ELEG 467/667

Pentesting & CTF's

View on GitHub

Getting Started

Welcome to ELEG 467/667!

In this course we are going to build up your cybersecurity skills through completeing Capture the Flag challenges and particpating in competitions.

What is Capture the Flag?

The Capture the Flag that we’ll be playing is a little different from the game you may have played as a kid. In our CTFs, there will be a number of challenges that you need to solve across different categories, sort of like Jeopardy. For a given challenge, you’ll be trying capture a flag that will look something like this: flag{1ns3r7_l337_sp34k_h3r3}. Once you find the flag, you can then submit it for points.

The flag could be hidden somewhere on a server or website, or in a file. You’ll have to utilize your programming skills and knowledge of a particular category or topic to solve the challenge and capture the flag.

Capture the Flag can certainly be difficult. There’ll be challenges that you’ll take hours and hours to solve, and there’ll be challenges you’ll put a lot of effort into and won’t be able to crack, and that’s okay. That’s how you learn. A big part of competing in CTFs is the learning aspect. A great way to improve is to look at writeups for challenges that you weren’t able to solve and understand the solutions. When you see similar problems in future CTFs, you’ll now have a better approach for them. Becoming better at CTFs is all about building up an arsenal of knowledge.

Common CTF Categories

Cryptography

Cryptography deals with the encryption and decryption of data. In Crypto challenges, you will often be given the flag in an encrypted format, and you will have to decrypt it. There are many different encryption schemes and techniques, and each have their own weaknesses and attacks.

Challege: Base64_Me

Solve the Base64_Me challenge.

Forensics

With Forensic challenges, you will often be trying to find information hidden in different types of files such as image, audio, and network traffic files. You will often have to use scripts and tools in order to find and extract the flag.

Challenge: Strings

Solve the Strings challenge.

Web

For Web challenges, you’ll be given a link to a webpage, sometimes some source code, and possibly a hint in the challenge title or description. From there, there are many forms the challenge could take on. Web challenges cover a wide range of web-based exploits and tend to focus on bad coding practice, common language vulnerabilities, code injection, and other exploits or web trickery.

Challenge: Login_0

Solve the Login_0 challenge.

Reverse Engineeering

With Reverse Engineering challenges, you will have to take a compiled binary (executable), rip it apart, figure out how it works, and and then control the program to capture the flag. For these challenges, you will need to have a good understanding of assembly code (control flow, loops, and conditionals) as well as debugger and disassembler software.

Challenge: Bytecode

Solve the Bytecode challenge.

Binary Exploitation

In Binary Exploitation or Pwning challenges, you will often be dealing with Linux ELF files (executables), and your goal will be to make the program act differently than intended. You will have to exploit the program in some way, typically with different types of memory corruption using buffer overflows.

Challenege: Easy_Overflow

Solve the Easy_Overflow challenge.

More Challenges