Methodology for Capture the Flag (CTF) challenges.
Online CTF Platforms
Beginner friendly
- Root-me
- WebSecurityAcademy (PortSwigger)
- SANS Holiday Hack Challenge
- Mossé Cyber Security Institute
- TryHackMe
Intermediate and advanced
- Hack the Box – connect using OpenVPN: openvpn htb.ovpn
- VulnHub – Vulnerable by Design, vulnerable virtual machines
- Ringzer0
- CTF Telco SS7
CTF Events
- CTF Time
- HackFest 2017
- https://github.com/Corb3nik/Hackfest2017-Challenges
- https://hackfesttraining.slack.com/
CTF Tricks
Read the rules!
There is often an obvious flag hidden in the rules of the CTF. Always read them 😉
Reverse engineering
Easy flags… always try this first…
strings "filetocrack" | grep -i FLAGSearch in a file’s meta data
exiftool filenameTrace system calls
The flag can be hidden in the strace command output.
strace ./filenameTry ROT13
Use CyberChef with ROT13 recipe on a string that looks like the flag format. Adjust the amount (default=13) if needed to get the flag.
Pwn
Tools: ghidra (disassembler)
Check the security properties that were built into a binary when it was compiled.
sudo apt install checksecchecksec --file=<filename>The application seems vulnerable to a buffer overflow (stack based) when:
- NX is disabled: we can execute code on the stack
- canary is disabled: we can have a possible Buffer Overflow
Steganography
See Steganography.
Web
- When code is provided, read the code for any obvious vulnerability (often injections). Use a SAST scanner when possible.
- Use normal steps from Web Application security testing. Check <URL>/robots.txt file.
CTF Trivia
Common movies / books used for questions (Northsec 2020)
1) The Cuckoo's egg
2) Johnny Mnemonic/misc William Gibson novels
3) Snowcrash
4) The Hitchhiker's guide to the galaxy
5) Interface
6) Daemon
7) Altered Carbon
8) The Computer Connection
9) Jipi and the paranoid chip
10) Do Android Dream of Electric Sheep?
11) For The Win
12) Snowcrash