CTF: A fun way to learn hacking
A few months ago, I discovered about CTFs or Capture The Flags. CTF is a type of computer security competition. There are different types of CTF, but the jeopardy style is the most commonly used in CTF where players are given many security challenges covering various fields such as forensic or reverse engineering and needed to solve it as many and as quickly possible. Each challenge solved will be rewarded with certain points based on the difficulty, and the player with highest points wins.
I found that CTF is a really fun way to learn cyber security. The excitement you get when you've used real exploits or tactics that you learned and seeing it actually works (you've hacked something) or the "Aha!" moment when you finally found the solution is what makes CTF really fun to play.
My First CTF
I immediately joined KPMG Cyber Security Challenge 2019 in Malaysia when I first discovered the event. CTF is still a rare event in Malaysia compared to hackathons (the hackathons are almost weekly here). Hence, I just jumped at the rare opportunity there. Unfortunately, it was a 4-member team competition, and out of my 3 teammates, only 1 of them is available during the competition.
Sadly, my team was ranked at 32th place out of 60+ teams and did not manage to pass the qualifier round. But nonetheless, I had a lot of fun, learned many things, and it was a great experience overall. And I personally think the result wasn't too bad considering I just knew about CTF a few weeks prior and I was missing 2 members.
The Challenges
The qualifier round doesn't have a lot of questions, there are around 7 questions and only comprised of steganography, forensic, and reverse engineering challenges. I managed to solve 3 challenges, 1 from each field. I had a hard time solving the other RE challenges as they gave Windows executables and I was expecting ELF files. So, without further ado, here we go.
Steganography
Steganography is the art of hiding data such as embedding secret message in an image. One example application of this in security is malware hiding.
Angola - Least Significant Failure
So first we are given a link to a zip file.
Least_Significant_Failures_95988b81547c2be1431cfd83199c573c.zip
So we just unzip it, using unzip command.
$ unzip Least_Significant_Failures_95988b81547c2be1431cfd83199c573c.zip
And we will get an image file kanye.png
.
Before we do anything, we should check the extension is correct using the file
command as file can be deceiving sometimes, and it is indeed a png file. As this is steganography challenge, and from the zip file name, this seems to use LSB techniques to hide the flag somewhere inside the image. So first, we used zsteg
, a program which usually will reveal texts hidden in an image using LSB technique.
However, this only result in gibberish text as shown in the image above.
Next, we try to use Stegsolve.jar
, a java tool for steganography by processing the image with various techniques (invert color, xor, etc.) or filters.
And yes, we found some kind of text on the green plane, but it does not look like a flag so it might be encrypted or a cipher.
Then we tried to use some general online decoder at first, but it does not give the flag. Then we assume it may be a caesar cipher, and tried to bruteforce it.
But all result in nothing and does not give the flag. Finally we tried to decode it as base64.
And yes! Surprisingly, we got the flag.
KPMG{3V3RY0N3_L0V3S_ST3GGY</3}
This is quite tricky as we did not think of it as base64 at first since it does not end with the usual ==
padding.
Forensic
Forensics is the art of recovering the digital trail left on a computer. In this case, it is related to network forensic where we try to find the flag in .pcap
file.
Canada - Project Searching MH370
First, we download the zip file. After unzipping it we will get a pcapng file Essence.pcapng
. Then we open the file using wireshark. On the wireshark, we searched for any strings that might give us the flag such as ‘KPMG’, ‘flag’, ‘ctf’, ‘pass’, etc. And luckily, we quickly found a zip file CTF_Flag.zip
, which might contain the flag.
Then we proceed to try extracting the file and unzipping it. However it is locked with a password.
At first we were thinking to just bruteforce the password using cracking tool like fcrackzip
, but fortunately we remember that we saw a pass.txt
file which might contain a password when we were browsing around the .pcapng
file previously.
Next, we proceed to extract the password text file and use it for unzipping the zip file.
And yay! By using the password W@k@nd@_s0m3tim3s
to unzip the file. We get the flag!
KPMG{I_CAN_SAVE_IRONMAN}
Reverse Engineering
Reverse Engineering in a CTF is typically the process of taking a compiled (machine code, bytecode) program and converting it back into a more human readable format.
Usually this would involve disassembling a program and trying to make sense of the assembly file produced. And indeed, some of the RE challenges given required you to disassemble a Windows PE file or executables. However, I didn't manage to solve these, and instead solved the easy one that only needed some python knowledge.
Russia - GateToRiches
First, we download the zip file and unzip it, this will give us a python code GateToRiches.py
. By looking at the code. It will ask a username and somehow calculate flag. We can easily solve this by modifying the code to print the produced flag res
.
Now, when we run the python script, it will give us the flag.
KPMG{f00d}
Conclusion
I was a bit disappointed with the result, but I learned a lot from the competition and definitely would join more CTFs in the future. In fact, I just participated another CTF a few weeks ago and will make another writeup about it soon.
And to readers who are interested to get into cyber security, I really encourage to try playing CTF regardless of your skill level! You can start with picoCTF, a beginner friendly CTF.
This is my first post, feel free to leave a feedback about my writing.
Top comments (0)