Skip to content

jon-brandy/CTF-WRITE-UP

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

WHAT IS CTF (?)

CTF (Capture The Flag) is a type of information security competition that challenges contestants to find solutions or complete various tasks. These tasks range from hunting for information from Wikipedia or the internet to basic programming exercises to intermediates aimed at hacking your way into a server to retrieve data. In general, contestants will be asked to find certain text that has been hidden behind web pages, servers or in images. This text is usually referred to as the flag. Like many other competitions, the skill level or difficulty for CTF varies greatly between events. Some of the competitions are targeted at professionals with experience operating in cybersecurity teams, and some are targeted at students who are new to cybersecurity in order to hone their skills and increase their knowledge. For students, the prizes given are usually financial support for education for those who succeed in becoming champions in competitions, then for professionals, usually large cash prizes.

TYPES OF CTF (in summary)

According to CTF-time, CTF is divided into various types. In summary, the jeopardy style CTF provides a list of challenges and reward points for individuals or teams who successfully complete or find a challenge solution, then the group with the most points wins. Next, there is attack/defense style CTF, this type of CTF focuses on attacking the opponent's server and defending your own server. Usually this type of CTF is intended for those who are very experienced in the world of cybersecurity and this type of CTF is carried out in a specific physical location.

JEOPARDY CHALLENGES

CATEGORY ABOUT
Web Exploitation Usually Involves SQL Injection, Command Injection, Directory Traversal, XSS, Server Side Request Forgery, and Cross Site Request Forgery
Cryptography XOR, Caesar Cipher, RSA, Stream Ciphers, Vigenere Cipher, Hashing Functions, Block Ciphers, Substitution Cipher.
Binary Exploitation Common topics addressed by Binary Exploitation are Registers, The Stack, Buffers, Global Offset Table, Calling Conventions, Return Oriented Programming, Procedure Linkage Table, The Heap, Double Free, File Stream, vtable, tcache, Format String, LIBC, Shellcode, Double Fetch, GDB / any debugger tools.
Reverse Engineering Usually involves Assembly, C , Disassemblers, and Decompilers.
Forensics Forensics is a way to recover data left on a computer. there are tons of methods out there to find deleted, unsaved, or worse, secretly recorded data. An important part of Forensics is having the right tools and being familiar with file formats , EXIF data, WireShark, Steganography , and Disk Imaging.

FUN-FACT

1. CTF can be played as an individual or in a team.
2. It is known that many challenges do not require programming knowledge and only 
rely on problem solving skills and creative thinking.
3. CTF have 2 common type, namely Attack & Defense CTF and Jeopardy CTF.

LABS WRITEUPS

HACKTHEBOX
LINK
LINK

PICOCTF
No. Problems Category Website Year Points Result
1. Obedient Cat General Skills picoCTF 2021 5 ✅ SOLVED
2. Mod 26 Cryptography picoCTF 2021 10 ✅ SOLVED
3. Wave a flag General Skills picoCTF 2021 10 ✅ SOLVED
4. Nice netcat... General Skills picoCTF 2021 15 ✅ SOLVED
5. Python Wrangling General Skills picoCTF 2021 10 ✅ SOLVED
6. Information Forensics picoCTF 2021 10 ✅ SOLVED
7. GET aHEAD Web Exploitation picoCTF 2021 20 ✅ SOLVED
8. Insp3ct0r Web Exploitation picoCTF 2019 50 ✅ SOLVED
9. where are the robots Web Exploitation picoCTF 2019 100 ✅ SOLVED
10. Secrets Web Exploitation picoCTF 2022 200 ✅ SOLVED
11. Local Authority Web Exploitation picoCTF 2022 100 ✅ SOLVED
12. Roboto Sans Web Exploitation picoCTF 2022 200 ✅ SOLVED
13. Search Source Web Exploitation picoCTF 2022 100 ✅ SOLVED
14. Includes Web Exploitation picoCTF 2022 100 ✅ SOLVED
15. Inspect HTML Web Exploitation picoCTF 2022 100 ✅ SOLVED
16. morse-code Cryptography picoCTF 2022 100 ✅ SOLVED
17. unpackme.py Reverse Engineering picoCTF 2022 100 ✅ SOLVED
18. Power Cookie Web Exploitation picoCTF 2022 200 ✅ SOLVED
19. don't-use-client-side Web Exploitation picoCTF 2019 100 ✅ SOLVED
20. picobrowser Web Exploitation picoCTF 2019 200 ✅ SOLVED
21. logon Web Exploitation picoCTF 2019 100 ✅ SOLVED
22. Client-side-again Web Exploitation picoCTF 2019 200 ✅ SOLVED
23. Irish-Name-Repo 1 Web Exploitation picoCTF 2019 300 ✅ SOLVED
23. Irish-Name-Repo 2 Web Exploitation picoCTF 2019 350 ✅ SOLVED
24. Basic-mod1 Cryptography picoCTF 2022 100 ✅ SOLVED
25. 13 Cryptography picoCTF 2019 100 ✅ SOLVED
26. Basic-mod2 Cryptography picoCTF 2022 100 ✅ SOLVED
27. file-run1 Reverse Engineering picoCTF 2022 100 ✅ SOLVED
28. Cookies Web Exploitation picoCTF 2021 40 ✅ SOLVED
28. credstuff Cryptography picoCTF 2022 100 ✅ SOLVED
29. Vigenere Cryptography picoCTF 2022 100 ✅ SOLVED
29. rail-fence Cryptography picoCTF 2022 100 ✅ SOLVED
30. substitution0 Cryptography picoCTF 2022 100 ✅ SOLVED
31. buffer overflow 0 Binary Exploitation picoCTF 2022 100 ✅ SOLVED
32. Packets Primer Forensics picoCTF 2022 100 ✅ SOLVED
33. St3g0 Forensics picoCTF 2022 300 ✅ SOLVED
34. Transformation Reverse Engineering picoCTF 2022 20 ✅ SOLVED
35. Enhance! Forensics picoCTF 2022 100 ✅ SOLVED
36. Eavesdrop Forensics picoCTF 2022 300 ✅ SOLVED
37. Sleuthkit Intro Forensics picoCTF 2022 100 ✅ SOLVED
38. Lookey here Forensics picoCTF 2022 100 ✅ SOLVED
39. Redaction gone wrong Forensics picoCTF 2022 100 ✅ SOLVED
40. file-run2 Reverse Engineering picoCTF 2022 100 ✅ SOLVED
41. patchme.py Reverse Engineering picoCTF 2022 100 ✅ SOLVED
42. substitution1 Cryptography picoCTF 2022 100 ✅ SOLVED
43. substitution2 Cryptography picoCTF 2022 100 ✅ SOLVED
44. SQL Direct Web Exploitation picoCTF 2022 200 ✅ SOLVED
45. SQLiLite Web Exploitation picoCTF 2022 300 ✅ SOLVED
46. basic-file-exploit Binary Exploitation picoCTF 2022 100 ✅ SOLVED
47. Safe Opener Reverse Engineering picoCTF 2022 100 ✅ SOLVED
48. Bloat.py Reverse Engineering picoCTF 2022 200 ✅ SOLVED
49. Forbidden Paths Web Exploitation picoCTF 2022 200 ✅ SOLVED
50. Web Gauntlet 2 Web Exploitation picoCTF 2021 170 ✅ SOLVED
51. Web Gauntlet Web Exploitation picoCTF 2020 Mini 200 ✅ SOLVED
52. Fresh Java Reverse Engineering picoCTF 2022 200 ✅ SOLVED
53. unpackme Reverse Engineering picoCTF 2022 300 ✅ SOLVED
54. Some Assembly Required 1 Web Exploitation picoCTF 2021 70 ✅ SOLVED
55. Some Assembly Required 2 Web Exploitation picoCTF 2021 110 ✅ SOLVED
56. Some Assembly Required 3 Web Exploitation picoCTF 2021 160 ✅ SOLVED
57. jaWT Scratchpad Web Exploitation picoCTF 2019 400 ✅ SOLVED
58. More Cookies Web Exploitation picoCTF 2021 90 ✅ SOLVED
59. Wireshark doo dooo do doo... Forensics picoCTF 2021 50 ✅ SOLVED
60. Wireshark twoo twooo two twoo... Forensics picoCTF 2021 100 ✅ SOLVED
61. tunn3l v1s10n Forensics picoCTF 2021 40 ✅ SOLVED
62. Matryoshka doll Forensics picoCTF 2021 30 ✅ SOLVED
63. MacroHard WeakEdge Forensics picoCTF 2021 60 ✅ SOLVED
64. Trivial Flag Transfer Protocol Forensics picoCTF 2021 90 ✅ SOLVED
65. Disk, disk, sleuth! Forensics picoCTF 2021 110 ✅ SOLVED
66. Disk, disk, sleuth! II Forensics picoCTF 2021 130 ✅ SOLVED
67. Mind your Ps and Qs Cryptography picoCTF 2021 20 ✅ SOLVED
68. Web Gauntlet 3 Web Exploitation picoCTF 2021 300 ✅ SOLVED
69. Super Serial Web Exploitation picoCTF 2021 130 ✅ SOLVED
70. Glory of the Garden Forensics picoCTF 2019 50 ✅ SOLVED
71. advanced-potion-making Forensics picoCTF picoMini by redpwn 100 ✅ SOLVED
72. Milkslap Forensics picoCTF 2021 120 ✅ SOLVED
73. shark on wire 1 Forensics picoCTF 2019 150 ✅ SOLVED
74. extensions Forensics picoCTF 2019 150 ✅ SOLVED
75. What Lies Within Forensics picoCTF 2019 150 ✅ SOLVED
76. m00nwalk Forensics picoCTF 2019 250 ✅ SOLVED
77. WhitePages Forensics picoCTF 2019 250 ✅ SOLVED
79. c0rrupt Forensics picoCTF 2019 250 ✅ SOLVED
80. like1000 Forensics picoCTF 2019 250 ✅ SOLVED
81. WebNet0 Forensics picoCTF 2019 350 ✅ SOLVED
82. crackme-py Reverse Engineering picoCTF 2021 30 ✅ SOLVED
83. WebNet1 Forensics picoCTF 2019 450 ✅ SOLVED
84. vault-door-training Reverse Engineering picoCTF 2019 50 ✅ SOLVED
84. vault-door-1 Reverse Engineering picoCTF 2019 100 ✅ SOLVED
85. asm1 Reverse Engineering picoCTF 2019 200 ✅ SOLVED
86. shark on wire 2 Forensics picoCTF 2019 300 ✅ SOLVED
87. Easy1 Cryptography picoCTF 2019 100 ✅ SOLVED
88. caesar Cryptography picoCTF 2019 100 ✅ SOLVED
89. la cifra de Cryptography picoCTF 2019 200 ✅ SOLVED
90. Tapping Cryptography picoCTF 2019 200 ✅ SOLVED
91. Flags Cryptography picoCTF 2019 200 ✅ SOLVED
92. Mr-Worldwide Cryptography picoCTF 2019 200 ✅ SOLVED
93. waves over lambda Cryptography picoCTF 2019 300 ✅ SOLVED
94. miniRSA Cryptography picoCTF 2019 300 ❌ UNSOLVED
95. Stonks Binary Exploitation picoCTF 2021 20 ✅ SOLVED
96. Magikarp Ground Mission General Skills picoCTF 2021 30 ✅ SOLVED
97. Easy Peasy Cryptography picoCTF 2021 40 ❌ UNSOLVED
98. Surfing the Waves Forensics picoCTF 2021 250 ✅ SOLVED
99. CVE-XXXX-XXXX Binary Exploitation picoCTF 2022 100 ✅ SOLVED
100. File types Forensics picoCTF 2022 100 ✅ SOLVED
101. Sleuthkit Apprentice Forensics picoCTF 2022 200 ✅ SOLVED
102. PW Crack 5 General Skills picoCTF picoMini 2022 100 ✅ SOLVED
103. 1_wanna_b3_a_r0ck5tar General Skills picoCTF 2019 350 ✅ SOLVED
104. GDB Test Drive Reverse Engineering picoCTF 2022 100 ✅ SOLVED
105. Who are you? Web Exploitation picoCTF 2021 100 ✅ SOLVED
106. m00nwalk2 Forensics picoCTF 2019 300 ✅ SOLVED
107. Operation Orchid Forensics picoCTF 2022 400 ✅ SOLVED
108. Operation Oni Forensics picoCTF 2022 300 ✅ SOLVED
109. SideChannel Forensics picoCTF 2022 400 ✅ SOLVED
110. transposition-trial Cryptography picoCTF 2022 100 ✅ SOLVED
111. Bbbbloat Reverse Engineering picoCTF 2022 300 ✅ SOLVED
112. RPS Binary Exploitation picoCTF 2022 200 ✅ SOLVED
113. clutter-overflow Binary Exploitation picoCTF picoMini redPwn 150 ✅ SOLVED
114. Pitter, Patter, Platters Forensics picoCTF picoMini 2020 200 ✅ SOLVED
115. Keygenme Reverse Engineering picoCTF 2022 400 ✅ SOLVED
116. Pixelated Cryptography picoCTF 2021 100 ✅ SOLVED
117. buffer overflow 1 Binary Exploitation picoCTF 2022 200 ✅ SOLVED
118. buffer overflow 2 Binary Exploitation picoCTF 2022 300 ✅ SOLVED
119. x-sixty-what Binary Exploitation picoCTF 2022 200 ✅ SOLVED
120. spelling-quiz Cryptography picoCTF picoMini 100 ✅ SOLVED
121. Shop Reverse Engineering picoCTF 2021 50 ✅ SOLVED
122. speeds and feeds Reverse Engineering picoCTF 2021 50 ✅ SOLVED
123. flag leak Binary Exploitation picoCTF 2022 300 ✅ SOLVED
124. function overwrite Binary Exploitation picoCTF 2022 400 ✅ SOLVED
125. ARMssembly 0 Reverse Engineering picoCTF 2021 40 ✅ SOLVED
126. Torrent Analyze Forensics picoCTF 2022 400 ✅ SOLVED
127. WPA-ing Out Forensics picoCTF picoGym Exclusive 200 ✅ SOLVED
128. JAuth Web Exploitation picoCTF picoGym Exclusive 300 ✅ SOLVED
129. ropfu Binary Exploitation picoCTF 2022 300 ✅ SOLVED
130. ARMssembly 1 Reverse Engineering picoCTF 2021 70 ✅ SOLVED
131. ARMssembly 2 Reverse Engineering picoCTF 2021 90 ✅ SOLVED
132. not-crypto Reverse Engineering picoCTF picoMini 150 ✅ SOLVED
133. gogo Reverse Engineering picoCTF 2021 110 ✅ SOLVED
134. vault-door-3 Reverse Engineering picoCTF 2019 200 ✅ SOLVED
135. Here's a LIBC Binary Exploitation picoCTF 2021 90 ✅ SOLVED
136. vault-door-4 Reverse Engineering picoCTF 2019 250 ✅ SOLVED
137. wine Binary Exploitation picoCTF 2022 300 ✅ SOLVED
138. stack cache Binary Exploitation picoCTF 2022 400 ✅ SOLVED
139. Unsubscriptions Are Free Binary Exploitation picoCTF 2021 100 ✅ SOLVED
140. Local Target Binary Exploitation picoCTF picoGym 100 ✅ SOLVED
141. Picker IV Binary Exploitation picoCTF picoGym 100 ✅ SOLVED
142. Bit-O-Asm-1 Reverse Engineering picoCTF picoGym 100 ✅ SOLVED
143. More SQLi Web Exploitation picoCTF 2023 200 ✅ SOLVED
144. SOAP Web Exploitation picoCTF 2023 100 ✅ SOLVED
145. VNE Binary Exploitation picoCTF 2023 200 ✅ SOLVED
146. hijacking Binary Exploitation picoCTF 2023 200 ✅ SOLVED
147. format string 3 Binary Exploitation picoCTF 2024 300 ✅ SOLVED
CTFLEARN
LINK
LINK

MEET THE AGENTS

FOR MORE BAY WRITEUPS
LINK TO BAY'S GITHUB PAGE
BAY

LEARNING REFERENCES

https://github.com/apsdehal/awesome-ctf/blob/master/README.md
https://int0x33.medium.com/day-18-essential-ctf-tools-1f9af1552214
https://ctftime.org/ctf-wtf/
https://cryptokait.com/2020/09/02/taking-password-cracking-to-the-next-level/
https://wiki.skullsecurity.org/index.php/Passwords#Password_dictionaries
https://askubuntu.com/questions/866596/you-do-not-have-permission-to-extract-to-this-folder
https://jwt.io/introduction
https://blog.didierstevens.com/2020/12/14/decrypting-tls-streams-with-wireshark-part-1/
https://www.tutorialspoint.com/assembly_programming/assembly_conditions.htm
https://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher
https://www.wattpad.com/437456092-codes-and-ciphers-maritime-signal-flags
https://en.wikipedia.org/wiki/International_maritime_signal_flags
https://en.wikipedia.org/wiki/Uuencoding
https://codewithrockstar.com/online
https://en.wikipedia.org/wiki/Request_for_Comments
http://www.lingoes.net/en/translator/langcode.htm
https://www.techtarget.com/whatis/definition/Do-Not-Track-DNT
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
https://en.wikipedia.org/wiki/X-Forwarded-For
https://lite.ip2location.com/sweden-ip-address-ranges?lang=en_US
https://www.linuxtopia.org/online_books/introduction_to_linux/linux_The_chmod_command.html
https://hackr.io/blog/sql-injection-cheat-sheet
https://en.wikipedia.org/wiki/Time_(Unix)
https://en.wikipedia.org/wiki/Timing_attack
https://int0x33.medium.com/day-1-rop-emporium-ret2win-64bit-bb0d1893a3b0
https://0xrick.github.io/binary-exploitation/bof1/
https://www.imperva.com/learn/application-security/buffer-overflow/
https://www.youtube.com/c/CyberSecurityIPB
https://int0x33.medium.com/day-1-rop-emporium-ret2win-64bit-bb0d1893a3b0
https://ctf101.org/binary-exploitation/heap-exploitation/
https://infosecwriteups.com/into-the-art-of-binary-exploitation-0x000001-stack-based-overflow-50fe48d58f10
https://cloudsecurityalliance.org/blog/2022/05/04/what-is-a-blob-binary-large-object-can-it-be-tokenized/
https://owasp.org/www-community/attacks/XPATH_Injection
https://book.hacktricks.xyz/pentesting-web/xpath-injection
https://crypto.stackexchange.com/questions/66085/bit-flipping-attack-on-cbc-mode/66086#66086
https://www.felixcloutier.com/x86/mov
https://owasp.org/www-community/attacks/Format_string_attack
https://www.wireshark.org/docs/dfref/b/bt-dht.html
https://pequalsnp-team.github.io/cheatsheet/flask-jinja2-ssti
https://kleiber.me/blog/2021/10/31/python-flask-jinja2-ssti-example/
http://www.securityidiots.com/Web-Pentest/SQL-Injection/addslashes-bypass-sql-injection.html
https://ldap.com/
https://www.varonis.com/blog/the-difference-between-active-directory-and-ldap
https://github.com/payloadbox/xxe-injection-payload-list
https://github.com/payloadbox/sql-injection-payload-list
https://github.com/payloadbox/xss-payload-list
https://docs.docker.com/engine/security/seccomp/
https://www.die.net/search/?q=read&sa=Search&ie=ISO-8859-1&cx=partner-pub-5823754184406795%3A54htp1rtx5u&cof=FORID%3A9&siteurl=linux.die.net%2Fman%2F&ref=www.google.com%2F&ss=238j25750j4#gsc.tab=0&gsc.q=read&gsc.page=1
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection
https://gtfobins.github.io/#
https://github.com/TeamRocketIst/ctf-usb-keyboard-parser
https://www.techtarget.com/searchstorage/definition/RAID-5-redundant-array-of-independent-disks
https://www.forensicfocus.com/articles/making-complex-issues-simple-a-unique-method-to-extract-evidence-from-raid-with-lost-configuration/
https://netsecninja.github.io/dfir-notes/wmi-forensics/
https://github.com/davidpany/WMI_Forensics
https://blog.nviso.eu/2021/10/21/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-1/
https://blog.nviso.eu/2021/11/17/cobalt-strike-decrypting-obfuscated-traffic-part-4/
https://blog.nviso.eu/2021/11/03/cobalt-strike-using-process-memory-to-decrypt-traffic-part-3/
https://blog.didierstevens.com/2021/10/11/update-1768-py-version-0-0-8/
https://github.com/DidierStevens/Beta/blob/master/cs-extract-key.py
https://github.com/DidierStevens/Beta/blob/master/cs-parse-http-traffic.py
https://www.eecg.utoronto.ca/~amza/www.mindsec.com/files/x86regs.html
http://6.s081.scripts.mit.edu/sp18/x86-64-architecture-guide.html