Skip to main content

100 Reps

Post a Comment

Learning goals - Git Gud

 In 3 months there will be a CTF event that I want to attend.

I know absolutely nothing useful for CTF to even compete.

I am not going to be so deluded that I can catch up to their standard and mastery before then to win a placement there.

However, I want to see how I fare with the challenges.


I had a look at HackTheBox, OverTheWire and picoCTF.

picoCTF seems the most friendly so I will start there.


10 years of experience in software development will be an advantage and I can fast track through a lot of basics.

But I will go through the material at 3-4x speed to make sure I cover all bases.

There may be key points in the basics that I miss/forgotten.


Step 1. General Skills

https://youtu.be/3OawXnTELqA

Key Points:

  1. Binary numbers
  2. Encodings
    • Mappings of a number to a meaning
Practice:
Can you convert the number 42 (base 10) to binary (base 2)?
Doing it manually.

32 16 8 4 2 1
1    0  1 0 1 0

Explanation:
Write the powers of 2 until it hits 42.
Take 42.
Remove the biggest number you see that is a power of 2 (32)
Write down a 1 under 32
Left with 10
Remove the biggest number you see... (8)
Write down a 1 under 8
Left with 2
Remove the biggest number you see... (2)
Write down a 1 under 2
Left with 0
Write zeroes for everything else.

Answer is 101010
Wrap in the flag: picoCTF{101010}

Warmed Up

What is 0x3D (base 16) in decimal (base 10)?
Doing it manually.

3D means 3 x 16 + 13 = 61

Flag: picoCTF{61}

Lets Warm Up

If I told you a word started with 0x70 in hexadecimal, what would it start with in ASCII?

Look it up here: Ascii table

0x70 matches the 'p' lowercase character

Flag: picoCTF{p}


Shells

Shells let you type commands to the computer to do operations.
GUIs let you do it graphically.
Got a good bit of experience using this in my work.

Let's do the practice gym questions anyways. (completionism!)
Obedient cat
This file has a flag in plain sight (aka "in-the-clear"). Download flag.
Practice download and read the flag.
Either open with a text editor or use command line

command: cat flag

Flag: picoCTF{s4n1ty_v3r1f13d_1a94e0f9}


Wave a flag
Can you invoke help flags for a tool or binary? This program has extraordinarily helpful information...
Download the file (warm)
Add permission to execute it
chmod +x warm

Run the program ./warm -h
Usually -h will be help file
picoCTF{b1scu1ts_4nd_gr4vy_616f7182}



convertme.py
Run the Python script and convert the given number from decimal to binary to get the flag.
Download file.


what's a net cat?
Using netcat (nc) is going to be pretty important. Can you connect to jupiter.challenges.picoctf.org at port 41120 to get the flag?

Command:
nc jupiter.challenges.picoctf.org 41120

You're on your way to becoming the net cat master

Flag: picoCTF{nEtCat_Mast3ry_3214be47}


Comments

Post a Comment

Popular posts from this blog

PicoCTF: Low Level Binary Intro Playlist

Mochi's Tale Mochi's Tale is a really cool little game that teaches you how to "find things out" through experimentation. I found it a really helpful way to get you into the rhythm of learning rules without being told what they are in the first place.
Post a Comment
Read more

Linux Admin: Managing Users

I read through Chapter 2 of Linux Admin for Absolute Beginners by Martin Stevenson Key Learnings: Add Users Passwords User groups How to add users The flags of adduser varies across different version of Linux, so consult the man pages for more info. I am practising on Kali Linux, the simplest command is: sudo adduser --comment "Gym Owner Terry Crews" tcrews You will need root access for this. So using the root user or adding sudo will work. Sometimes you'll see another command useradd instead. The recommendation is to always use adduser. adduser is a wrapper for useradd.  adduser is more user friendly and interactive than its back-end useradd . There's no difference in features provided. Why is this important? This is how we can create an account for users to access Linux servers. If you have a new employee at your company or student who enters the university, they'll need access to the shared drive, a private drive for themselves etc. Groups Groups keep users i
Post a Comment
Read more

PicoCTF: The Debugger

GDB baby step 1  Can you figure out what is in the eax register at the end of the main function?  For Mac, gdb can be installed via homebrew: brew install gdbGDB baby step 2 Learn how to disassemble a program from binary file. Here we can see that in line 15, 0x86342 is copied into eax. The output here seems to reverse the arguments.
Post a Comment
Read more