What is CTF? How to Play CTF? | Cyber Security

What is CTF ?

CTF(Capture the flag) is a kind of competition that challenges participants to do tasks from basics of hacking to your way into hacking web servers. Usually flag is a piece of text hidden somewhere on the webserver or tricked to be in a file but hidden. The goal is to find the hidden flag.

Capture the Flag (CTF) is a special kind of information security competition

Types of CTF :-

There are three common types of CTFs: Jeopardy, Attack-Defence and mixed.

Jeopardy-style CTFs have a couple of questions (tasks) in a range of categories. For example, Web, Forensic, Crypto, Binary or something else. A team can gain some points for every solved task. More points for more complicated tasks usually. The next task in a chain can be opened only after some team solves the previous task. Then the game time is over the sum of points shows you a CTF winner.

Attack Defence is another interesting kind of competition. Here every team has own network(or only one host) with vulnerable services. Your team has time for patching your services and developing exploits usually. So, then organizers connect participants of the competition and the wargame starts! You should protect own services for defense points and hack opponents for attack points. Historically this is the first type of CTFs, everybody knows about DEF CON CTF — something like a World Cup of all other competitions.

Mixed competitions may vary possible formats. It may be something like wargame with special time for task-based elements

CTF competitions generally focus on the following skills: reverse engineering, cryptography, ACM style programming, web vulnerabilities, binary exercises, networking, and forensics. Pick one and focus on a single topic as you get started.

Categories in CTF

CHALLENGES

Web Security/Applications

In this category of CTF the flag will be hidden somewhere on the website or a given IP. You just have to join the dots to reach the final flag.

Stegnography

Stegnography/Stego is a technique to embed/hide secret messages or flags in images, audio, video, or inside any other file.

Cryptography

In this category the given string will be encrypted using one or more than one algorithm. Our goal is to decrypt the string to form our flag.

Forensics

This is based on real-life incidents. Some things we might have faced like, we get a situation and a file to think about. Enumerate and use the file(s) to find the flag.

OSINT

In Open-source intelligence, as the name suggests, we have to find flags by searching on google, social media, or any other platform which is open for all.

Miscellaneous

This is a random category of CTF with some logical points.

Reversing

In this category we get an app. We have to break it and find the flag by various methods.

Tools to be used in CTF

JS Beautifier : It is used to reformat the obfuscated JS code. It involves parsing and reformatting the JavaScript code into statements, if blocks, loops, etc.

Steghide : Steghide is a steganography program that is able to hide data in vari‐ ous kinds of image- and audio-files. The color- respectivly sample-fre‐ quencies are not changed thus making the embedding resistant against first-order statistical tests.

Exiftool : This is another Stego tool which is used in reading, writing, and manipulating image, audio, video, and PDF metadata.

Foremost : It is a forensic tool to recover lost files based on their headers and footers by using file carving process.

Videos Help

Binwalk : It is a firmware extraction tool that extracts embedded file systems from firmware images.

EDB-debugger : edb is a cross platform AArch32/x86/x86-64 debugger. It was inspired by Ollydbg, but aims to function on AArch32, x86, and x86-64 as well as multiple OS’s. Linux is the only officially supported platform at the moment, but FreeBSD, OpenBSD, OSX and Windows ports are underway with varying degrees of functionality.

Note : You can use any Debugger you would like to use

Wireshark : It is a network protocol analyzer. It captures packets in real-time and displays them in a human-readable format.

John the Ripper : JTR is a password cracker tool. It detects the encryption on the hashed data and compares it against a large plain-text file that contains popular passwords, hashing each password, and then stopping it when it finds a match.