DEV Community

Paula
Paula

Posted on

Security Sprint: What I learnt in a CTF

For the ones who are not close to security related slang, Catch The Flag is an online hacking game that consist in hacking stego, web, network, etc in order to get passwords (the flags) and catch them all before the rest of the contestants. So through three days, I played one of those organized by my university, with a team mostly dedicated in Network and Forensic study. I won't be explaining all the process here, but I want to point out all the tools I used (most of them brand new for me) for solving the problems.

  • tcpdump: I already wrote about this tool but I found it very useful this time too. It's a network scanning and processing tool that allowed me to find out a weird file in a network that actually contained the flag . When other tools were blocked by the system, this one remained. Yay! it's also a command line tool in linux, flexible and handful.

  • Nikto: This is a very useful network scanning tool that unfortunately was blocked by the CTF system, but it might be useful in real life or other CTF's. it has a lot of options, including -e that looks for weird files. An example of a host scanning is nikto -host {host}

  • nmap: A classic network scanning tool. For example nmap -v -sn {host}

  • Identify: Helped me giving me information about and image, using a command such as identify -verbose image.jpg

  • stegosolve: As it names indicates, it's a tool that works specially for steganography. Actually what this program does can be done directly using Gimp. But it's faster this way. It plays with ganma colors of an image as well as the saturation. It's a java program so an example would be java -jar stegosolve.jar image.png

  • Binwalk: This is also for steganography, this tool can find binary files such as zip files or txt or another image, inside an image. I actually used ghex first and saw there was a "PK" in the translated hexadecimal, which means there's a ZIP inside it. But without Binwalk it would have been more difficult to catch it. It's posible using dd like dd if=image.png bs=1 skip=the_line_in_decimal_where_PK_is of=foo.zip but Binwalk is a better option. binwalk -e image.png and it's done.

  • Volatility: Last but not least, volatility is like pure magic. Is a powerful forensic tool that allows to look for clues in dump files.

Depending on the puzzles and the hacker, some other tools could be useful. IN my case these are all framed in Debian jessie linux, and taking advance of the terminal, in which I feel more comfortable. Anyway, CTF's are good options for learning an there are tons of them on the internet but beware! they're highly addictive.

Top comments (5)

Collapse
 
joshcheek profile image
Josh Cheek

This is super cool! I've only used 2 of them before (tcpdump and identify), not in the context of CTF, just b/c they're useful tools. How do you find out about CTFs? I wouldn't mind giving one a try, esp if there was a walkthrough afterwards so that I could improve (b/c I'm going to be pretty bad at the first several I try).

Collapse
 
terceranexus6 profile image
Paula

Actually this one was special, I'm in a hacking group at my university organized by a teacher, and he orchestrated it all alongside a couple of students. I signed in another CTF just today because a friend of mine who is into it told me about it. I guess I heard about most of them from friends, but you can find a bunch of them on the internet too! You can give it a try with hackthissite.org/ which is pretty similar. Also check up writeups! Good luck haha

Collapse
 
ronalds profile image
Ronald S

Always thought it was Capture the Flag

Collapse
 
andy profile image
Andy Zhao (he/him)

I've heard both; personally I grew up with capture :)

Collapse
 
terceranexus6 profile image
Paula

that would make a lot of sense, tho