Capture the Flag (CTF)

Methodology for Capture the Flag (CTF) challenges.

Online CTF Platforms

Beginner friendly

Intermediate and advanced

CTF Events

CTF Tricks

Read the rules!

There is often an obvious flag hidden in the rules of the CTF. Always read them 😉

Reverse engineering

Easy flags… always try this first…

strings "filetocrack" | grep -i FLAG

Search in a file’s meta data

exiftool filename

Trace system calls

The flag can be hidden in the strace command output.

strace ./filename

Try ROT13

Use CyberChef with ROT13 recipe on a string that looks like the flag format. Adjust the amount (default=13) if needed to get the flag.

Pwn

Tools: ghidra (disassembler)

Check the security properties that were built into a binary when it was compiled.

sudo apt install checksec
checksec --file=<filename>

The application seems vulnerable to a buffer overflow (stack based) when:

  • NX is disabled: we can execute code on the stack
  • canary is disabled: we can have a possible Buffer Overflow

Steganography

Web

  • When code is provided, read the code for any obvious vulnerability (often injections). Use a SAST scanner when possible.
  • Use normal steps from Web Application security testing. Check <URL>/robots.txt file.

CTF Trivia

Common movies / books used for questions (Northsec 2020)

Hackers (1995) movie script

1) The Cuckoo's egg
2) Johnny Mnemonic/misc William Gibson novels
3) Snowcrash
4) The Hitchhiker's guide to the galaxy
5) Interface
6) Daemon
7) Altered Carbon
8) The Computer Connection
9) Jipi and the paranoid chip
10) Do Android Dream of Electric Sheep?
11) For The Win
12) Snowcrash