0x03: CTF 101 Part II – February 2019

Collin (Unkn0wn)

Founder of Shad0w Synd1cate

 

 

 

Welcome to Part II of II for the CTF 101 blog series! In part I we discussed what a cyber CTF is, why you should get involved, and ended with discussing some of the different categories that you can expect to see in a Cyber CTF. Let’s pick up where we left off, outlining the remaining categories that you can expect to see.

Note: You can download the PowerPoint slide deck as well as the lab worksheet we made for this topic from the links to the left including the VM that you will need to complete the lab.

 

  Offensive

Offensive involves the proactive attempts to hack a system via a vulnerability that can be exploited. This tends to be the more “sexier” or sought out after part of cybersecurity. This is the cool stuff you see in movies and TV shows. In some CTFs, you will have a set of systems that are connected to a LAN (which you must either VPN into or be physically there) that you must actively attempt to exploit and gain full administrative access on. There are also other events that actually require you to attack other CTF participants’ systems! The offensive side of the house can be extremely fun, but it is something that can become very difficult or require a lot of in-depth knowledge to pull off. Let’s talk about some tools you can use for these types of challenges:

– Metasploit: Metasploit is by far the most popular and most used offensive/penetration testing platform available. Metasploit provides a wide variety of community developed modules that can be used to exploit vulnerable systems. This is going to be one of your best friends when partaking in offensive challenges. Metasploit is ever growing, containing thousands of modules that can be used. To include, they recently released version 5.0 including new features such as evasion capabilities! More information regarding Metasploit can be found here: https://github.com/rapid7/metasploit-framework/wiki/Metasploit-5.0-Release-Notes

-SQLMap: This tool allows you to automate the process of detecting and exploiting SQL injection vulnerabilities. It really makes this super simple requiring you to have little to no experience with SQL or other database syntax. It currently supports MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, Informix, HSQLDB and H2 database management systems. More information regarding SQLMap can be found here: http://sqlmap.org/

-Wfuzz: Wfuzz is an amazing tool that can be used to bruteforce web applications in hopes of finding vulnerabilities that can be exploited or taken advantage of. More information regarding Wfuzz can be found here: https://github.com/xmendez/wfuzz

 

Defensive

What is an offensive category without a defensive one? You probably already guessed it, but defensive is the exact opposite of what the offensive category is (duh captain obvious!). When partaking in a defensive CTF, this usually entails of people attempting to attack your system and your duty is to keep the system patched, secured, and operational to prevent it from getting compromised or taken offline. This involves of a lot more than just tools and software. It requires organization and communication and a general understanding of the system/network you are defending! Let’s discuss some key components regarding the defensive category of a CTF.

-Linux Administration: When it comes to Linux defense, you really need to have a general understanding of the Linux OS including how it can be properly administered. You will want to be familiar with the different variants of Linux, whether it is Debian based, RPM based, or another. Each variant has different commands and capabilities. Some useful notes for managing a Linux system is to make sure it is completely up to date using the yum or apt commands depending on variant of Linux. You may also want to consider enabled SELinux which provides access control capabilities.

-Windows Administration: The same concept goes for Windows systems. You will want a general understanding of a Windows system and how to properly manage them. Ensuring the system is up to date using the built-in Windows update tool. You will want to make sure you are disabling all unused ports and remove unnecessary applications.

-Communication/Leadership: Depending on the event, you may be placed on a team in which you will all need to work together to protect and defend your systems/network. It is vital to make sure you have great communication and it is also helpful to pick a team leader that you can use to help delegate tasks and keep people accountable!

 

  Scripting

Believe it or not, scripting can be another type of category when partaking in a Cyber CTF. There have been many times that I have run into challenges that were just not feasible for one to perform manually and required you to create a script! Also, just a general statement, scripting can really make your life easier and can make manual processes, that usually take a while to perform, simple and extremely fast! Let’s discuss what type of scripting languages you can expect to see when in a Cyber CTF.

-Bash: Bash is the native default login shell for Linux and macOS systems! Getting some experience with bash can drastically help out with speed and efficiency when dealing with a Unix based system.

-Python: Python is one of the more popular high-level programming languages. A majority of the Kali Linux tools are actually developed using Python. There is so much community support and modules available making Python a must to learn!

-PHP: PHP is a general-purpose scripting language suited for web development. This may come in handy when dealing with an offensive CTF that entails of web application exploitation.

-Javascript: Javascript is another high-level programing language suited for web development. You may also come across this during offensive CTFs in which you search for vulnerabilities in code that can be exploited.

 

  Reverse Engineering

Reverse Engineering is the art of deconstructing software in order to reveal its underlying design to better understand how it functions as well as search and discover potential vulnerabilities that can be exploited. I am not going to lie, this is where it starts getting into the weeds. Reverse Engineering by no means is a simple task. It requires an in-depth understanding of assembly language. Typically you see this as part of a more advanced CTF event or one of the more advanced categories. Let’s discuss some tools you may use for Reverse Engineering:

-Radare2: Radare provides an awesome framework for reverse engineering and analyzing binaries. It supports numerous different operating systems and allows you to disassemble and assemble binaries. It is also free to use! More information regarding Radare2 can be found here: https://rada.re/r/

-OllyDBG: OllyDBG is an extremely popular x86 debugger for Windows. It has a GUI that you can use to easily parse through binaries and their assembly code. The best part is, it’s free! More information regarding OllyDBG can be found here: http://www.ollydbg.de/

-IDA: IDA stands for Interactive DisAssembler, and it is the creme de la creme of reverse engineering tools. It has a very beautiful looking GUI that you can use to easily review the assembly of a binary. IDA allows you to interactively change the displayed data and has support for tons of file formats. The only downside to IDA is that it costs over $1100 for a professional license which allows for the support of more processors as well as 64 bit binaries. More information regarding IDA can be found here: https://www.hex-rays.com/products/ida/index.shtml

 

This concludes the outline of the different types of categories you can expect to see while partaking in CTFs. Just note, this is not a full list since every event varies and you may see completely different categories in play!

 

 Resources

Now that we went over all this information regarding CTFs, let’s list some useful resources that you can use to learn more and practice your cyber skills!

-OverTheWire: This is a great website that you can use to practice your Linux skills and learn while doing it. It gives you a little taste of what to expect  in a CTF, and has different levels that progressively get more difficult. You can learn more about this site by going to: http://overthewire.org

-Hack The Box: This is the current hotness right now when it comes to offensive practicing. Hack the Box is an awesome site that allows you to connect to a network via VPN which holds vulnerable systems that you need to exploit and gain access to. In order to register to be a part of hack the box, you have to hack the registration page! (How cool?!) For more information regarding Hack The Box, go to https://www.hackthebox.eu/

Note: When you are connected to their network via VPN, you are on a LAN with other real-world people that can  also attack your system. It is highly recommended that you use an isolated virtual machine when doing this.

-CTF Time: This is a great site that contains a listing of hundreds of upcoming CTF events. You can use this to stay up to date on the latest events and find ones that interest you. Depending on the events you actually play in, if you rank high enough you will receive CTF Time points in which you get placed on a leader board! For more information regarding CTF Time, go to https://ctftime.org

-CTF101: This is an awesome site that complements the information provided in these two blog posts. It goes over CTF101 concepts making it another great resource to add to the bag! For more information regarding CTF Time, go to https://ctf101.org

 

 That concludes our CTF 101 blog series! We hoped you enjoyed it and learned something new along the way. If you have any questions feel free to reach out to us. You can also reach out to me directly via twitter @_Unkn0wn1 or on instagram @collinmontenegro 

 

Icons made by Smashicons from www.flaticon.com is licensed by CC 3.0 BY