Software Security - S18

CSE 545

CTF2 Preparation Guide

A key part of studying security is putting your skills to the test in practice. Hacking challenges known as Capture The Flag (CTF) competitions are a great way to do this.

Our second in-class CTF will be held on Wednesday, February 21st in EDC 117 at the usual time (4:35–5:50pm). This challenge will focus on the application security topics we have covered so far. You will be attacking a set of vulnerable services and binaries. Your goal is to exploit each vulnerability and retrieve a secret value known as the “flag”.

You will need to bring your own laptop (with a working internet connection) in order to participate. Access to a Linux terminal is strongly recommended.

Step 1: Create an account in CTFd

Our second CTF will be a group effort. To get started, your registered team needs to create an account in our online CTF system.

The captain of your team should click on the link below and use your registered team name as your username.

Create CTFd Account (use your registered team name!)

After submitting the form, your account should be created and logged in right away.

Step 2: Submitting your first flag

Now, open the list of challenges in the system and click on the first challenge.

You will see a popup with specific instructions on how to obtain the flag. Follow the instructions and submit the flag in the same popup window. You’ve scored your first point!

With each flag you submit, your score will go up on the scoreboard, where you can also view your classmates' progress.

Note that all flags have the form FLAG{50m3_dumb_m355463} OR FLG12345678 so that you can easily recognize them. For this CTF, you only need to submit each flag once (there are no distinct rounds, and there is no patching of services).

Step 3: Solving the challenges

Solve more of the challenges found on the same page and submit the flags as you did before. Clicking on each challenge name on the challenges page may give you helpful hints about where the vulnerable service is running and how to attack it.

Grading

Your participation and score on the in-class CTFs will be a factor in your project score. Your team must solve all the challenges by 4:35pm on Monday, February 26th to receive maximum points.

Useful Tools

All the challenges can be solved using the tools and techniques we discussed in class. Useful commands include nc, objdump, readelf, strings, etc. It is also highly recommended that you use pwntools.