%252fetc/passwd /etc/nginx/nginx.conf
Useful One-Liners
# Find SUID binaries
find / -perm -u=s 2>/dev/null
# Spawn TTY
python3 -c 'import pty;pty.spawn("/bin/bash")'
# Stabilize shell
stty raw -echo; fg
Common Encodings
Base64: A-Za-z0-9+/= Base32: A-Z2-7= Hex: 0-9a-f URL: %XX HTML: &#XX; or &name;
Flag Formats
CTF{...} flag{...}
HTB{...} THM{...}
picoCTF{...}
FLAG{...} Flag{...}
[A-Za-z]+\{[^}]+\}