Skip to content

Instantly share code, notes, and snippets.

@masterT

masterT/challenge-template.md

Last active June 10, 2017 04:16
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save masterT/63955f21c8624780d074e42cc0edafd3 to your computer and use it in GitHub Desktop.
Save masterT/63955f21c8624780d074e42cc0edafd3 to your computer and use it in GitHub Desktop.
Download ZIP
CTF Tactics
Raw
challenge-template.md

Challenge {name}

{url}

{description}

Backend

  • Server: {server, version}
  • Language: {language, version}

Site map

  • {url} ({methods, directory listing?})
  • ...

Interesting Headers

  • {name}: {value}
  • ...
Raw
tactics.md

CTF Tactics checklist

From https://github.com/Corb3nik/Web-Exploitation-Workflow

Recon

  • server/language/backend?
    • test extensions (php, html, cgi, etc.)
    • test page not found
    • check HTTP request headers
  • Understand how the application works
  • Testing for common files/folders
    • /.htaccess (Apache server dir-level config)
    • /robots.txt
    • /.git/HEAD (Git repository)
    • /.svn/ (Subversion repository)
    • /.hg/ (Mercurial repository)
    • /admin
    • /login
    • ...
  • Checking source files
    • HTML
    • JS
    • CSS
  • Checking requests headers
  • Directory listing
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment