Learn CTF from scratch

News 2023-07-29 04:12:10 views: null

foreword


Introduction to CTF


Chinese is generally translated as capture the flag competition, which refers to a form of technical competition among network security technicians in the field of network security. way of competition

race mode

Problem solving mode:

In the problem-solving mode CTF competition system, participating teams can participate through the Internet or on-site network. This mode of CTF competition is similar to the ACM programming competition and the Informatics Olympiad. The ranking is based on the score and time for solving network security technology challenges. Usually used for online tryouts. Topics mainly include reverse engineering, vulnerability mining and utilization, web penetration, cryptography, forensics, steganography, secure programming and other categories.


Offensive and defensive mode:

In the offensive and defensive mode CTF competition system, participating teams attack and defend each other in cyberspace, dig out network service loopholes and attack opponent services to score points, and repair their own service loopholes for defense to avoid losing points. The offensive and defensive mode CTF competition system can reflect the game situation in real time through the score, and finally the winner is directly determined by the score. It is a highly competitive, highly ornamental and highly transparent network security competition system. In this competition system, not only the intelligence and skills of the participating players are compared, but also the physical strength (because the competition usually lasts for 48 hours or more), but also the division of labor and cooperation between the teams.


Blend Mode:

The CTF competition system combines the problem-solving mode and the offensive and defensive mode. For example, participating teams can obtain some initial points by solving problems, and then use offensive and defensive confrontation to increase or decrease the score in a zero-sum game. Finally, the winner is determined by the score. A typical representative of the mixed-mode CTF competition system is the iCTF International CTF Competition.

qualifying round

They are all online competitions, and the competition formats are almost all problem-solving modes. Enter the official website, log in with your account and password, and you will be taken to a page where the questions are classified by category (what categories will be discussed later), click to provide the link to the question, question information, question prompts and flag (answer) to submit, and you will get Fraction. Among them, the first blood, the second blood, and the third blood get higher scores, and the teams who answer the question later get the same score. The fewer teams answer the question, the more points they get, and then they are ranked according to the score to determine the team that enters the final .
For example: for a check-in question, the initial score is 500. When a team submits the correct flag, the score will drop to 470/450. The more the number of people, the greater the drop in score. And the score of the first blood, the second blood and the third blood will be higher than that of the correct answer in the follow-up questions.

finals

Almost all offline competitions are conducted in a mixed mode, because the questions in the offensive and defensive mode are prone to problems such as easy to defend and difficult to attack, and problems that cannot be learned in the speed section. Because of this, most of the finals are reverse-oriented Lord, it can easily become a retrograde contest. So what do web players do? Let's drink tea and do odd jobs!


2. Topic classification


Topics generally fall into 6 categories:

1. Web (Network Security)

Web is one of the main question types in the CTF competition. The questions involve many common WEB vulnerabilities, such as XSS, file inclusion, code execution, upload vulnerabilities, and SQL injection. There are also some simple examinations of networking basics such as return packets, TCP-IP, packet content and structure. It can be said that the topic environment is closer to the real environment.

Required knowledge points: PHP, Python, SQL (mainly mysql), TCP-IP, linux commands, html, javascript, etc.


2. MISC (miscellaneous security)

MISC is a large-scale CTF competition. The questions are very difficult. It is a type that can increase the score, but it is not difficult in small competitions and question banks. The topics involve steganography, traffic analysis, electronic forensics, human flesh search, data analysis, big data statistics, etc., covering a wide range of topics, mainly examining the various basic comprehensive knowledge of the contestants.

Required knowledge points: Familiar with using many steganography tools, traffic inspection tools, understanding coding, etc.


3.Crypto (cryptography)

It mainly includes two parts: classical cryptography and modern cryptography. Classical cryptography is interesting and diverse, while modern cryptography has high security and requires higher understanding of algorithms.

Required knowledge points: matrix, number theory, classical cryptography, algorithm, etc.


4.Reverse (reverse)

The topic involves software reverse engineering, cracking technology, etc., and requires a solid foundation in disassembly and decompilation. It mainly examines the reverse analysis ability of the contestants.

Required knowledge points: assembly language, encryption and decryption, common decompilation tools.


5. Mobile (mobile security) 

It mainly introduces the common tools and main question types in Android reverse engineering. Android reverse engineering often requires a certain amount of Android development knowledge. iOS reverse engineering questions rarely appear in CTF competitions, so I won’t introduce them too much.


6. PWN (binary security)

In hacker slang, PWN means breaking through and gaining permission. In the CTF competition, it represents overflow problems. Common types of overflow vulnerabilities include stack overflow and heap overflow. It mainly examines the ability of parameter players to exploit loopholes.

Required knowledge points: C, OD+IDA, data structure, operating system.


7. (Blockchain)

-Blockchain issues have appeared in many CTF competitions recently, and blockchain applications are becoming more and more popular applications, and blockchain will become a focus in the future. Because I haven't been in touch with it, I won't go into details here.

3. How to get started

Getting started is a big barrier for us novices, and many people don't know how to get started.

Personal Getting Started Steps

1. Determine the direction

Generally divided into two directions

Direction A: PWN+Reverse+Crypto randomly matched
Direction B: Web+Misc combined with
Misc, everyone can do it

Introductory knowledge:
What you need to learn: Windows foundation, Linux foundation, computer composition principle, operating system principle, network protocol analysis
Direction A: IDA tool use (fs plug-in), reverse engineering, cryptography, buffer overflow, etc.
Direction B: Top 10 Security Vulnerabilities in Web Security, Network Security, Intranet Penetration, Database Security, etc.

2. How to solve the questions

Brushing up questions is very important. Many people can see that brushing up questions is the first step in other ctf introductory tutorials, and it is also an important step for advancement

Example 1: Open the topic of web2 in bugku
and find a bunch of smiling faces crazily coming towards you, and the speed is getting faster and faster, so how to do this question?

web2 This question examines information gathering. Click f12 in Chrome (Google browser), you can open the console, you can see one of them

<!--flag KEY{Web-2-bugKssNNikls9100}-->

web2 What does this sentence mean? It tells you the answer. You can submit KEY{Web-2-bugKssNNikls9100} to the input box to get points.

web2

Summary
What should I do after submitting the flag? At this time, you have to look at what is being investigated in this question? Console, so what is a console? If you know, go to the next question. If you don’t know, then I can Google (what is a web console), or Baidu, and then find an answer in Zhihu. What is the function of the function that appears after pressing F12 in Chrome?
After memorizing, see if this knowledge point is difficult, whether you can master it, if you are afraid of forgetting, then you should take notes

3. Use practice to promote competition, and use competition to support training

Choose a contest that already exists for Writeup or join a recent CTF contest.
To summarize the problem-solving process, it is best to write a blog or the like.

4. Recommended platform

 I strongly recommend bugku, and take your time to do the rest, first do a good job with bugku, and then do the offensive and defensive world, and you will enter the threshold of advanced.

5. Tool collection

Don't download the tools recommended by others first, you won't learn them anyway, you must look for them in the process of solving problems, so that you can deepen your impression and directly summarize a set of experiences.

4. Programming

Many people will be entangled in whether to go deep into programming. Don’t go too deep, it’s almost enough, you can write a program by referring to the documentation, and you can understand it, because every language can’t be learned, and it’s always being updated. If you focus too much on one language, Safety knowledge is quite easy to miss. Or go deep into some popular programming, such as PHP, python, java, etc. Among them, PHP can be said to be a must-learn item. If you can learn this language thoroughly, then there is no pressure on code auditing.

The above are all personal thoughts, and you have to decide how to choose. Whether you want to go deep into it or which one to go deep into is a problem. You must think carefully before you start. Don’t change the direction after learning halfway. This is a big taboo in learning, because You will do the same when you learn other things, unless you find that this is not very suitable for your development.

Summarize

The most important thing is to brush the questions. If you don’t know how to do it, just look at other people’s Writeup. Don’t be afraid that you won’t be able to do it. Brushing the questions is very boring at the beginning, but this is a learning process. If you don’t do it, you will never do it.

Finally, I attach the CTF learning materials I have compiled. Those who need them can follow me and send them automatically in the background.


 

 

Guess you like

Origin blog.csdn.net/Dasdwer/article/details/131946468
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com