This project has been created as part of the 42 curriculum by tzammar.
The Cybersecurity Piscine is an intensive curriculum at 42 designed to introduce the fundamental concepts of Information Security.
Unlike standard projects, this piscine is divided into multiple sub-projects (often referred to as "days" or "challenges"), each focusing on a specific domain of security. The goal is to develop a "security mindset" learning not just how to build software, but how to break it, analyze it, and protect it.
Topics covered typically include:
- Web Security: SQL injection, XSS, and web spidering.
- Cryptography: Implementation of One-Time Passwords (OTP) and ransomware simulation.
- Network Security: ARP poisoning, Man-in-the-Middle attacks, and packet analysis.
- Reverse Engineering: Analyzing binaries to understand their behavior.
- System Security: Permissions, buffering overflows, and malware behavior.
- Languages: primarily Python, C, and Bash.
- Tools:
gcc/makegdb- Python 3 (+
pip) - Linux Virtual Machines
Since this repository contains multiple independent projects, navigate to the specific directory for the exercise you wish to run.
Example (for Python-based scripts):
cd Arachnida
python3 ./spider.py http://target-site.comThis repository contains solutions for the following challenges:
1. Arachnida (Web & Forensics) * spider: A program to extract images from a website recursively. * scorpion: A tool to parse and analyze EXIF metadata from image files. * scorpion_gui: scorpion but using a graphical user interface.
2. ft_otp (Cryptography) Implementation of a TOTP (Time-based One-Time Password) system, compliant with RFC 6238. securely storing keys and generating ephemeral 6-digit codes.
3. ft_onion (Web) Exploration of the Tor network. Configuring a hidden service to allow SSH access via an .onion address, ensuring anonymity and secure remote access.
4. Reverse me (Reverse Engineering) A series of challenges involving binary analysis. The goal is to reverse engineer provided executables to find hidden flags or understand the underlying password logic without having the source code.
5. Stockholm (Malware) A ransomware simulation program that encrypts files in a specific directory using AES encryption and appends a .ft extension, effectively demonstrating how file-locking malware operates (and how to reverse it).
6. Inquisitor (Network) A demonstration of ARP Spoofing/Poisoning to intercept traffic between two targets on a local network.
7. Vaccine (SQL Injection) Status: In Progress A utility to detect and exploit SQL injection vulnerabilities in a target URL.
- OWASP Top 10: The standard awareness document for developers and web application security.
- RFC 6238: TOTP: Time-Based One-Time Password Algorithm.
- Scapy Documentation: Powerful interactive packet manipulation program for Python.
- GDB (GNU Project Debugger): Step by Step Introduction from GeeksForGeeks.