Attempt to grind out the 100 offsec project challenges, conceptualized by github user, @kurogai, at his repo [https://github.com/kurogai/100-redteam-projects]
Level 1 | Basic | Exemple |
---|---|---|
[0] | TCP or UDP server just to receive messages | ✔️ |
[1] | TCP chat server | ✔️ |
[2] | UDP chat server | ✔️ |
[3] | Multi-threaded UDP or TCP chat server | ✔️ |
[4] | Server for file transfers | ✔️ |
[5] | Caesar Cipher tool | ✔️ |
[6] | TCP chat server -> The messages should be encoded with Caesar Cipher | ✔️ |
[7] | ROT13 Cipher | ✔️ |
[8] | UDP Chat server -> The messages should be encoded with ROT13 Cipher | ✔️ |
[9] | Remote command execution | ✔️ |
[10] | Recreate the Netcat tool | ✔️ |
Level 2 | Essential | Exemple |
---|---|---|
[11] | Simple port scanner | ✔️ |
[12] | Port scanner with OS fingerprint using TTL (Time To Live) | ✔️ |
[13] | Port scanner with port footprint (HTTP? DNS? FTP? IRC?) | ✔️ |
[14] | Simple Web Directory brute-forcer (Threaded) | ✔️ |
[15] | Recursive Web Directory brute-forcer (Threaded peer recursion) | ✔️ |
[16] | Web Login bruteforce tool | ✔️ |
[17] | FTP Login bruteforce tool | ✔️ |
[18] | SSH Login bruteforce tool | ✔️ |
[19] | FTP User footprint | ✔️ |
[20] | MYSQL User footprint | ✔️ |
[21] | Simple Google Bot for web scan | ✔️ |
[22] | Auto website comment bot | ✔️ |
[23] | Auto website message bot | ✔️ |
[24] | Web-scrapping using Regex | ✔️ |
[25] | Bot to collect information about someone using Google / Bing / Yahoo! | ✔️ |
[26] | Simple SQLi tester | ✔️ |
[27] | Simple XSS tester | ✔️ |
[28] | Simple Wordpress brute-forcer | ✔️ |
[29] | SQLi database retriever | ✔️ |
[30] | Spam creator | ✔️ |
Level 3 | Advanced Network Attacks | Exemple |
---|---|---|
[31] | Payload for reverse shell | ✔️ |
[32] | Payload to capture screenshots | ✔️ |
[33] | Implement a Botnet | ❌ |
[34] | Passive web scanner | ✔️ |
[35] | ARP poisoning tool | ✔️ |
[36] | Application that creates random shortcuts on screen | ✔️ |
[37] | Application to encrypt a file | ✔️ |
[38] | Develop a Ransomware application | ✔️ |
[39] | Spam Email sender | ✔️ |
[40] | HTTP server for phishing | ✔️ |
[41] | Honeypot creator | ✔️ |
[42] | Application that connects to the Tor Network | ✔️ |
[43] | IRC Server | ✔️ |
[44] | Packet Capture tool | ✔️ |
Level 4 | Data analysis, payloads and more networking | Exemple |
---|---|---|
[45] | Packet Data analysis | ✔️ |
[46] | Packet image analysis with OpenCV | ✔️ |
[47] | Develop a hexdump tool | ✔️ |
[48] | Payload that moves the mouse cursor | ✔️ |
[49] | Vigenère Cipher | ✔️ |
[50] | Payload that starts automatically using Windows Regedit | ✔️ |
[51] | Payload that starts as a daemon | ✔️ |
[52] | Payload that retrieves browser information | ✔️ |
[53] | Link generator | ✔️ |
[54] | ASCII Name generator | ✔️ |
[55] | Full chat server with private messages, file and image transfer | ✔️ |
[56] | Simple firewall | ✔️ |
[57] | Gateway | ✔️ |
[58] | Powershell payload generator | ✔️ |
[59] | Bash payload generator | ✔️ |
[60] | Subdomain enumerator | ✔️ |
[61] | DNS Enumerator | ✔️ |
[62] | Your own interpreter | nah, this crazy, the tutorials go up to part 23 for the most basic ones. smh |
[63] | Develop a Worm | ✔️ |
[64] | Server for DDOS | ✔️ |
[65] | Implement an IP Tracker | ✔️ |
[66] | BurpSuite extender | ❌ |
[67] | Develop a Trojan | ✔️ (Will not post, as it is currently FUDAF and stack with layers of encryption so deep it wouldn't be valuable) |
[68] | Man In The Browser tool (kind of) | ✔️ |
[69] | Process monitor (Windows and Linux) | ✔️✔️ |
[70] | Windows token privilege escalation tool | ❌ |
Level 5 | Cryptography, Reverse Engineering and Post exploitation | Exemple |
---|---|---|
[71] | Develop a code injection tool | ✔️ |
[72] | Develop a Worm with auto replication over email | ✔️ |
[73] | Simple Disassembler | ✔️ |
[74] | Server for DDoS with multi-staged operations and multi-threaded handling of clients | ❌ |
[75] | Password hash cracker | ✔️ |
[76] | Direct code injection exploit | CVE-2023-3275 Discovered by me (@scumdestroy) 👑🐜🐞🪰 |
[77] | Android daemon payload | ❌ |
[78] | Browser exploitation tool | ❌ |
[79] | Simple tool for Reverse Engineering | ✔️ |
[80] | Script for OS enumeration (after shell) | ✔️ ✔️ |
[81] | RSA Payload generator | ✔️ |
[82] | Handshake capture | ✔️ |
[83] | Wifi monitor | ✔️ |
[84] | Buffer Overflow exploit | ✔️ |
[85] | Stack Overflow exploit | ❌ |
[86] | Banner exploit | ✔️ |
[87] | ISS Exploit | ✔️ |
[88] | Wifi de-authentication attack (DoS) tool | ✔️ |
[89] | Badchar detector | ✔️ |
[90] | Firewall detector | ✔️ |
[91] | Exploitation Framework | ✔️ 🔥 https://github.com/scumdestroy/ArsonAssistant 🔥 |
[92] | Botnet with SSH C&C and automatic server backup to prevent loss of control | ❌ |
[93] | Windows enumeration tool | ✔️ |
[94] | Application information gathering (after shell) | ✔️ |
[95] | Recreate TCPDUMP | ✔️ |
[96] | Bluetooth exploit | ✔️ |
[97] | Windows Blue Screen Exploit | ✔️ |
[98] | Encoded exploit | ✔️ (double kill, the AV bypassing payload mentioned in the line below is encoded and armed with other tricks too) |
[99] | Antivirus evasion application | ✔️ (complete, but won't post here, as it would soon fail to evade any AV) |
[100] | Your own metasploit module | ✔️ (a couple exist in my repo, "Pentester scripts for dangerous boys") |