forked from zelinsky/CTF-Course
-
Notifications
You must be signed in to change notification settings - Fork 0
/
intro.md.old
65 lines (48 loc) · 3.01 KB
/
intro.md.old
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# Getting Started
Welcome to ELEG 467/667!
In this course we are going to build up your cybersecurity skills through completeing Capture the Flag challenges and particpating in competitions.
# What is Capture the Flag?
Capture the flag as it pertains to our course is much different than the traditional capture the flag you may have played as a kid. In our CTF's, there is a flag hidden somewhere in a server, file, or website. You must use skills learned such as Forensics, Cryptography, Binary-Exploitation, and basic Linux to solve these "problems" to reveal the flag.
Most of the time, flags look like this format:
```
flag{l33t_sp34k-h3r3}
```
Certain categories of CTF's include:
* [Cryptography](#Cryptography)
* [RSA Encryption](#RSA)
* [Forensics](#Forensics)
* [Steganography]()
* [Network Traffic]()
* [Grep]()
* [Binary Exploitation](#Binary-Exploitation)
* [Web Exploitation](#Web-Exploitation)
* [Reverse Engineering](#Reverse-Engineering)
### Cryptography
Cryptography is when you take the flag in plaintext and jumble the text in a way that no longer can be understood by someone who intercepts the message, but is performed in an algorithmic way that can be undone by the intended reciever.
Classic Examples of Cryptography are the caesar cipher, rot-13, and the vigenere cipher.
```
synt{lBh_qVq_vG!}
```
#### RSA
RSA is a math based Encryption using prime numbers, exponentials, and modular arithmetic.
Try to decrypt this flag.
```
e = 65537
p = 307
q = 487
N = 149509
d = 48833
ct = 141654L
```
### Forensics
Forensics includes finding files in linux servers, finding flags in corrupted files, or finding flags in pictures (Steganography)
### Binary Exploitation
Binary Exploitation is making a program do something that it's not meant to do.
*cbtnuggets.com: "Binary exploitation comes down to making an application act differently than how it was intended to run. By making the application run differently, you’re gaining valuable information that you’ll use to alter or commandeer the target.*
*Common binary exploits use a technique known as memory corruption, which can enable an attacker to gain unauthorized privileges to the system that is running the application, or by hijacking the control flow of the application and injecting their commands directly into the system."*
### Web Exploitation
Web CTF's inculde server traversal via a website, or being able to search manually for the flag via a multitude of tools.
### Reverse Engineeering
*cbtnuggets.com: "Sometimes the flag will be a string hidden inside the application code. Depending on the challenge type and level of difficulty the task, you might need to use reverse engineering.*
*Reverse engineering challenges require an intimate knowledge debugger and disassembler software. The goal: Take a compiled binary, rip it apart, and find out how it works.*
*You will want to be familiar with how the application uses control flow, loops, and conditionals so that you can figure out how to bend the program to your will, and then hopefully capture the flag."*