CTFS

O QUE SÃO CTFS?

CTF significa Capture the Flag. No âmbito da informática, são competições que envolvem diversas competências dos profissionais/estudantes/entusiastas para a resolução de desafios relacionados à infosec (segurança da informação), com o objetivo de capturar a bandeira (normalmente um código) e pontuar.

TIPOS DE CTFS:

Existem dois tipos de CTFs, os Jeopardy-style (estilo Quiz), que normalmente são online e servem como Qualificatórias para as Finais de Attack/Defense, que são realizadas on-site (offline). Ainda há a possibilidade do evento ser “híbrido”, e misturar os dois tipos, como é o caso do CTF brasileiro Pwn2Win.

Attack/Defense: de forma genérica, as equipes recebem uma VM com diversos serviços (alguns vulneráveis), e o objetivo é capturar as bandeiras alheias e proteger as do seu time com patchs.

Jeopardy-style: são apresentadas questões de diversas categorias, níveis de dificuldade e pontuações. As categorias variam de competição pra competição, mas as principais são:

• Reversing (Eng. Reversa). Ex: Rev 100 – 2º HnR.
• Crypto (Criptografia). Ex: Crypto 100 – SECCON 2014.
• Forensics (Forense). Ex: For 20 – Pwn2Win 2014.
• Miscellaneous (Diversos). Ex: Misc 100 – 3º HnR.
• Trivias (Triviais).
• Web Hacking. Ex: Web 100 – SECCON 2014.
• Networking (Redes).
• Pwnables/Exploitation (Exploração de binários). Ex: Exploitation 20 – ADCTF 2014.
• PPC (Professional Proramming and Coding). Ex: PPC 7 – ADCTF 2014.

Para saber mais, acesse: https://ctftime.org/ctf-wtf/

DOCS

Disponibilizaremos aqui links para materiais (artigos, guias, palestras, etc) e tudo mais que podem ajudá-lo em sua trajetória no Maravilhoso Mundo das Competições Capture the Flag! Eventualmente tentaremos traduzir alguns docs para ajudar quem ainda não tem familiaridade com a língua inglesa.

• A Brief History of CTF – Bela apresentação do psifertex, contando um pouco da história dos CTFs.

• CTF Field Guide, por Trail of Bits – “Guia de Campo” que pretende nortear novos players e pessoas que desejam começar a trabalhar com segurança da informação.

• CTF CheatSheet, por Rudy “Rryy” Matela – Cheatsheet conciso de comandos que podem ser utilizados para facilitar a vida durante os CTFs. Foi feito pelo Rryy, membro do CTF-BR.

• CTF Resources – estilo nosso /docs, englobando muita coisa sobre CTFs.

• Awesome CTF – outra coleção de links bem interessante.

• CTF Heaven – repositório do TheZakMan, membro do Projeto.

• Maximum CTF: Getting the Most Out of Capture the Flag, por Jordan “psifertex” Wiens – Palestra ministrada na DEF CON 17 por um dos maiores contribuidores/entusiastas da cena, o psifertex. É um dos organizadores do Ghost in the Shellcode, o CTF que tem o game Pwn Adventure como uma das atrações principais.

• Hacking Games in a Hacked Game: outra palestra do psifertex, juntamente com Rusty Wagner, ministrada na Infiltrate 2015.

• On the Battlefield with the Dragons, por Dragon Sector – Palestra ministrada pelo capitão e vice-campeão do Dragon Sector (melhor time de 2014) no evento CONFidence deste mesmo ano. Eles citam diversos exemplos de challenges que já resolveram, o que nos mostra claramente a diversidade e multidisciplinaridade que os CTFs proporcionam.

• Pwning (sometimes) with style, por Dragon Sector – Dragons’ notes on CTFs.

• MHacks Tinfoil Security Tech Talk: Zero to Zeroday – Palestra introdutória de CTFs ministrada por Shane Wilton. Sem sombra de dúvidas uma das melhores!

• USENIX Enigma 2016 – Building a Competitive Hacking Team – Palestra do tylerni7, do PPP (Plaid Parliament of Pwning), falando sobre seu time e o mundo dos CTFs.

• USENIX Enigma 2016 – Capture the Flag: An Owner’s Manual – Palestra ministrada por Vito Genovese, um dos organizadores do CTF da DEF CON! Slides e Vídeo.

• DEF CON 23 – Machine vs. Machine: Inside DARPA’s Fully Automated CTF – Mais uma palestra do psifertex, explicando o funcionamento da competição automatizada de pwning criada pela DARPA (Defense Advanced Research Projects Agency).

• Meet the PPP – Conhecendo o melhor time da atualidade.

• DEF CON in the news: A profile of this year’s CTF champs Plaid Parliament of Pwning!

• A DEF CON CTF 2016 Overview – Overview do evento de um membro do PPP, time vencedor.

• LiveOverflow Youtube Channel – Muitos vídeos bons e didáticos.

• Entrevista com o CyKoR – Time que bateu o PPP nas Finals da DEF CON 2015.

ONDE TREINAR?

• Shellterlabs – Rede social brasileira de segurança da informação, com challenges de vários CTFs famosos.

• akictf – Wargame feito pelo akiym, membro do time japonês dodododo. Tem challenges com dificuldade crescente envolvendo diversas categorias.

• pwnable.kr – Site com challenges somente de exploitation.

• pwnable.tw – Semelhante ao pwnable.kr, porém criado pelo pessoal do HITCON.

• canyouhack.it – Site com challenges de diversas categorias.

• reversing.kr – Site com diversos challenges de reversing, sendo a maioria binários do Windows (PE).

• crackmes.de – Mais challenges de reversing, focado especificamente em cracks.

• challenges.re – Mais reversing.

• id0-rsa.pub – Crypto challenges.

• cryptopals.com – Challenges de criptografia feitos pela Matasano.

• eudyptula-challenge.org – Challenges de programming referentes ao kernel do linux.

• microcorruption.com – Challenges de exploitation.

• ringzer0team.com – Outro site com diversos challenges de muitas categorias.

• chall.tasteless.eu – Challenges criados pelo time internacional Tasteless.

• root-me.org – Challenges diversos e conta com material de apoio.

• CTF Learn – Plataforma feita com os challenges dos próprios players. Você também pode adicionar o seu!

• PwnerRank – Plataforma com challenges de praticamente todas categorias pra treinar.

• Tigress – Challenges de RE referente ao The Tigress C Diversifier/Obfuscator. Alguns challenges unsolvable.

• Stereotyped Challenges – vários challenges web feitos pelo stypr, player do dcua.

• Hack the Box – destaque para os vários challenges que simulam cenários reais de pentest.

CTFS NACIONAIS?

Hacking n’ Roll – CTF organizado pelo pessoal do INSERT (Information Security Research Team), do Ceará. Já fizeram 5 edições, sendo a partir da segunda, que ocorreu em 2012, em formato Jeopardy, com duração de 24 horas consecutivas, nos moldes das competições internacionais.

Pwn2Win CTF – Inspirado no Hacking n’ Roll, o time brasileiro Epic Leet Team, formado em 2012 para jogar a segunda edição do HnR, criou seu próprio CTF em 2014, utilizando elementos de CTFs Jeopardy e Attack/Defense. O evento tornou-se internacional a partir da segunda edição, que ocorreu em 2016.

3DSCTF – O time 318br fez a primeira edição do 3DSCTF no final de 2016. Foi internacional e teve duração de 168 horas.

WRITE-UPS?

Uma boa forma de aprender é vendo write-ups de challenges que você tentou mas não conseguiu fazer, ou ainda para ver as diversas soluções para o mesmo desafio. Nos links abaixo você consegue achar write-ups facilmente:

• Projeto CTF-BR Repo (pt-BR)

• CTFTime Repo

• GitHub Repo

PRÓXIMO CTF?

Basta acompanhar o CTFTime, site referência no meio, pois ele possui uma área de “Upcoming Events“. Além disso, possui um ranking global com o score dos times durante o ano, sendo que cada CTF, dependendo da dificuldade e outros fatores, possui um peso para definir sua pontuação. A fórmula utilizada para calcular o rating pode ser vista aqui.

Se você está começando, busque jogar nos CTFs com rating baixo, ou High School.

Awesome CTF

A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place.

Contributing

Please take a quick look at the contribution guidelines first.

If you know a tool that isn’t present here, feel free to open a pull request.

Why?

It takes time to build up collection of tools used in ctf and remember them all. This repo helps to keep all these scattered tools at one place.

Contents

• Awesome CTF
  • Create
    • Forensics
    • Platforms
    • Steganography
    • Web
  • Solve
    • Attacks
    • Bruteforcers
    • Cryptography
    • Exploits
    • Forensics
    • Networking
    • Reversing
    • Services
    • Steganography
    • Web
• Resources
  • Operating Systems
  • Starter Packs
  • Tutorials
  • Wargames
  • Websites
  • Wikis
  • Writeups Collections

Create

Tools used for creating CTF challenges

Forensics

Tools used for creating Forensics challenges

• Dnscat - Hosts communication through DNS
• Registry Dumper - Dump your registry

Platforms

Projects that can be used to host a CTF

• CTFd - Platform to host jeopardy style CTFs from ISISLab, NYU Tandon
• FBCTF - Platform to host Capture the Flag competitions from Facebook
• HackTheArch - CTF scoring platform
• Mellivora - A CTF engine written in PHP
• NightShade - A simple security CTF framework
• OpenCTF - CTF in a box. Minimal setup required
• PicoCTF Platform 2 - A genericized version of picoCTF 2014 that can be easily adapted to host CTF or programming competitions.
• PyChallFactory - Small framework to create/manage/package jeopardy CTF challenges
• RootTheBox - A Game of Hackers (CTF Scoreboard & Game Manager)
• Scorebot - Platform for CTFs by Legitbs (Defcon)
• SecGen - Security Scenario Generator. Creates randomly vulnerable virtual machines

Steganography

Tools used to create stego challenges

Check solve section for steganography.

Web

Tools used for creating Web challenges

JavaScript Obfustcators

• Metasploit JavaScript Obfuscator
• Uglify

Solve

Tools used for solving CTF challenges

Attacks

Tools used for performing various kinds of attacks

• Bettercap - Framework to perform MITM (Man in the Middle) attacks.
• Layer 2 attacks - Attack various protocols on layer 2

Crypto

Tools used for solving Crypto challenges

• FeatherDuster - An automated, modular cryptanalysis tool
• Hash Extender - A utility tool for performing hash length extension attacks
• PkCrack - A tool for Breaking PkZip-encryption
• RSACTFTool - A tool for recovering RSA private key with various attack
• RSATool - Generate private key with knowledge of p and q
• XORTool - A tool to analyze multi-byte xor cipher

Bruteforcers

Tools used for various kind of bruteforcing (passwords etc.)

• Hashcat - Password Cracker
• John The Jumbo - Community enhanced version of John the Ripper
• John The Ripper - Password Cracker
• Nozzlr - Nozzlr is a bruteforce framework, trully modular and script-friendly.
• Ophcrack - Windows password cracker based on rainbow tables.
• Patator - Patator is a multi-purpose brute-forcer, with a modular design.

Exploits

Tools used for solving Exploits challenges

• DLLInjector - Inject dlls in processes
• libformatstr - Simplify format string exploitation.
• Metasploit - Penetration testing software
• one_gadget - A tool to find the one gadget execve('/bin/sh', NULL, NULL) call
  • gem install one_gadget
• Pwntools - CTF Framework for writing exploits
• Qira - QEMU Interactive Runtime Analyser
• ROP Gadget - Framework for ROP exploitation
• V0lt - Security CTF Toolkit

Forensics

Tools used for solving Forensics challenges

• Aircrack-Ng - Crack 802.11 WEP and WPA-PSK keys
  • apt-get install aircrack-ng
• Audacity - Analyze sound files (mp3, m4a, whatever)
  • apt-get install audacity
• Bkhive and Samdump2 - Dump SYSTEM and SAM files
  • apt-get install samdump2 bkhive
• CFF Explorer - PE Editor
• Creddump - Dump windows credentials
• DVCS Ripper - Rips web accessible (distributed) version control systems
• Exif Tool - Read, write and edit file metadata
• Extundelete - Used for recovering lost data from mountable images
• Fibratus - Tool for exploration and tracing of the Windows kernel
• Foremost - Extract particular kind of files using headers
  • apt-get install foremost
• Fsck.ext4 - Used to fix corrupt filesystems
• Malzilla - Malware hunting tool
• NetworkMiner - Network Forensic Analysis Tool
• PDF Streams Inflater - Find and extract zlib files compressed in PDF files
• ResourcesExtract - Extract various filetypes from exes
• Shellbags - Investigate NT_USER.dat files
• UsbForensics - Contains many tools for usb forensics
• Volatility - To investigate memory dumps

Registry Viewers

• RegistryViewer - Used to view windows registries
• Windows Registry Viewers - More registry viewers

Networking

Tools used for solving Networking challenges

• Bro - An open-source network security monitor.
• Masscan - Mass IP port scanner, TCP port scanner.
• Monit - A linux tool to check a host on the network (and other non-network activities).
• Nipe - Nipe is a script to make Tor Network your default gateway.
• Nmap - An open source utility for network discovery and security auditing.
• Wireshark - Analyze the network dumps.
  • apt-get install wireshark
• Zmap - An open-source network scanner.

Reversing

Tools used for solving Reversing challenges

• Androguard - Reverse engineer Android applications
• Angr - platform-agnostic binary analysis framework
• Apk2Gold - Yet another Android decompiler
• ApkTool - Android Decompiler
• Barf - Binary Analysis and Reverse engineering Framework
• Binary Ninja - Binary analysis framework
• BinUtils - Collection of binary tools
• BinWalk - Analyze, reverse engineer, and extract firmware images.
• Boomerang - Decompile x86 binaries to C
• ctf_import – run basic functions from stripped binaries cross platform
• Frida - Dynamic Code Injection
• GDB - The GNU project debugger
• GEF - GDB plugin
• Hopper - Reverse engineering tool (disassembler) for OSX and Linux
• IDA Pro - Most used Reversing software
• Jadx - Decompile Android files
• Java Decompilers - An online decompiler for Java and Android APKs
• Krakatau - Java decompiler and disassembler
• Objection - Runtime Mobile Exploration
• PEDA - GDB plugin (only python2.7)
• Pin A dynamic binary instrumentaion tool by Intel
• Plasma - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.
• Pwndbg - A GDB plugin that provides a suite of utilities to hack around GDB easily.
• radare2 - A portable reversing framework
• Triton - Dynamic Binary Analysis (DBA) framework
• Uncompyle - Decompile Python 2.7 binaries (.pyc)
• WinDbg - Windows debugger distributed by Microsoft
• Xocopy - Program that can copy executables with execute, but no read permission
• Z3 - a theorem prover from Microsoft Research

JavaScript Deobfuscators

• Detox - A Javascript malware analysis tool
• Revelo - Analyze obfuscated Javascript code

SWF Analyzers

• RABCDAsm - Collection of utilities including an ActionScript 3 assembler/disassembler.
• Swftools - Collection of utilities to work with SWF files
• Xxxswf - A Python script for analyzing Flash files.

Services

Various kind of useful services available around the internet

• CSWSH - Cross-Site WebSocket Hijacking Tester
• Request Bin - Lets you inspect http requests to a particular url

Steganography

Tools used for solving Steganography challenges

• Convert - Convert images b/w formats and apply filters
• Exif - Shows EXIF information in JPEG files
• Exiftool - Read and write meta information in files
• Exiv2 - Image metadata manipulation tool
• ImageMagick - Tool for manipulating images
• Outguess - Universal steganographic tool
• Pngtools - For various analysis related to PNGs
  • apt-get install pngtools
• SmartDeblur - Used to deblur and fix defocused images
• Steganabara - Tool for stegano analysis written in Java
• Stegbreak - Launches brute-force dictionary attacks on JPG image
• StegCracker - Steganography brute-force utility to uncover hidden data inside files
• stegextract - Detect hidden files and text in images
• Steghide - Hide data in various kind of images
• Stegsolve - Apply various steganography techniques to images
• Zsteg - PNG/BMP analysis

Web

Tools used for solving Web challenges

• BurpSuite - A graphical tool to testing website security.
• Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
• Hackbar - Firefox addon for easy web exploitation
• OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
• Postman - Add on for chrome for debugging network requests
• Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning
• SQLMap - Automatic SQL injection and database takeover tooli
• W3af - Web Application Attack and Audit Framework.
• XSSer - Automated XSS testor

Resources

Where to discover about CTF

Operating Systems

Penetration testing and security lab Operating Systems

• Android Tamer - Based on Debian
• BackBox - Based on Ubuntu
• BlackArch Linux - Based on Arch Linux
• Fedora Security Lab - Based on Fedora
• Kali Linux - Based on Debian
• Parrot Security OS - Based on Debian
• Pentoo - Based on Gentoo
• URIX OS - Based on openSUSE
• Wifislax - Based on Slackware

Malware analysts and reverse-engineering

• Flare VM - Based on Windows
• REMnux - Based on Debian

Starter Packs

Collections of installer scripts, useful tools

• CTF Tools - Collection of setup scripts to install various security research tools.
• LazyKali - A 2016 refresh of LazyKali which simplifies install of tools and configuration.

Tutorials

Tutorials to learn how to play CTFs

• CTF Field Guide - Field Guide by Trails of Bits
• CTF Resources - Start Guide maintained by community
• Damn Vulnerable Web Application PHP/MySQL web application that is damn vulnerable
• How to Get Started in CTF - Short guideline for CTF beginners by Endgame
• MIPT CTF - A small course for beginners in CTFs (in Russian)

Wargames

Always online CTFs

• Backdoor - Security Platform by SDSLabs.
• Crackmes - Reverse Engineering Challenges
• Ctfs.me - CTF All the time
• Exploit Exercises - Variety of VMs to learn variety of computer security issues.
• Gracker - Binary challenges having a slow learning curve, and write-ups for each level.
• Hack The Box - Weekly CTFs for all types of security enthusiasts.
• Hack This Site - Training ground for hackers.
• Hacking-Lab - Ethical hacking, computer network and security challenge platform.
• Hone Your Ninja Skills - Web challenges starting from basic ones.
• IO - Wargame for binary challenges.
• Microcorruption - Embedded security CTF
• Over The Wire - Wargame maintained by OvertheWire Community
• Pwnable.kr - Pwn Game
• Pwnable.tw - Binary wargame
• Pwnable.xyz - Binary Exploitation Wargame
• Reversin.kr - Reversing challenge
• Ringzer0Team - Ringzer0 Team Online CTF
• Root-Me - Hacking and Information Security learning platform.
• ROP Wargames - ROP Wargames
• SmashTheStack - A variety of wargames maintained by the SmashTheStack Community.
• VulnHub - VM-based for practical in digital security, computer application & network administration.
• W3Challs - A penetration testing training platform, which offers various computer challenges, in various categories.
• WebHacking - Hacking challenges for web.
• WeChall - Always online challenge site.
• WTHack OnlineCTF - CTF Practice platform for every level of cyber security enthusiasts.

Self-hosted CTFs

• Juice Shop CTF - Scripts and tools for hosting a CTF on OWASP Juice Shop easily.

Websites

Various general websites about and on ctf

• CTF Time - General information on CTF occuring around the worlds
• Reddit Security CTF - Reddit CTF category

Wikis

Various Wikis available for learning about CTFs

• Bamboofox - Chinese resources to learn CTF
• ISIS Lab - CTF Wiki by Isis lab
• OpenToAll - Open To All Knowledge Base

Writeups Collections

Collections of CTF write-ups

• Captf - Dumped CTF challenges and materials by psifertex
• CTF write-ups (community) - CTF challenges + write-ups archive maintained by the community
• CTFTime Scrapper - Scraps all writeup from ctf time and organize which to read first
• pwntools writeups - A collection of CTF write-ups all using pwntools
• Shell Storm - CTF challenge archive maintained by Jonathan Salwan
• Smoke Leet Everyday - CTF write-ups repo maintained by SmokeLeetEveryday team.

LICENSE

CC0 :)

---

• https://ctf-br.org/docs/
• https://wheresmykeyboard.com/2016/07/hacking-sites-ctfs-wargames-practice-hacking-skills/
• https://github.com/apsdehal/awesome-ctf/blob/master/README.md
• https://ctftime.org/ctfs