For the ones who are not close to security related slang, Catch The Flag is an online hacking game that consist in hacking stego, web, network, etc in order to get passwords (the flags) and catch them all before the rest of the contestants. So through three days, I played one of those organized by my university, with a team mostly dedicated in Network and Forensic study. I won't be explaining all the process here, but I want to point out all the tools I used (most of them brand new for me) for solving the problems.
tcpdump: I already wrote about this tool but I found it very useful this time too. It's a network scanning and processing tool that allowed me to find out a weird file in a network that actually contained the flag . When other tools were blocked by the system, this one remained. Yay! it's also a command line tool in linux, flexible and handful.
Nikto: This is a very useful network scanning tool that unfortunately was blocked by the CTF system, but it might be useful in real life or other CTF's. it has a lot of options, including -e that looks for weird files. An example of a host scanning is
nikto -host {host}nmap: A classic network scanning tool. For example
nmap -v -sn {host}Identify: Helped me giving me information about and image, using a command such as
identify -verbose image.jpgstegosolve: As it names indicates, it's a tool that works specially for steganography. Actually what this program does can be done directly using Gimp. But it's faster this way. It plays with ganma colors of an image as well as the saturation. It's a java program so an example would be
java -jar stegosolve.jar image.pngBinwalk: This is also for steganography, this tool can find binary files such as zip files or txt or another image, inside an image. I actually used ghex first and saw there was a "PK" in the translated hexadecimal, which means there's a ZIP inside it. But without Binwalk it would have been more difficult to catch it. It's posible using dd like
dd if=image.png bs=1 skip=the_line_in_decimal_where_PK_is of=foo.zipbut Binwalk is a better option.binwalk -e image.pngand it's done.Volatility: Last but not least, volatility is like pure magic. Is a powerful forensic tool that allows to look for clues in dump files.
Depending on the puzzles and the hacker, some other tools could be useful. IN my case these are all framed in Debian jessie linux, and taking advance of the terminal, in which I feel more comfortable. Anyway, CTF's are good options for learning an there are tons of them on the internet but beware! they're highly addictive.
Top comments (5)
This is super cool! I've only used 2 of them before (tcpdump and identify), not in the context of CTF, just b/c they're useful tools. How do you find out about CTFs? I wouldn't mind giving one a try, esp if there was a walkthrough afterwards so that I could improve (b/c I'm going to be pretty bad at the first several I try).
Actually this one was special, I'm in a hacking group at my university organized by a teacher, and he orchestrated it all alongside a couple of students. I signed in another CTF just today because a friend of mine who is into it told me about it. I guess I heard about most of them from friends, but you can find a bunch of them on the internet too! You can give it a try with hackthissite.org/ which is pretty similar. Also check up writeups! Good luck haha
Always thought it was Capture the Flag
I've heard both; personally I grew up with capture :)
that would make a lot of sense, tho