What is CTF ?
CTF(Capture the flag) is a kind of competition that challenges participants to do tasks from basics of hacking to your way into hacking web servers. Usually flag is a piece of text hidden somewhere on the webserver or tricked to be in a file but hidden. The goal is to find the hidden flag.
Categories in CTF
In this category of CTF the flag will be hidden somewhere on the website or a given IP. You just have to join the dots to reach the final flag.
Stegnography/Stego is a technique to embed/hide secret messages or flags in images, audio, video, or inside any other file.
In this category the given string will be encrypted using one or more than one algorithm. Our goal is to decrypt the string to form our flag.
This is based on real-life incidents. Some things we might have faced like, we get a situation and a file to think about. Enumerate and use the file(s) to find the flag.
In Open-source intelligence, as the name suggests, we have to find flags by searching on google, social media, or any other platform which is open for all.
This is a random category of CTF with some logical points.
In this category we get an app. We have to break it and find the flag by various methods.
Tools to be used in CTF
Steghide : Steghide is a steganography program that is able to hide data in vari‐ ous kinds of image- and audio-files. The color- respectivly sample-fre‐ quencies are not changed thus making the embedding resistant against first-order statistical tests.
Exiftool : This is another Stego tool which is used in reading, writing, and manipulating image, audio, video, and PDF metadata.
Foremost : It is a forensic tool to recover lost files based on their headers and footers by using file carving process.
Binwalk : It is a firmware extraction tool that extracts embedded file systems from firmware images.
EDB-debugger : edb is a cross platform AArch32/x86/x86-64 debugger. It was inspired by Ollydbg, but aims to function on AArch32, x86, and x86-64 as well as multiple OS’s. Linux is the only officially supported platform at the moment, but FreeBSD, OpenBSD, OSX and Windows ports are underway with varying degrees of functionality.
Note : You can use any Debugger you would like to use
Wireshark : It is a network protocol analyzer. It captures packets in real-time and displays them in a human-readable format.
John the Ripper : JTR is a password cracker tool. It detects the encryption on the hashed data and compares it against a large plain-text file that contains popular passwords, hashing each password, and then stopping it when it finds a match.
Sonic Visualizer : It analyzes the contents of audio files like waveforms, spectrums, and layers.
SQLmap: It is a tool used to automate the process of finding SQL injections and then exploits it.
Usage : sqlmap -u http://www.redacted.com/something.php?id=218 --dbs
Burpsuite: It comes with many things like intercepting web application requests, web crawler, bruteforcer, and much more.
These are the basics tools you should learn to use to do some CTF(s).
This is not the end!!!