FIT3173: Capture The Flags – Introduction and Hands on
Dr Xiao of Software Systems and Cybersecurity Faculty of Information Technology
What is CTF
Copyright By PowCoder代写 加微信 powcoder
• Capture The Flags, or CTFs, are a kind of computer security competition • Teams of competitors (or just individuals) are challenged against each other in a
test of computer security skill
• There are two kinds of CTF competitions. Jeopardy CTFs and Attack & Defence CTFs
Source: https://www.csaw.io
Kinds of CTFs
• Jeopardy CTFs are the most common kind of CTF competition
• They are based on a set of challenges that competition organisers present to competitors.
• Competitors form teams and then work together on the challenges
• Each challenge is designed so that when the competitor solves it, a small piece of
text or “flag” is revealed
• Teams receive points for each solved task. The more difficult the task, the more points you can earn upon its successful completion
Example of a flag
Kinds of CTFs
• Attack & Defence CTFs are a less common kind of CTF (because of their complexity)
• In an A&D CTF, teams are each given the same set of vulnerable server software
• Teams are to setup & audit this software before the competition
• When starts, teams will launch attacks against each others servers trying to exploit the vulnerabilities they’ve found
• Likewise, teams will need to properly patch their software so that it is protected against these exploits and functions normally
• Teams receive points for extracting flags, properly defending their flags, and keeping their servers operating normally
CTF Events
DEF CON is one of the biggest and also the oldest hacker’s summit, held annually in Las Vegas (USA) since 1993
Teams are competed for a US$2M grand prize.
See https://ctftime.org for more details…
CTF Topics
Cryptography
Web Exploitation
Reverse Engineering
Binary Exploitation
Miscellaneous
• Any challenge to examine and process a hidden piece of information out of static data files could be considered a Forensics challenge
• In a CTF context, “Forensics” challenges can include file format analysis, steganography, memory dump analysis, or network packet capture analysis
• Forensics in CTF covers the following topics • File Formats
• EXIF data
• Wireshark & PCAPs
• Steganography • Disk Imaging
• Example Task:
• Example Task:
Looks like an image file … Let’s try to open it with image viewer …
Ops… The file format is not supported by the image viewer… Let’s try to open it with hex editor
Captured the flag!
Ahh… It turns out to be a text file… Try searching for Flags …
Cryptography
• Cryptography is the practice and study of techniques for secure communication in the presence of third parties
• In the case of CTFs, the goal is usually to crack or clone cryptographic objects or algorithms to reach the flag
Cryptography
• Example:
• Shift over the alphabet a certain number of places and substitute the
original letter for the shifted letters
• “HELLO WORLD” -> “IFMMP XPSME”
Cryptography • Example Task 1:
Decrypt this message: synt{5pq1004q-86n5-46q8-o720-oro5on0417r1}
Caesar cipher
• Example Task 1:
Use online tools …
Or write a script to print out all possible results …
Cryptography
Cryptography • Example Task 2: Plus
Decrypt this message: afZ_r9VYfScOeO_UL^RWUc
Format: flag{ }
Cryptography • Example Task 2: Plus
Attempt 1. Print out all possible solutions … But it seems none makes sense
Cryptography
• Example Task 2: Plus
Observation:
ASCII Code of afZ_ is 97, 102, 90, 95 ASCII Code of flag is 102, 108, 97, 103
The offsets are: 5, 6, 7, 8 …
The offset for each character is increased by 1
Cryptography • Example Task 2: Plus
Solution: write a script to decode the message …
flag{Caesar_variation}
Web Exploitation
• This type of challenges focus on finding and exploiting the vulnerabilities in web application
• Common vulnerabilities to see in CTF challenges: • SQL Injection
• Command Injection
• Directory Traversal
• Cross Site Request Forgery • Cross Site Scripting
• Server Side Request Forgery
• Example Task:
Web Exploitation
https://www.wechall.net/challenge/training/mysql/auth_bypass1/index.php
• Example Task:
Web Exploitation
• Example Task:
Web Exploitation
The query becomes:
SELECT * FROM users WHERE username = ‘admin’#’ AND password=‘’
Reverse Engineering
• Reverse Engineering in a CTF is typically the process of taking a compiled (machine code, bytecode) program and converting it back into a more human readable format
• Very often the goal of a reverse engineering challenge is to understand the functionality of a given program such that you can identify deeper issues
Reverse Engineering • Example Task:
Reverse Engineering • Example Task:
Open the exe file in IDA … View Strings …
Find suspicious strings “this is the right flag!” and “{hello_world}” … We can further find Str2 == {Hello_World}
Reverse Engineering • Example Task:
Let’s take a look at the pseudocode …
“o”s in Str2 are replaced with “0”s
The input flag is compared with Str2 …
The flag is {Hell0_W0rld}
Binary Exploitation
• Binaries, or executables, are machine code for a computer to execute
• Binary Exploitation (also known as pwn in CTF) is to find a vulnerability in the program and exploit it to gain control of a shell or modify the program’s functions
• Example Task: See Lab 3
Binary Exploitation
Miscellaneous
• Many challenges in CTFs will be completely random and unprecedented, requiring simply logic, knowledge, and patience to be solved
• There is no sure-fire way to prepare for these, but as you complete more CTFs you will be able to recognize and hopefully have more clues on how to solve them
• Example Task 1:
Miscellaneous
• Example Task 1:
Open the file with a hex editor …
Miscellaneous
And find it is indeed a PNG file
• Example Task 1:
Miscellaneous
Scroll down to the end of the file, we find a string “hidden binaryUT”, which obviously is not a part of the PNG file.
Use binwalk tool to analyse the file …
• Example Task 1:
Use “binwalk -e” to extract the hidden files …
Check the file format … It is ELF executable
Execute the file …
Miscellaneous
• Example Task 2:
Miscellaneous
• Example Task 2:
Open the file with a hex editor …
Miscellaneous
And find the file header is missing …
• Example Task 2:
Fill in the file header for PNG file (89 50 4E 47)
Miscellaneous
And open the file…
• Example Task 2:
Captured the Flag!
Miscellaneous
• Example Task 3:
Miscellaneous
• Example Task 3:
Miscellaneous
Open it with any audio visualiser (e.g., Sonic Visualiser), but can’t find any information …
• Example Task 3:
Miscellaneous
As the file name suggested, convert to a spectrogram view.
Captured the Flag!
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com