Beginners-Guide-to-Ctfs

A Beginners Guide To Ctf’s

picoCTF: The Webshell
To access the picoCTF webshell click webshell in the corner of the screen.
Click This Button
Then you will see this screen:
enter image description here
There are many different things you can do with this web terminal. (Linux)
This Challenge is a good example of using it. Here is the writeup for that:
Question: Can you invoke help flags for a tool or binary? This program has extraordinarily helpful information…

Files: warm

Approach: After downloading the file running the command

file warm

shows it as an executable file.

When we try to run using

./warm

It gives error. One of the reason might be that it does not have execution permission. To give permission enter

chmod +x warm

running again gives

Hello user! Pass me a -h to learn what I can do!

Finally running

./warm -h

returns the flag

Flag: picoCTF{b1scu1ts_4nd_gr4vy_6635aa47}

You can run file like this but to run Python (.py) you have to do something different.

Python

Python in the picoCTF terminal is preinstalled. To find out all commands do $ man python. This will list all commands. Here are the most helpful:

(Delete the brackets)
ls Will list all files in your directory.
wget [url] This will import your file into the terminal.
python [file] Will run a file in your directory

A good example of these is this challenge.

  • python [file] -e [file.txt] Will encrypt a file with the python script.
  • python [file] -d [file.txt] Will decrypt a file with the python script.

Here is an example of some of these commands:
enter image description here

Best programs on the terminal

  1. Gobuster

Gobuster is a web exploitation program that searches for open ports. You can install it on mac with Homebrew. Install it on linux

Hacking: Web Exploitation/Osint
This is a guide to just hacking on the web in general.

OWASP Top 10
The OWASP Top 10 are the most common vulnaribilities on a website in general. When doing ctf’s or just trying to hack a site remember to go by these 10 exploits.

  1. Injection: Imagine you have a password box on a website. Hackers can try to trick the website into executing harmful commands by injecting code through that box, like a secret language that only computers understand.

  2. Broken Authentication: When websites have weak or easily guessable passwords or don’t protect your login information properly, hackers can easily break into your accounts.

  3. Sensitive Data Exposure: Sometimes websites store sensitive information (like credit card numbers) insecurely. If a hacker gains access to that information, they can steal it and use it for illegal activities.

  4. XML External Entities (XXE): This is when hackers trick a website into processing malicious XML files, allowing them to steal data or even take control of the entire server.

  5. Broken Access Control: Websites sometimes have flaws in their access controls, allowing unauthorized users to access sensitive information or perform certain actions they shouldn’t be able to do.

  6. Security Misconfigurations: This means when a website or application is not set up properly, making it easier for hackers to access sensitive information or exploit vulnerabilities.

  7. Cross-Site Scripting (XSS): Hackers can inject malicious code into a website or application, making it execute this code on other users’ browsers. This could lead to stealing data or taking control of accounts.

  8. Insecure Deserialization: When websites allow data to be deserialized (converted into another format), hackers can manipulate this process to execute malicious code or gain unauthorized access.

  9. Using Components with Known Vulnerabilities: Many websites use third-party components or frameworks. If these components have known security vulnerabilities, hackers can exploit them to attack the website.

  10. Insufficient Logging and Monitoring: If a website or application doesn’t log or keep track of important security events, it becomes difficult to detect and respond to any attacks or suspicious activities.

These are the most common but there are more. There are many different exploits, many of which can be found on ctflearn or picoCTF. Also make sure to observe and intercept the https requests and headers the website is doing. These can be very valuable.

Https Rquesting & Intercepting
Intercepting and editing headers can be a very valuable skill I clearly remember this episode of Darknet Diaries where this pen tester was looking at the https requests of a crate an account login page and one of the headers was Admin=False he changed it to true and became the admin. The best ways to intercept and send https requests are with Tamper Dev and Talend API Tester