How to get started in CTF’s and get better ranks in it.

I don’t know whether I am eligible to write this post or not. But my rank constantly motivates me to write a post. So I decided to write one.

I will start with an introduction with what is a CTF. CTF is capture the flag competition where the participants will attack a vulnerable machines with several vulnerabilities which will make the attacker to get the root flag. Once you submit the root flag , you win.

This post can be more likely to be like How I got started in CTF’s and how I got rank in it. I have got monthly world rank 1 in Tryhackme CTF platform recently and All time rank 101 by the time I am writing this post (August 12, 2020 - 20:16).

I have been hearing the term bug bounty and penetration testing while doing random browsing. Somehow I got an interest in it. But I don’t know where to start. By doing more research on this topics I found that I will be able to take a defensive approach and that’s where I have started. To secure what I code rather than attacking others systems even for bounties. Keeping ourselves updated is one of the most important things in this field.

Oh sorry , the post was about how to start your participations in CTF platforms. Coming to the topic, I have been doing CTF’s in Hackthebox platform for nearly one year after seeing some facebook posts of the people in community. Till now I have acheived Hacker badge there . I think that’s nothing to be proud of and I kept doing it when I get time and I kept learning about new topics on cyber security. On some day during Corona lockdown I got a suggestion in Instagram about tryhackme platform. So I started doing it and I have achieved 0xD level till now and monthly rank 1 in world and all time rank of 101. I have been trying harder to get into higher ranks.

Let’s discuss something about materials now

I learned what I know about CTF’s and tools from the youtube channels of John Hammond and Liveoverflow. Without their content my CTF journey will not be possible at this extent. I am sure about that thing.

Now about tools I use. I have almost never used kali linux, which is said to be OS for penetration testers and hackers in my life. I always prefered Ubuntu or backbox. We can easily install tools in it rather than making things come in handy. I always go for harder way inorder to learn things. Here also same happened.

Things to do while doing a CTF (Scan,enumerate,exploit,escalate)

• The first thing I always do when doing a CTF is to scan the target and find if there's any open port using nmap.
• Most of the time, in easy CTF's I have observed that there will be an FTP that allows anomymous login.
• After scanning you have to enumerate to check there's any hidden directory or not.
• Then most of the times you will get some files which may gives you user access to the system , for example like SSH login.
• After you got the user access check for user flag and submit and then try to escalate the privilege.
• Always use searchsploit or GTFOBins inorder to find exploits for root access.
• After escalate you are now root , submit the root flag and you're done.

Now let me mention some tools I used during the process (my favorite tools)

• Nmap
• Gobuster
• Burpsuite
• smbmap and smbclient
• Hydra
• Some private tools ( I think knowing how to code is important.)

I think i have mentioned everything needed for doing well in CTF’s. Hope I will see the people who are reading the post will also get to higher levels in CTF’s by doing well in it.

Thank you