Capture the Flag also known as CTFs can be fun and frustrating at the same time. For awhile I have done some of these on a few platforms such as tryhackme and hackthebox. This isn’t about running around a building looking for physical flags but about finding flags on a remote computer system or network. A hacker’s playground as some may call it. It can be done solo or with a team. This is sort of like playing a video game except maybe without the cool graphics as most of what is done is via command line. So it’s text only most of the time.
The fun part of this is finding that way into the machine on your own and finding the flags to score points. There is the jeopardy style CTF which is often individual challenges such as cracking a hash to reveal the word or the boot2root style which is finding the user.txt and root.txt files. I prefer the boot2root version. While it may be mostly fun it can be a roller coaster of sorts. The “I hate this $%@!” to ‘Man I love doing this stuff!”. I have spent time trying to scan a machine only to realize I spent 10 minutes scanning a machine that doesn’t exist. Oops! There was a time where I spent quite a few hours trying to enumerate and gain credentials on a network only to realize the tools I was using were broken due to a recent update. There is a lot of wandering in the dark wondering “Is this machine broken, should I reset it?” Sometimes other users may be playing the game too and one of them causes the remote machine to crash which means it has to be reset. Sometimes mistakes can even be amusing such as the time I thought I had gained access to the remote machine and began poking around to find clues or flags only to think to myself “hmm…. this kind of looks familiar, did I do this machine before?” Only to realize that I somehow hacked myself. Blerk!
The tricky part of all this is that CTFs can be somewhat ‘game-ified’ whereas clues are left on purpose to give a player a sense they are in the right direction. It can be distracting for real world pentesting scenarios or taking certain exams that have no so called flags but only objectives such as gaining Administrator credentials for the Domain Controller to pass the exam. The other issue is knowing when to look up a walk through when you are stuck and avoiding the so called ‘tip addiction’. Again there are supposed to be no tips when taking a practical exam such as OSCP or PNPT you are on your own.
This post is sort of an intro to what a CTF is as I plan to provide some writeups of my own on some of the CTF machines I have gone through to show some of my journey into this field. Hopefully this will also improve my writing as one of the final stages of a pentest is writing a report and presenting it to the stakeholders for review. Also as an added bonus the writeup can help others who may be stuck as this is a way of giving back to the community.
On a final note I have provided some links for anyone looking to get started on their journey into this field down below.
- Hack The Box https://www.hackthebox.com/
- TryHackMe https://tryhackme.com/
- Pwned Labs https://pwnedlabs.io/
- Proving Grounds https://www.offsec.com/labs/individual/