CTF or Capture the Flag is a cybersecurity competitive event where participants solve security-related challenges to find hidden strings called flags. Often found in the format
terminal
CTF{yoU_FoUnD_M3}
These challenges simulate real-world vulnerabilities and problems across areas like cryptography, web security, reverse engineering, forensics and binary exploitation.
The goal is to capture as many flags as possible as a team or individual within a time limit. Each flag earns points and players or teams are ranked on a scoreboard.
Cryptography
Cryptography included breaking weak algorithms, recovering keys, understanding math flaws, such as a Caesar Cipher algorithm.
In the example below, we see a encoded message which has used a caeser cipher algorithm. All letters are shifted by a certain number of offsets. In this case, we have an offset of 3, so A would become D. To crack the encryption we can shift the offset, print the result and end when a flag is discovered.
terminal
ciphertext = "fdwfk_wkh_iodj"
def decrypt(text, shift):
result = ""
for c in text:
if c.isalpha():
shift_base = ord(A) if c.isupper() else ord(a)
result += chr((ord(c) - shift_base - shift) % 26 + shift_base)
else:
result += c
return result
terminal
for s in range(26):
print(s, decrypt(ciphertext, s))
OUTPUT: catch_the_flag
Binary Exploitation (PWN)
Binary Exploitation includes reverse engineering of binaries, exploiting memory bugs like buffer overflows, formatted strings. An example of this is an input overflow to get a shell.
In the below code the function vuln() is called from main. Using gets() the program reads bytes from standard input into buffer without any bounds checking. If the user types more than 32 bytes, those extra bytes are written into adjacent memory releasing the flag.
terminal
void win() {
printf("CTF{buffer_overflow_success});
}
void vuln() {
char buf[32];
gets(buf); // Vulnerable function!
}
int main() {
vuln();
return 0;
}
Reverse Engineering
Involves analysing compiled code to recover logic or keys. Examples include disassembling binary to find hidden flags.
Web Exploitation
Occurs via exploiting vulnerable web apps (SQLI, XSS, insecure auth) by potentially injecting payloads into parameters.
In the example provided below an SQL attack occurs. We are assuming that the application builds an SQL query by string concatenation. If an attacker was to supply the command below, because 1 is always true, the WHERE clause can evaluate to true, bypassing authentication.
terminal
-- Vulnerable login check
SELECT * FROM users WHERE username = '$user' AND password = '$pass';
-- Attacker Input
' OR '1'='1
Authentication bypassed!
Forensics
Analysing files, memory dumps, disk images or network traffic to receover hidden files, such as inside a PNG.
OSINT
OSINT (Open-Source Intelligence) is the process of collecting and analyzing information from publicly available sources to generate useful intelligence. These sources can include websites, social media, news articles, government publications, forums, images, and even metadata hidden in files.
Beginner Learning Tool
CyberChef is a simple, intuitive web app for analysing and decoding data without having to deal with complex tools or programming languages. CyberChef encourages both technical and non-technical people to explore data formats, encryption and compression. A simple, intuitive web app for analysing and decoding data without having to deal with complex tools or programming languages. CyberChef encourages both technical and non-technical people to explore data formats, encryption and compression.