Security

Capture the Flag Guide

date
Mar 3, 2023
slug
ctf-guide
author
status
Public
tags
Capture the Flag
Docs
summary
Common commands and things to do for CTF challenges
type
Post
thumbnail
https://cdn.nulab.com/learn-wp/app/uploads/2019/05/14210442/Nulab-Capture-the-Flag-CTF-Challenge-Blog.png
category
Security
updatedAt
Mar 23, 2023 03:29 PM
Capture The Flags, or CTFs, are a kind of computer security competition.
Teams of competitors (or just individuals) are pitted against each other in a test of computer security skill.
 
Install Kali Linux on a VM of your choice.
Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution
Home of Kali Linux, an Advanced Penetration Testing Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments.
Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution
https://www.kali.org/
Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution
 
Can also use my fun little side project that automates some commands listed below
OzymandiasThe2/fastapi-ctf

Cryptography

Possible Encodings
  • ASCII
  • BASE64/BASE32
  • UUEncoded
  • Ceasar/ROT Ciphers
  • Subsitution Cipher
    • Frequency analysis

Useful Decrypting Websites/Tools

https://v2.cryptii.com/caesar/text
https://www.dcode.fr/tools-list
https://cryptii.com/
https://gchq.github.io/CyberChef/
 
Anything that's ends with “==” sign is probably in base64
  1. copy line(s)
echo [line] | base64 -d

Reverse Engineering

Things to Do First:
  • Try to run the executable (may not work or may be “dangerous”
If not able:
  • use strace library
sudo apt install strace
strace [file_name]
  • use ltrace library
sudo apt install ltrace
ltrace [file_name]
  • use objdump library
sudo apt install objdump
objdump -d [file_name]
Still no work?

Use GHIDRA

Ghidra
https://ghidra-sre.org/
  1. cd ghidra ./ghidraRun
  1. open project
  1. click dragon icon aka codebrowser
  1. import a file > import CTF file
  1. click dragon again
  1. analyze the file on prompt to look for strings in the file
  1. go to Window > Defined Strings
  1. look/double click for specific string for exe need to look on the right side —> this will refer you to the code that is referencing that string
  1. Click on the decompile pane on the right side to view source code
  1. ???
  1. FLAG (probably)

Steganography

try diff libraries first
  • stegsnow
stegsnow [file_name]
  • steghide (use for bmp, jpeg, wav and au files)
steghide [file_name]
  • strings
strings [file_name]
  • zsteg (use for PNG and BMP files)
zsteg -a [file_name]
zsteg lsb [file_name]
a = will output all info lsb = least significant bit
  • mage analysis if hidden in layers use stegsolve
java -jar stegsolve.jar
  • exiftool for image metadata
exiftool [file_name]