Knowing where to start when I'm interested in offensive computer security can be tricky.
Should you read a book (s)? Read as many articles as possible? Make a formation ? Watch videos on Youtube?
There are many possibilities.
But beyond all this, it is certain that at one time or another nothing will replace practice.
This is when the CTF (Capture The Flag) becomes your best ally to put into practice everything you have learned.
OverTheWire CTFs are intended for beginners. But it is in this that they are extremely rewarding because they allow Security Engineers but also Software Engineers to understand the challenges of IT security.
Indeed, the first challenges are oriented on the exploitation of vulnerabilities via simple bash commands.
I suggest you do these challenges and explain how to solve the challenges of this CTF. The idea is more to understand how a command works and how to use all its possibilities to carry out a vulnerability exploitation on the system.
We start with the first 5 challenges:
If you want to read the writeup without the voice over, here are all the writeups (for the 5 first challenges).
Bandit Level 0 -> 1
ssh firstname.lastname@example.org -p 2220
Use bandit0 as the password
Read the readme file
Flag : boJ9jbbUNNfktd78OOpsqOltutMc3MY1
Bandit Level 1 -> 2
ssh email@example.com -p 2220
Use the boJ9jbbUNNfktd78OOpsqOltutMc3MY1 flag as the password.
Create a directory in /tmp with
mktemp -d /tmp/ploptipXXXX
Move the - file to that directory while modifying the name to a more "normal" one.
mv - /tmp/ploptipfmHI/flag.txt
Flag : CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
Bandit Level 2 -> 3
ssh firstname.lastname@example.org -p 2220
Use the CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9 flag as the password.
Read the spaces in this filename file
more spaces\ in\ this\ filename
Flag : UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
Bandit Level 3 -> 4
ssh email@example.com -p 2220
Use the UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK flag as the password.
The flag is in a hidden file.
Use the ls -a command to display all files.
.hidden file is revealed.
ls -la more .hidden
Flag : pIwrPrtPN36QITSp3EQaw936yaFoFgAB
Bandit Level 4 -> 5
ssh firstname.lastname@example.org -p 2220
Use the pIwrPrtPN36QITSp3EQaw936yaFoFgAB flag as the password.
We are using a recursive cat on all the files that are in the folder.hidden/
cat ./-file00 etc...
You can do that super quickly through cat ./-file0*
Flag : koReBOKuIDDepwhWk7jZC0RTdopnAYKh
If you have any question, feel free to ask and I'll do my best to answer it and help you grow.
If you like this content, push the like button, that helps spread the message. 👍🏼
If you think it can be useful to anyone in your network, share it. 📨