Show Menu

Capture the Flag Cheatsheet Cheat Sheet by

Generic Description.

Common Terms

IP address
a numerical label that identifies a computer on computer networks
a number associated to a network protocol that receives or transmits commun­ication for a specific service
CTF - Capture the Flag
an inform­ation security compet­ition that tests cybers­ecurity skills
process of system­ati­cally probing a target for inform­ation
Kali Linux
a linux distri­bution pre-built with security tools
a CLI (Command Line Interface) to interact with programs in the computer
Example: 192.16­8.1.1:22
- IP address: 192.16­8.1.1
- Port: 22

Common Security Tools

a utility for network discovery and security auditing
a password cracking utility
a utility to discover website direct­ories that might exist
a scanning utility to gain inform­ation about a wordpress website
a brute force utility
a network commun­ication protocol that enables two computers to commun­icate
Netcat is utility tool that uses that reads and writes to a network.

Helpful Command Line Tools

lists files
shows the contents of a file
finds files that match a pattern
displays the current folder's path
shows docume­ntation for a command
To look at the manual for the ls command, type: "man ls" without the quotes and hit enter. You can scroll with the arrow keys. Search for a word by typing "­/wo­rd" without the quotes and hit enter. Exit a man document by typing "­q"; make sure you are not in search mode.

Quick NMAP Commands

Example Commands
Descri­ption of Command
nmap -p-
Attempt to find all the open ports for the target IP address.
nmap -sV -p80,443
Tries to find the service version of the software running on ports 80 and 443 for the target IP address.
nmap -A
Runs an aggressive scan that attempts to discover the Operating System, service version, tracer­outes, and popular scripts against the target IP address.
nmap -sS
Runs a stealth Syn Scan on the target IP address. is an example IP address. Replace with the one in your CTF.

Helpful WPScan Commands

wpscan --url
Starts a basic scan against the computer at IP Address
wpscan --url --enum­erate ap
Runs a wordpress scan against
and attempts to enumerate all plugins
wpscan --url --enum­erate u
Runs a wordpress scan against
and attempts to enumerate usernames
wpscan --url --user­names admin --pass­words passwo­rds.txt
Attempts to identify the password for the user admin on
using the password file

Helpful Commands

nc -nlvp 1234
Starts a netcat listener on your computer's port 1234. Netcat will listen and respond to traffic directed at this port. Useful for a exploiting a vulner­abi­lity.
python -c 'import pty; pty spawn(­"­/bi­n/b­ash­")'
Reverse Shells can be unstable. This command attempts to stabalize any reverse shells with python.
find / -iname "*flag*"
Searches the computer starting from the root (/) directory for files that match the pattern:
cat /home/­kal­i/.s­sh­/config
Displays the contents of the file
from the folder path `/home­/ka­li/.ssh/
ssh admin@
Attempts a ssh connection to the computer at IP Address
on port
with the username

Popular File and Direct­ories

The home folder for the user
System Config­uration Files
A temporary filespace
The root user home folder
log files
A common Wordlist Directorey
A popular puplic collection of common security wordlists
A wordlist that contains a collection of 1050 popular passwords.


No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets