Fun With Flags!

oshrat — Mon, 09 Aug 2021 18:47:36 +0000

Welcome!
This blog is all about CTFs!
CTF stands for Capture The Flag, a game in which your goal is to find an actual flag (in the original physical game), or a virtual flag - which can be a string, gaining access etc.
There are many types of CTF challenges: Web, Low Level, Reverse Engineering, network and so on.
In this blog I am going to present several types of CTF challenges, and even how to solve them!

Why?
CTFs are a GREAT way to learn!
It combines many knowledge fields and skills, it's a game, a puzzle, a time consumer, a head breaker - but most of all IT IS FUN!
If you are not convinced yet, I highly recommend reading this great(!) post by the excellent Oryan De Paz.
If you do - read it anyway ;)

The first posts will deal with Web challenges.

Web Challenges Foundations
There are 5 stages in web hacking:

Reconnaissance
Scanning and Enumeration
Gaining Access
Maintaining Access
Covering and Clearing Tracks

In this blog we are not going to talk about stages 4+5, simply because in CTFs, they are usually irrelevant.

Recon - Part 1
Today we are going to talk about Reconnaissance (Recon).
Recon is the phase of gathering all the information you can find: footprints, web pages, parameters, site mapping and really anything- you don't know what will end up helping you.

So, how do I get that info?

Know your HTML:

Browser's Developer Tools:

Say hello to "inspect". This tool allows you to take a closer look at an element on the web page without the need to search for it.
Access it by clicking F12 or Ctrl+Shift+I or by selecting "Inspect" in the right-click menu:

Select the arrow on the top-left corner (it turns blue if selected).
Choose an element from the web page you would like to inspect
Take a look at the client code you've got!

Note that you are in a tab called "Elements" (green).
There are more useful tabs - but most of them will have to wait till some other time.

The next tab we'll review is "Sources":
Here you'll find all the files needed to display the web page.

Believe it or not (I'm walking on air) - now you know enough to practice!

Try these challenges before you continue reading:

natas levels 1, 2: https://overthewire.org/wargames/natas/natas0.html
hackthissite*, basic missions, 1: https://www.hackthissite.org/missions/basic/1/
hacker101*, A little something to get you started: http://35.190.155.168/0611fabbc9/ *you have to sign up for these ones, but it is totally worth it!

Thanks for coming back- let's keep on learning!

So, "inspect element" is an essential tool and you will probably use it all the time,
but sometimes there is a lot of spam and distractions and it's more disturbing than helpful..

At times like these, consider seeing the big picture - namely, the source code for the whole page - by checking the "View page source" (right-click menu/Ctrl+U).

Another trick that might help you get the orientation you'll need:
Sometimes there is an interesting data you don't see because it marked as "hidden":

(Not necessarily "input" data, it can be any type).
So first, you can use the search option (Ctrl+F) to find all the hidden stuff, and then you can delete it and the hidden info will appear!
Don't be afraid to delete anything from the HTML code, it's all reversible and you can simply restore it by reloading the web page (F5).

Moving on!

URL = U Really (should) Look in there!

Dirlist: if you find a new webpage/picture, check the path in the URL, sometimes you'll see a new path (domain, directories, an hierarchy) that can help you get some understanding about the website structure, or even better:
GET ACCESS TO SOME SENSITIVE INFO!
For example:
File names and extensions:
By looking at a file name, we can get a better understanding of the site mapping (we'll talk about mapping in a separate post).
If the dirlist is protected, we can try to get to new web pages by guessing their names.
For example: if there's a webpage called "index3.php" maybe there's a webpage called "index2.php".
Needless to say: if you encounter a new file- try access it!

Notice the file's extension is also important - we'll discuss this when we'll review web attacks.

A little more practice:

hackthissite*, basic missions, 2, 3, 4: https://www.hackthissite.org/missions/basic/

To sum up, when dealing with web challenges, the first step is gather all the information you can.
Today we saw a few ways to do that: Inspect, Sources, file names, and extensions.

Sorry for your new addiction and good luck ;)

DEV Community: oshrat

Fun With Flags!

Browser's Developer Tools:

URL = U Really (should) Look in there!