CTFs ¿What? ¿Why? & ¿How?

CTFs ¿What? ¿Why? & ¿How? | Written By Suneet Singh

In this article Suneet Singh, is going to explain us, ¿What does it mean CTF?, ¿Why it’s important? & ¿How can you start playing?.

¿CTF?

Capture The Flag, more commonly called CTF is a type of puzzle challenge in which the participants(teams or individuals) have to capture and secure all the flags hidden in different parts of the game before the rival team, using specific methods(tools and techniques) for the different type of challenges.


A flag is denoted by a long string hidden in the challenges using Cyber Security techniques of Cryptography, steganography, etc or within HTML code of a webpage, inside the cookies, or within a server log file, etc. The participant with the most number of flags or points(in some challenges points are awarded for submitting the flags) wins the challenge.

Example of a “FLAG”.

¿Who Solves these Challenges and Why?

CTF challenges are played by Cyber Security enthusiasts, newbies in Cyber Security, hobbyists, budding hackers, and Cyber Forensics.

There are different levels of CTF challenges from easy introductory level web challenges to fully-fledged pawning a server, this large spectrum of difficulty levels cater to the different levels of security professionals and newbies, helping them to sharpen their skills while providing a safe playground to them for practicing their hacking skills.


CTF challenges do not typically require programming skills or specialized hacking skills but demand creative thinking and problem-solving abilities along with a lot of googling.

CTF challenges help programmers understand loopholes in programming, it helps in developing forensic skills and reconnaissance skills, these challenges are not just for skills enhancement but these also are fun to solve and gives a sense of treasure hunting or detective work.

There are mainly 2 types of CTF challenges:

  1. Jeopardy Style: In jeopardy type CTFs, different challenges are given in the form of tasks along with hints on how to approach these tasks for solving them.
    For example, An encrypted string provided with an indirect hint about the type of encryption used.
  2. Attack-Defense: In this type of CTF each team is provided with servers running vulnerable services, task of each team is to hack the other team’s server and shut it off by harming it while defending its services from other team’s attacks

Jeopardy Style CTFs are more common and played more often. 

These can be divided into different categories based on techniques used to hide the flag or based on how to find that flag. Some types of Jeopardy-style CTFs are:

1. Web:

These challenges revolve around a web application and its exploitation through XSS, SQL, cookie theft, etc.

2. Cryptography:

These challenges are solved using reverse cryptography techniques i.e., decryption, according to the task specified.

3.Forensic:

These include finding hidden messages in an audio file, analyzing .pcap network packets, reverse steganography, etc.

4.Reverse Engineering:

In these challenges, we have to Reverse Engineer an android APK, binary file, etc.

These are some types of challenges in Jeopardy Style CTFs. In all these challenges there is no absolute technique that guarantees the success of finding the flag but there are 2 techniques to increase your chances of winning as well as increasing your knowledge.

Practice

Practice makes everyone perfect. Practice different challenges and you will see improvement in your approach as well as skills.

   These are the different CTF platforms for practicing:

            1. https://ctftime.org/

            2. https://portswigger.net/web-security

           3. https://picoctf.org/

          4. https://overthewire.org/wargames/

          5. https://ctflearn.com/

         6.  http://3564020356.org

Read

My second point is directly related to the above-mentioned point of practice.

When you will start solving these challenges on different CTF platforms, you will most probably get stuck, and get confused on how to clear a challenge.

First, I will suggest leaving that particular challenge category and try on another challenge and come back to this challenge after a day or two and try solving it with a different approach and technique, but if still, you are not able to solve it, summon your best friend in solving CTF which is Google.

Google about your problem. If still, you are unable to clear that challenge then Read walkthroughs, tutorials, and writeups on that CTF event.

Even if you can solve a challenge in the first blow, you must still read about that challenge’s solution as you may find a completely different approach than yours to solve the same problem. This will provide you with a different perspective to solve or approach a challenge.

Here are some resources that you can read to know about different techniques of forensic, Reverse Engineering, OSINT etc.:

Know about Reverse Engineering through example of android APK Reverse Engineering.
https://hackersandcoffee.blog/2021/06/06/reverse-engineering-an-android-application/

Know a simple Technique of Forensic i.e., stegnography
https://hackersandcoffee.blog/2021/06/06/steganography-concealing-secrets/

Know about OSINT and reconnaissance
https://hackersandcoffee.blog/2021/05/20/osint-framework-a-brief-introduction/

Here are some essential tools for your CTF journey:


Burp Suite(For web applications):

https://portswigger.net/burp

WireShark(Network Packet Analyzer):

https://www.wireshark.org/

StegSolve(Image Stegnography):

http://www.caesum.com/handbook/Stegsolve.jar

APKTool(For Android App Reverse Engineering):

https://ibotpeaches.github.io/Apktool/

Google:

https://google.com/ 😉

Kali Linux or alternatively Parrot OS.

Thank you for your time (Suneet Singh).

Contact Suneet Singh

¡Read more of his work here! (Medium profile)

Editor In Chief Note

Guys, on Hacking The People, we are doing a CTF Challenge called “HackBox CTF Reloaded“, its intended to be a Beginner and Intermediate friendly CTF.

This Jeopardy style CTF will have the categories of:

  • Cryptography.
  • Coding.
  • Web.
  • Forensic.

You can register here:

¡Register Here!

¿Did we mention that we have an Slack community for all the Participants?

¡Now you know, register here!:

Join our Slack

Note Closed

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Salir /  Cambiar )

Google photo

Estás comentando usando tu cuenta de Google. Salir /  Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Salir /  Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Salir /  Cambiar )

Conectando a %s