CTF Guides

A Learning point per CTF Category.

Getting Started with CTF Challenges: A Comprehensive Guide for Beginners

Welcome to the world of Capture The Flag (CTF) challenges! Whether you're completely new to cybersecurity or looking to sharpen your skills, this guide is designed to help you navigate the exciting landscape of CTF competitions. We'll cover the necessary mindset, general tips, and delve into specific categories you might encounter.

Table of Contents


Understanding the CTF Mindset

Before diving into specific challenges, it's crucial to adopt the right mindset:

  1. Curiosity: Always be eager to learn and explore. CTFs are about discovering how things work under the hood.
  2. Persistence: You might not solve every challenge on your first try. Stay persistent and don't get discouraged.
  3. Problem-Solving: Think critically and creatively. Sometimes, the solution requires thinking outside the box.
  4. Research-Oriented: Be prepared to research unfamiliar concepts. Google is your friend!
  5. Collaboration: Don't hesitate to discuss ideas with others. Teamwork can lead to breakthroughs.
  6. Ethical Approach: Always practice ethical hacking and respect the rules of the competition.

Remember, everyone starts somewhere. The key is to keep practicing and learning from each experience.


General Tips and Tools


Challenge Categories

CTF challenges are typically divided into several categories. Let's explore each one:

Web Exploitation

Overview: Web challenges test your ability to find and exploit vulnerabilities in web applications.

Types of Attacks:

  1. Client-Side Attacks: Target the user's browser.

    • Cross-Site Scripting (XSS): Inject malicious scripts into web pages viewed by other users.
    • Cross-Site Request Forgery (CSRF): Tricks a user into performing actions they didn't intend.
  2. Server-Side Attacks: Target the server hosting the application.

    • SQL Injection: Manipulate database queries to access or modify data.
    • Command Injection: Execute arbitrary commands on the server.
    • Directory Traversal: Access files and directories that are not intended to be accessible.

Getting Started:

Tools and Resources:

Helpful Links:


Reverse Engineering

Overview: Reverse engineering challenges involve analyzing a compiled program to understand its functionality or extract hidden information.

Getting Started:

Tips:

Tools and Resources:


Cryptography

Overview: Cryptography challenges involve encrypting or decrypting messages, often requiring you to find weaknesses in the implementation.

Getting Started:

Tips:

Tools and Resources:

Helpful Links:


Pwn (Binary Exploitation)

Overview: Pwn challenges (from "own") involve exploiting vulnerabilities in binaries to execute arbitrary code or alter program behavior.

Getting Started:

Tips:

Tools and Resources:

Helpful Links:


Forensics

Overview: Forensics challenges focus on analyzing data to find hidden information. This could be network captures, memory dumps, images, or files.

Getting Started:

Tips:

Tools and Resources:

Helpful Links:


Additional Resources


Final Thoughts

Embarking on CTF challenges is a rewarding journey that enhances your problem-solving skills and deepens your understanding of cybersecurity. If you want to solve with other people, you can always join us in our Hack N' Chills!

Good luck on your adventure!

CTF Categories

CTF Categories

Web

A Guide to Solving Web Challenges in Capture The Flag (CTF)

Welcome to the dynamic world of Web challenges in Capture The Flag (CTF) competitions! Web challenges test your understanding of web technologies, security vulnerabilities, and your ability to think like an attacker. This guide is designed to help you navigate common web vulnerabilities and develop strategies to tackle these challenges effectively.

Table of Contents


Understanding Web Challenges

Web challenges in CTFs are designed to assess your ability to find and exploit vulnerabilities in web applications. These challenges may involve:

The key to success lies in methodically analyzing the web application and identifying potential weaknesses.


General Approach

  1. Information Gathering:

    • Explore the web application thoroughly.
    • Identify input fields, parameters, and functionality.
  2. Understanding the Application:

    • Determine the technologies used (e.g., PHP, Flask, databases).
    • Look for clues in URLs, form actions, HTTP headers, and cookies.
  3. Testing for Vulnerabilities:

    • Use manual testing techniques to probe for weaknesses.
    • Inject test inputs to observe how the application responds.
  4. Analyzing Responses:

    • Pay attention to error messages, unusual responses, and behavior changes.
    • Collect and interpret any feedback from the server.
  5. Exploiting Vulnerabilities:

    • Develop and refine payloads to exploit identified vulnerabilities.
    • Ensure that your exploits are safe and controlled.
  6. Extracting the Flag:

    • Once exploited, retrieve the hidden information or flag.
    • Document your steps for future reference.

Tools of the Trade

Equip yourself with essential tools for web penetration testing:


Common Web Vulnerabilities

Understanding common vulnerabilities is crucial. Below, we discuss several prevalent ones and how to approach them.

SQL Injection

Understanding SQL Injection

SQL Injection occurs when user input is improperly sanitized, allowing an attacker to execute arbitrary SQL commands. This can lead to unauthorized data access or manipulation.

Techniques and Tips

Cross-Site Scripting (XSS)

Understanding XSS

XSS vulnerabilities allow attackers to inject malicious scripts into web pages viewed by other users. This can lead to session hijacking, defacement, or redirection.

Techniques and Tips

Server-Side Template Injection (SSTI)

Understanding SSTI

SSTI occurs when user input is embedded unsafely in server-side templates, potentially leading to code execution.

Techniques and Tips

File Inclusion Vulnerabilities

Understanding File Inclusion

File inclusion vulnerabilities occur when a web application allows unauthorized inclusion of files, potentially leading to arbitrary code execution.

Techniques and Tips

Cross-Origin Resource Sharing (CORS) Exploits

Understanding CORS Issues

CORS policies control how web applications interact with resources from different origins. Misconfigurations can allow unauthorized cross-origin requests.

Techniques and Tips


Additional Tips and Resources


Final Thoughts

Web challenges require a blend of creativity, technical knowledge, and persistence. They not only test your understanding of web application security but also your problem-solving skills.

Remember, always approach challenges methodically. Start with information gathering, hypothesize, test, and iterate. Pay attention to details, as sometimes minor clues can lead to significant breakthroughs.

Above all, maintain a mindset of continuous learning. The field of web security is vast and ever-changing. Embrace each challenge as an opportunity to expand your expertise and have fun unraveling the intricacies of web vulnerabilities!

CTF Categories

PWN

A Guide to Solving PWN Challenges in Capture The Flag (CTF)

Welcome to the exciting realm of PWN (exploitation) challenges in Capture The Flag (CTF) competitions! PWN challenges test your ability to find and exploit vulnerabilities in binary executables, requiring a blend of programming knowledge, reverse engineering skills, and a deep understanding of system internals.

This guide aims to provide you with a framework to approach PWN challenges effectively, offering insights into common vulnerabilities and techniques used to exploit them.

Table of Contents


Understanding PWN Challenges

PWN challenges typically provide you with a binary executable (and sometimes the source code) running on a server. Your goal is to find vulnerabilities in the program and exploit them to gain unauthorized access, often to read a flag file.

These challenges test your ability to:


General Approach

  1. Gather Information:

    • Identify the binary type (e.g., ELF, PE) and architecture (e.g., x86, x86_64).
    • Determine the operating system and environment.
  2. Analyze Protections:

    • Check what security mechanisms are in place (e.g., ASLR, NX, PIE, Stack Canaries).
  3. Static Analysis:

    • Disassemble and decompile the binary to understand its functionality.
    • Look for dangerous functions (e.g., gets, strcpy).
  4. Dynamic Analysis:

    • Run the binary locally to observe its behavior.
    • Use a debugger to step through execution.
  5. Identify Vulnerabilities:

    • Look for input handling routines that may be exploitable.
    • Test inputs to trigger unexpected behavior.
  6. Develop an Exploit:

    • Craft payloads to exploit the identified vulnerability.
    • Bypass protections as necessary.
  7. Test Locally:

    • Ensure your exploit works on your machine before attempting it on the remote server.
  8. Exploit Remotely:

    • Use network tools to interact with the service running the binary.
    • Retrieve the flag or fulfill the challenge requirements.

Tools of the Trade

Equip yourself with essential tools for binary analysis and exploitation:


Common Vulnerabilities and Exploitation Techniques

Buffer Overflows

Understanding Buffer Overflows

A buffer overflow occurs when a program writes more data to a buffer than it can hold, overwriting adjacent memory. This can overwrite function return addresses on the stack, allowing an attacker to control program execution.

Techniques and Tips

Format String Vulnerabilities

Understanding Format Strings

Format string vulnerabilities occur when user input is used as the format string in functions like printf, leading to unintended behavior, such as reading and writing arbitrary memory.

Techniques and Tips

Return-Oriented Programming (ROP)

Understanding ROP

ROP is an exploitation technique that chains together small sequences of instructions ending with a ret to perform arbitrary operations, bypassing protections like NX and ASLR.

Techniques and Tips

Heap Exploitation

Understanding Heap Vulnerabilities

Heap-based vulnerabilities involve manipulating the memory allocator to achieve arbitrary code execution or data corruption. Common issues include use-after-free, double-free, and buffer overflows on the heap.

Techniques and Tips

Binary Protection Mechanisms

Understanding Protections

Modern binaries often include security features to prevent exploitation:

Bypassing Protections


Additional Tips and Resources


Final Thoughts

PWN challenges are among the most technically demanding in CTFs, requiring a solid grasp of computer architecture, programming, and security concepts. They are also incredibly rewarding, offering deep insights into how systems work at a low level.

Remember to approach each challenge methodically:

Above all, keep learning and stay curious. The field of binary exploitation is vast and continuously evolving. Each challenge conquered enhances your skills and prepares you for the next.

CTF Categories

Crypto

A Guide to Solving Crypto Challenges in Capture The Flag (CTF)

Welcome to the fascinating world of Cryptography challenges in Capture The Flag (CTF) competitions! Crypto challenges test your understanding of cryptographic concepts and your ability to apply them to break or analyze cryptographic systems. This guide is designed to help you navigate common cryptographic challenges involving RSA, AES, classic ciphers, zero-knowledge proofs, and pseudorandom number generators (PRNGs).

Table of Contents


Understanding Crypto Challenges

Crypto challenges require you to apply cryptographic knowledge to:

These challenges test both theoretical knowledge and practical application. They often require creativity and a strong understanding of cryptographic principles.


General Approach

  1. Gather Information:

    • Read the challenge description carefully.
    • Identify the type of cryptography used.
    • Collect any provided ciphertexts, plaintexts, keys, or hints.
  2. Understand the Cryptosystem:

    • Determine which cryptographic algorithm is in use.
    • Analyze any provided code or scripts.
  3. Identify Weaknesses:

    • Look for implementation flaws or misuse of cryptographic primitives.
    • Consider known attacks against the cryptosystem.
  4. Develop a Strategy:

    • Decide on the appropriate attack based on your analysis.
    • Plan the steps needed to recover the plaintext or key.
  5. Implement the Attack:

    • Use or write scripts and tools to perform the attack.
    • Verify your results at each step.
  6. Extract the Flag:

    • Apply your findings to retrieve the flag.
    • Ensure that the decrypted message or recovered key leads to the solution.

Tools of the Trade

Equip yourself with essential cryptographic tools:


Fundamental Concepts

Before diving into specific cryptosystems, ensure you have a solid understanding of:


RSA Encryption

Understanding RSA

RSA is an asymmetric cryptographic algorithm that relies on the difficulty of factoring large composite numbers. It uses a public key for encryption and a private key for decryption.

Key Components:

Techniques and Tips


Advanced Encryption Standard (AES)

Understanding AES

AES is a symmetric block cipher that operates on 128-bit blocks and supports key sizes of 128, 192, or 256 bits. It uses rounds of substitution and permutation based on key-derived values.

Techniques and Tips


Classic Ciphers

Understanding Classic Ciphers

Classic ciphers refer to historical encryption techniques, such as:

Techniques and Tips


Zero-Knowledge Proofs

Understanding Zero-Knowledge Proofs

Zero-knowledge proofs allow one party to prove knowledge of a secret without revealing it. In CTFs, challenges may involve:

Techniques and Tips


Pseudorandom Number Generators (PRNGs)

Understanding PRNGs

PRNGs generate sequences of numbers that approximate true randomness, but are actually deterministic. In cryptography, PRNGs must be secure, but they can be vulnerable if not properly implemented.

Techniques and Tips


Additional Tips and Resources


Final Thoughts

Cryptography challenges blend mathematical rigor with creative problem-solving. They require both theoretical knowledge and practical skills in applying that knowledge to unconventional problems.

Remember to:

Above all, enjoy the process of unraveling the secrets hidden within cryptographic challenges. Each challenge conquered enhances your mastery and prepares you for future puzzles.

CTF Categories

Reverse Engineering

Welcome to the crying world of Reverse Engineering (RE) in Capture The Flag (CTF) challenges! Reverse engineering requires you to analyze software to understand its inner workings, often without access to the source code. This guide is designed to help you navigate RE challenges involving binaries compiled from various programming languages like C, C++, Python, and Android APKs.

Table of Contents


Understanding Reverse Engineering Challenges

In RE challenges, you're typically provided with a compiled program (binary) and tasked with understanding its functionality to:

These binaries can be compiled from various programming languages, and each presents unique challenges and requires specific tools and approaches.


General Approach

  1. Identify the Type of Binary:

    • Determine the target platform (e.g., Windows, Linux, Android).
    • Identify the programming language or environment if possible.
  2. Set Up Your Environment:

    • Use a virtual machine or sandbox to analyze potentially malicious binaries.
    • Install required tools and dependencies.
  3. Perform Static Analysis:

    • Examine the binary without executing it.
    • Use disassemblers or decompilers to understand code structure.
  4. Perform Dynamic Analysis:

    • Run the binary in a controlled environment.
    • Use debuggers to observe runtime behavior.
  5. Document Your Findings:

    • Keep detailed notes on functions, variables, and control flow.
    • Map out the program logic.
  6. Extract the Flag:

    • Apply your understanding to retrieve the flag or meet the challenge objectives.

Tools of the Trade

Before diving into specific types of binaries, familiarize yourself with essential reverse engineering tools:


Analyzing Native Binaries (C/C++)

Getting Started with C/C++ Binaries

Native binaries compiled from C or C++ are common in RE challenges. These binaries may have been compiled with optimization or obfuscation, making analysis more challenging.

Initial Steps:

Techniques and Tips


Python Bytecode Disassembly

Getting Started with Python Binaries

Python is an interpreted language, but compiled Python files (.pyc) contain bytecode that can be reverse-engineered.

Initial Steps:

Tools for Python Reverse Engineering

Tips for Python Challenges


Reverse Engineering APKs (Android Applications)

Getting Started with APKs

APKs are package files for Android applications, which can be reverse-engineered to analyze their contents.

Initial Steps:

Tools for APK Analysis

Tips for APK Challenges


Additional Tips and Resources


Final Thoughts

Reverse engineering challenges are both intellectually stimulating and rewarding. They require a deep understanding of programming concepts, assembly language, and system internals.

Remember, patience and persistence are key. Don't be discouraged by complexity; breaking down the problem into smaller, manageable parts is an effective strategy.

Most importantly, have fun exploring and unraveling the mysteries within the binaries!

CTF Categories

Forensics

Welcome to the world of Forensics in Capture The Flag (CTF) challenges! Forensics challenges are an integral part of CTF competitions, requiring keen analytical skills and attention to detail. This guide aims to equip you with the knowledge and tools necessary to tackle forensics challenges involving network captures, memory dumps, and disk images.

Table of Contents

Understanding Forensics Challenges

Forensics challenges simulate real-world scenarios where you analyze digital artifacts to uncover hidden information or understand an incident. These artifacts can include:

Success in forensics challenges requires a methodical approach, familiarity with various tools, and an eye for detail.

General Approach

  1. Identify the Type of Artifact: Determine whether you're dealing with a PCAP, memory dump, or disk image.

  2. Understand the Challenge Context: Read the challenge description carefully for clues.

  3. Prepare Your Tools: Ensure you have the necessary software installed and configured.

  4. Formulate a Hypothesis: Based on initial observations, decide what you're looking for.

  5. Analyze Systematically: Follow a structured methodology to examine the artifact.

  6. Document Your Findings: Keep detailed notes of your analysis steps and discoveries.

  7. Extract the Flag: The ultimate goal is to find the flag, which may be hidden or encoded.


Analyzing Network Captures (PCAPs)

Getting Started with PCAPs

Network captures record data packets transmitted over a network. Analyzing PCAP files can reveal:

Tools for PCAP Analysis

Tips for PCAP Challenges


Memory Dump Analysis

Getting Started with Memory Dumps

Memory dumps capture the contents of system RAM, which may contain:

Tools for Memory Analysis

Tips for Memory Challenges


Disk and File System Forensics (Dead Box)

Getting Started with Disk Images

Disk images are exact copies of storage media, allowing you to:

Tools for Disk Forensics

Tips for Disk Forensics Challenges


Additional Tips and Resources


Final Thoughts

Forensics challenges offer a unique opportunity to delve into the intricacies of digital artifacts and develop a deep understanding of investigative techniques. They require patience, attention to detail, and a systematic approach.

Remember, practice is key. The more challenges you tackle, the more proficient you'll become. Don't hesitate to reach out to the community, participate in discussions, and share your experiences.

Good luck on your forensics journey!


Feel free to join us in our next Hack N' Chill session, where we collaborate on challenges and learn together!

CTF Categories

Misc

CTF Categories

Hardware

If you are reading this with expectation of getting help for the challenges. God help you

StudSec CTF events

StudSec CTF events

HTB University CTF 2024

Hack The Box University CTF

What to expect

At HTB University CTF 2024 you can expect a mix of technical challenges, collaboration, and socializing with well put together challanges. During the CTF, we will solve challenges across categories like reverse engineering, binary and web exploitation, cryptography, forensics, and more. A beginner-friendly introduction to what these categories mean and what kind of challenges are usually put there can be found in StudSec's Getting Started with CTF guide. In past editions of the HTB University CTF there has been a wide range in difficulty, so the CTF will be accessible for newcomers but will also definitely provide a challenge for more advanced participants.

The CTF itself is online but we will also be meeting up at the VU New Building (exact location be coordinated in Discord), where we gather to tackle challenges in person. To make solving the CTF challenges more accessible and beginner-friendly, experienced StudSec members will also be present during the meetup and able to help  those who are attempting a CTF for first time. Drinks & snacks will be provided to keep the energy up during the day.

Agenda
When
What
Notes
Friday 13th      | 14:00
Start of CTF
feel free to start and join on Discord
Friday 13th      | 19:00 - 22:00
Meetup @ VU
@andreatta00 will be there at least
Saturday 14th | 10:00 - 21:00
Meetup @ VU
@delta will be there at least
Sunday 15th     | 10:00 - 22:00 Meetup @ VU @rombertus will be there at least
Sunday 15th     | 22:00 CTF end

Sunday 15th     | 22:00 - 23:59
Borrel (drinks, snacks, socials activity)
At Bar Boele or Loetje, TBD


How to join

There are three things you will need to join to participate, firstly the CTF platform itself (Hack The Box), this will give you access to the challenges and let you submit flags. Secondly there is Discord, this is our primary method of communication within the team. And finally there is CTFNote, which is a collaborative platform we use to keep notes on all challenges we are doing.

Hack The Box

The event is organized by and hosted on Hack The Box, to get access first create an account on https://ctf.hackthebox.com/, then follow the steps outlined here: https://help.hackthebox.com/en/articles/6666329-how-to-join-university-ctf-2024.

Note that you will need to use your `@student.vu.nl` email when joining the CTF. You do not need to use this email when creating an account on the platform.

Discord

Discord is our main channel of communication, you can join it here. Once in the Discord server you can get access to the channel for this by joining the "HTB University CTF" event. To do this first go to "Events" (1), then scroll down to find the "HTB University CTF" event (you can also find it here) and finally click 'interested' (2). This should give you access to the "htb-university-ctf" channel under "CTFs - 2024" (3).

image.png

image.png



image.png

If this is not the case please reach out to any user with the "board" role. (Their names will be red).

CTFNote

Once you have access to the Discord, you can find the CTFNote authentication password in the "General" post of the "htb-university-ctf" (so not the #general channel under "TEXT-CHANNELS"). With this you can register a user on CTFNote here https://pad.studsec.nl/#/auth/register , once you've done this send a message in the channel letting us know so we can give your new account access.

For more details on using CTFNote see here.

CTF Tooling

CTF Tooling

CTFNote

CTFNote is a collaborative notepad that lets CTF teams share notes for CTF challenges. If you do not yet have an account ask for the registration password in the StudSec Discord (in the dedicated channel for the CTF you want to play). Once you have an account, and you've been added to the CTF, you should see the CTF listed in your dashboard. Clicking it should give you a view similar to this.

image.png

If you click on "tasks" you will see a list of all (unsolved) challenges like this

image.png

Opening the challenge notepad of one of these challenges will give you an editor with 3 modes (view, both, edit)

image.png

The "both" and "edit" modes let you edit the page as normal text, this text will then be rendered as Markdown in the "view" mode.

Note structure

There is no 'correct' way of taking notes, but in general the notepad should answer the following questions

If you are stuck it can help to concretely summarize why you are stuck, that makes it easier for others to join in and provide advice.