Capture the flag, commonly abbreviated as CTF, is a traditional outdoor game where two teams each have a flag (or other marker) and the object is to capture the other team’s flag, located at the team’s “base” and bring it safely back to their own base. CTF means a lot in the technical sense. They are popular war-games for ethical hacking people. Hackers are given ciphers/questions and are asked to find the flags hidden to proceed to the next level. These involve penetration testing, viewing source codes, binary exploitation etc. The terms may seem weird now. You will understand all these terms in the latter part of the blog 😀
There are various aspects in computer security and there are many war-games for you to enjoy. I was a stranger to computer security, until I heard about Build the Shield (A National Level Ethical Hacking Challenge by Microsoft). I and my friends registered for the online prelims. We hardly prepared for a month by participating/reading all past CTFs. Our joy knew no bounds, when we heard that our team was selected to the national level finals, which was held at MSIDC, Hyderabad. I will try to explain on how we prepared for this grand event, in-spite of being beginners to computer security.
Before you start participating :
Hope that you have installed Linux operating system on a virtual machine or real machine and next you need to learn how to use it. Linux commands help us to use various features of the Linux operating system and make it easy for us to interact with it. You need not by-heart all the Linux command but need to make yourself familiar with at least few important commands which are commonly used like creating a file, listing your running process, searching for files in a directory using grep etc. The best way to learn is by doing, bandit overthewire provide you a platform to workout various Linux commands through a challenge based approach. The challenges are distributed into various levels and you need to complete upto level 22, additional bonus points will be given to those who are able to crack all the challenges.
Some Programming Tasks for you to begin with:
1. Login into Code Academy and start doing Python track(This is not a mandatory task)
2. Register yourself in Topcoder and do the following SRMs:
a. SRM-147: Caesar Cipher
b. SRM-249: Chat Transcript
c. SRM-405: Falling Factorial Power
d. SRM-425: Inverse Factoring
e. SRM-470: Linear Travelling Salesman
f. SRM-484: Number Magic Easy
g. SRM-505: Sentence Capitalizer Inator
h. SRM-506: Slime X Slime Rancher 2
i. SRM-519: WhichDay
j. SRM-526: 5 Magic Stone Stores
Web Application Security:
Task 1: This task is for those who don’t have any prior experience with web application development. In order to better understand web application security concepts, you need to know how to develop a good web application. Don’t worry if you have not made one, there are lot of resources which will help you to learn it. Go to codeacademy and complete the following tracks on PHP, Javascript and HTML. The estimated time to complete the following track is 21 hours and will give you basic knowledge that is need to develop a web application.
Task 2: Web applications use database to store its data and it is important to have a basic understanding about databases. The security vulnerabilities like SQL injection are related to databases and without understanding about it, you will find it hard to understand injection attacks on web applications. Complete the following SQL tasks to get a basic understanding about Structure Query Language which is used to query the databases.
Task 3: You need complete few tasks from Natas overthewire which will teach you some basic server side web security. There are total of 23 levels, you need to complete at least 10 levels and each additional level completed will be awarded bonus points.
Task 4: Read about OWASP Top 10 web application security vulnerability list.
Task 5: Now you are good with some of the top web application security vulnerabilities. But only theoretical knowledge will not help, you need to practice few challenges from root-me.org, before you start, you need to register with root-me.org.
a. http://www.root-me.org/en/Challenges/Web-Client/
b. http://www.root-me.org/en/Challenges/Web-Server/
Networking Tasks:
Some points to ponder:
1.Try to capture the traffic from your machine using Wireshark. Now imagine this scenario, while capturing the traffic, all of a sudden your GUI got crashed and you got access only to a controlling terminal (tty). What are the tools necessary to capture the network traffic?
2.Now, without using scp how are you going to copy several files to your guest machine? Is it possible to copy the files securely? (Hint: nc, ftp, sftp)
Try softwares like Fiddler to intercept Web Traffic!
Binary Exploitation:
It is the art of reverse engineering an exe file and to bypass its security mechanism. You can use tools like OllyDb and Hex-editors to read hex code and reverse engineer them. Debuggers and disassemblers are mostly used in this task. On exploring these, one will be able to understand the basics of buffer overflow, format string, heap overflow and return oriented programming.
TODO:
Buffer Overflow: In computer security and programming, a buffer overflow, or bufferoverrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory. This is a special case of violation of memory safety. Tasks:
1. Read Aleph one’s Smash The Stack article
2. Solve some of the Overflow challenges from 2013 picoCTF
Heap Overflow: A type of buffer overflow that occurs in the heap data area. Heap overflows are exploitable in a different manner to that of stack-based overflows. Memory on the heap is dynamically allocated by the application at runtime and typically contains program data. Exploitation is performed by corrupting this data in specific ways to cause the application to overwrite internal structures such as linked list pointers. Tasks:
1. Read this blog post
Will keep you updated with more TODO tasks in the next post 😀