Digital Defenders CTF: A Comprehensive Review and Guide to Beginner-Friendly CTF Experiences
Please go through this blog here, for some background about the event. I have added some images to this blogs as well showing by solves.
“Digital Defenders” was a Capture the Flag (CTF) event designed specifically for beginners, with the purpose of introducing them to the world of CTFs and fostering an understanding of fundamental cybersecurity concepts. The CTF encompassed a range of challenges across the following categories:
- Web Security: This category focused on testing participants’ knowledge and skills in securing web applications and identifying vulnerabilities.
- Network Analysis: Participants were tasked with analyzing network traffic and applying various techniques to detect and mitigate potential security threats.
- Digital Forensics: In this category, participants delved into the realm of digital forensics, utilizing investigative techniques to uncover and analyze digital evidence.
- Cryptography: The cryptography category challenged participants to decipher encrypted messages, apply cryptographic algorithms, and explore the principles behind secure communication.
By incorporating challenges from these diverse categories, Digital Defenders provided a comprehensive learning experience that equipped participants with a solid foundation in CTFs and cybersecurity concepts.
The CTF commenced on July 6th at 8:00 PM and continued until July 9th at 11:59 PM. To ensure a balanced and manageable experience for participants, the challenges were released in waves, rather than all at once. A new set of challenges was unveiled every 12 hours, with the final wave becoming available on July 8th at 8:00 AM. This approach granted participants sufficient time to tackle as many challenges as they could effectively solve, without feeling overwhelmed by the volume of tasks presented.
I take great pride in announcing that I have successfully completed all 35 challenges presented during the event, securing second place overall. This accomplishment highlights my dedication, perseverance, and proficiency in the realm of cybersecurity. It was an exhilarating experience to overcome each challenge, further enhancing my skills and knowledge in the field. I am grateful for the opportunity to participate in such a competitive and enlightening event.
Allow me to provide a brief overview of each category within the CTF, the tools I employed to conquer the challenges, and the valuable skills I acquired throughout the process.
Web Security
The challenges within the category were designed with the intention of providing participants with a comprehensive understanding of various types of vulnerabilities. The easier challenges primarily focused on familiarizing participants with developer tools, emphasizing their usage in specific tasks like the “Partly_stored_answers” challenge. Additionally, participants were introduced to the concept of cookies, their significance, and the potential consequences that could arise if cookies were left unobfuscated or easily modifiable, as highlighted in the “CookieMonster” challenge.
Furthermore, there were challenges that specifically demonstrated how the absence of proper input sanitization could lead to SQL injections, exemplified in the “Secret Keeper” challenge. These challenges aimed to highlight the importance of input validation and proper handling of user-provided data to prevent security breaches.
Moreover, the CTF included challenges that delved into the realm of local file infiltration, as exemplified by the “Laughable File Infiltration” challenge. These challenges shed light on the potential risks associated with inadequate file handling and emphasized the significance of secure file management practices.
The medium challenges introduced a higher level of complexity and required a deeper understanding of vulnerabilities. One such challenge, “XML parser”, focused on the vulnerabilities that can arise in websites that parse XML inputs. Through this challenge, I learned that these types of websites are particularly susceptible to XXE (XML External Entity) exploits. XML, similar to HTML, is a markup language used for organizing data. It allows the definition and utilization of entities, which serve as placeholders or references within an XML document. However, in the case of an XXE vulnerability, attackers can manipulate the XML input to exploit this functionality, potentially gaining unauthorized access or retrieving sensitive information.
In the “Feedback” challenge, I initially faced confusion regarding the task at hand. Upon further exploration of the challenge website, I discovered that I could communicate with the admin by sending links under the pretense of “verification.”
It became evident that the website was vulnerable to XSS (Cross-Site Scripting). XSS is a web security vulnerability wherein attackers inject malicious scripts into web pages viewed by other users. These scripts can be leveraged to steal sensitive information, manipulate page content, or execute unauthorized actions on behalf of the user. Specifically, the challenge website was prone to DOM-Based (Document Object Model) XSS attacks. To overcome this challenge, I crafted a script that aimed to exploit the vulnerability by injecting malicious code into a web page, triggering an event, and exfiltrating the victim’s cookies to an external server.
This demonstration highlighted the potential risks associated with XSS vulnerabilities and underscored the importance of implementing proper input validation and output encoding techniques to mitigate such attacks.
In the hard challenges, I encountered an advanced version of the “Laughable File Infiltration” challenge called “Laughable File Infiltration 2.” Initially, my usual exploitation techniques did not yield the desired response when searching for the flag. To investigate further, I turned to Burp Suite to analyze the request and response. Upon inspection, I discovered that the input field had a defense mechanism in place, which sanitized the input. Through trial and error, I eventually managed to bypass the defense mechanism, realizing the importance of strengthening obfuscation techniques. This challenge emphasized the significance of enhancing security measures to make it more challenging for potential attackers to infiltrate.
In the “GHOST” challenge, it became evident that I could upload files to the website. Drawing from my experience with platforms like Hack The Box, I recognized this as a straightforward file upload vulnerability, which could potentially allow me to execute arbitrary scripts and exert control over the website. I leveraged this vulnerability and combined it with a command injection script to execute desired commands, thereby highlighting the risks associated with file upload vulnerabilities.
This concludes the web security section of the CTF, encompassing a total of 10 challenges, including 6 easy, 2 medium, and 2 hard challenges. The experience of learning and solving these challenges was immensely informative and enhanced my understanding of web security concepts and vulnerability exploitation techniques.
Digital Forensics
Within the Digital Forensics category, the challenges were primarily aimed at educating participants about various file formats, the significance of magic bytes, different steganography techniques, and conducting investigations on memory dumps using forensic tools. Throughout these challenges, I utilized the Volatility 2.6 framework to perform the required investigations and analyses.
In the easy challenges, I encountered several intriguing tasks that focused on broken or corrupted images. Two challenges, namely “f1xm3” and “Upgr4d3d_f1xm3,” presented images that could not be viewed using standard image viewing applications. To unravel these challenges, I employed a hex editor to inspect the images’ underlying data. Through research, I discovered the correct magic bytes that a PNG image should have and manually fixed the corrupted magic bytes. This process allowed me to reveal the hidden flag concealed within the images.
Another challenge, “bl1ndf0ld,” required the usage of tools like stegsolve to manipulate the image pane colors. By changing the color scheme, I was able to uncover hidden information embedded within the images.
In the “Alw4y5_h4s_b33n” challenge, I encountered an image that necessitated a change in its dimensions to reveal the hidden data. By adjusting the image dimensions, I unveiled the concealed information contained within the image.
Furthermore, the “C4pt4inC0ld” challenge involved data being hidden within white spaces. To extract this hidden data, I utilized a tool called stegsnow, which allowed me to retrieve the concealed information from the whitespace gaps within the image.
In the medium challenges, I encountered memory dumps and was tasked with finding the flags hidden within them. To tackle these challenges, I utilized the Volatility framework, which proved to be an effective tool for memory analysis.
In the “R3c0v3rytxt” challenge, the objective was to recover a specific file. To begin, I used the imageinfo plugin within Volatility to identify the type of memory dump provided. This information helped me understand the context of the challenge. Next, I employed the filescan plugin to scan the memory dump and extract information about the files contained within it. By analyzing the results, I located a document called “flag.txt” that held the desired flag. Using the dumpfiles plugin, I extracted the file from the memory dump, enabling me to obtain the flag.
In the “bl4ckscr33n_ex3cuti0n” challenge, the provided challenge description indicated that a computer crash occurred. The objective was to determine the cause of the crash and identify any console output that might have been generated during the event.
To investigate this scenario, I utilized the console plugin within Volatility. This plugin allows for the examination of console output and can provide valuable insights into system events leading up to a crash. By executing the console plugin on the memory dump, I was able to view the console logs or messages that were written during the crash.
Analyzing the console output, I discovered the presence of the flag, which provided the solution to the challenge. The process was relatively straightforward, as the information required was directly available through the console plugin.
In the “7h3_Analyst” challenge within the hard category, I employed multiple Volatility plugins to obtain the flag. Based on the challenge description, I began my investigation by examining files, the Chrome history, environment variables, and employing brute-forcing techniques.
To extract relevant information, I utilized the envars plugin, which allowed me to retrieve an essential password key from the environment variables. This key became a crucial component in further decryption processes.
Next, I employed the filescan plugin to identify a file named “password.zip” within the memory dump. To access its contents, I utilized the fcrackzip tool, performing a brute-force attack against the password using the rockyou.txt wordlist, commonly employed in password cracking attempts. Eventually, I successfully deciphered the password-protected “password.zip” file.
Within the decrypted archive, I discovered an encrypted text. Utilizing the key obtained from the envars plugin, I decrypted the encrypted content. This step provided me with meaningful information for the next phase of the challenge.
Examining the Chrome history, I uncovered a pastebin link. However, it was password-protected. Leveraging the decrypted password obtained from the previous steps, I successfully decrypted the pastebin link and accessed its contents, ultimately revealing the flag.
In the “brut3nf0rce” challenge, I encountered a zip file that required brute-forcing to uncover its password. To approach this task, I created a custom list of potential passwords that I believed might be used to secure the zip file. By utilizing tools like fcrackzip or similar utilities, I initiated a brute-force attack against the zip file, trying each password from my custom list until I successfully unlocked it.
Upon successful extraction of the zip file, I discovered an image file within its contents. However, this image concealed additional information that was password-protected. To reveal the hidden data, I employed a tool called stegcracker, which allowed me to perform another brute-force attack on the image using my custom password list.
By running stegcracker and trying each password from my list, I eventually succeeded in unlocking the hidden information within the image and obtained the flag.
Indeed, the forensics part of the CTF provided valuable insights and hands-on experience in dealing with memory analysis, extracting data from corrupted files, and investigating memory dumps. These challenges served as an excellent introduction to the world of digital forensics and laid the groundwork for conducting thorough investigations.
Throughout the challenges, I learned essential techniques to recover data from broken or corrupted files, such as repairing magic bytes in images to reveal hidden flags. The utilization of memory dump analysis using tools like Volatility allowed me to understand the importance of examining various artifacts, such as console logs and environment variables, to gain crucial information during forensic investigations.
These starting steps taught me the significance of identifying and leveraging different plugins within memory analysis tools, as well as employing brute-forcing techniques to crack password-protected files. Additionally, I acquired practical experience in decrypting data and using it to access password-protected resources.
Network Analysis
In the category focused on Wireshark and the Scapy library in Python, the challenges aimed to familiarize participants with the tools’ functionalities and enhance their understanding of network packet analysis.
By engaging with these challenges, I acquired essential skills in navigating Wireshark, a powerful network protocol analyzer. I learned how to capture and inspect network traffic, interpret packet contents, and identify potential security issues or anomalies. This experience proved valuable in understanding various network protocols, their structures, and how data is exchanged across networks.
Additionally, I explored the Scapy library in Python, which allowed me to work with packets programmatically. Using Scapy, I gained the ability to manipulate and extract data from packets provided in the challenges. This enabled me to perform more advanced analyses, such as filtering specific packets, crafting custom packets, and parsing relevant information for further investigation.
In the easy challenges “One_By_One” and “Decrypt_The_Secrets,” I found the process of obtaining the flags to be quite straightforward. As I opened the provided files in Wireshark, I immediately gained access to the network packet data, which allowed me to inspect the content of each packet.
For the “One_By_One” challenge, I began analyzing the data streams within the packets, and by carefully examining the packet contents, I quickly identified the flag.
Similarly, in the “Decrypt_The_Secrets” challenge, my focus was on thoroughly inspecting the data streams within the packets. As I analyzed the packet data, I discovered the hidden flag, solving the challenge.
In the challenge “Packet_Sniffing”, I had to export the data hidden within the packets. In this case an image which had the flag.
These tasks provided me with a valuable opportunity to practice using Wireshark as a network protocol analyzer. By actively engaging with the packet data, I strengthened my ability to identify relevant information and extract flags from captured network traffic.
In the “Digital_Vault” and “Protocol_Crackdown” challenges, I encountered fragmented data concealed within TCP packets. The appearance of the fragmented data resembled the hexadecimal representation of a PNG file.
To reconstruct the hidden information and retrieve the flags, I utilized the Scapy library in Python. By employing Scapy, I could effectively assemble the fragmented data from the TCP packets into a complete image file.
The process involved extracting the relevant hexadecimal data from the packets, arranging and reassembling them in the correct order, and then converting them back into a PNG image format. By executing these steps, I successfully recovered the hidden data and obtained the flags.
This exercise provided an excellent opportunity to work with Scapy, honing my skills in manipulating network packets programmatically. The challenges highlighted the importance of handling fragmented data and demonstrated the significance of using the appropriate tools to piece together the information correctly.
#Code used to solve Protocol_Crackdown
from scapy.all import *
packets = rdpcap('Protocol_Crackdown.pcap')
PNG_data = b'' # Initialize an empty byte string
# Iterate over all the packets
for packet in packets:
if IP in packet and packet[IP].src == '193.11.11.11' and TCP in packet:
PNG_data += bytes(packet[TCP].payload)
with open(r'protocol.png', 'wb') as image_file:
image_file.write(PNG_data)Concluding the network analysis part of the challenges, I found the tasks to be both educational and straightforward, providing valuable insights into the fundamentals of using Scapy and Wireshark.
Throughout the challenges, I gained practical experience in using Wireshark to capture and inspect network traffic. The ability to navigate through packet data allowed me to uncover hidden information, identify flags, and solve various puzzles. This process improved my understanding of network protocols and communication.
Furthermore, working with Scapy in Python proved to be a valuable skill, as it enabled me to manipulate network packets programmatically. The challenges encouraged me to reconstruct fragmented data and assemble it into coherent image files, which provided hands-on practice in data manipulation and reconstruction.
The network analysis challenges laid a solid foundation for further exploration in network security and protocol analysis. Understanding how to interpret packet data, use network protocol analyzers, and work with Scapy will undoubtedly be beneficial in real-world scenarios involving cybersecurity investigations and network troubleshooting.
Cryptography
Throughout the challenges in the cryptography category, I found the tasks to be quite challenging and tough, especially as someone with a weaker background in math and programming. However, I recognized the immense value of these challenges as they allowed me to grasp the basics of cryptography.
Despite the initial difficulty, I embraced the opportunity to learn and understand various cryptographic techniques, algorithms, and principles. These challenges exposed me to the world of encryption and decryption, emphasizing the significance of secure communication and the vulnerabilities that can exist in cryptographic systems.
As I navigated through the challenges, I gradually gained a solid foundation in cryptography. Starting from the basics, I worked my way through more complex concepts, slowly improving my understanding and skills in this domain.
For someone like me, who may not be well-versed in math and programming, these challenges served as an essential learning platform. Through hands-on problem-solving, I experienced the practical application of cryptographic principles, which was incredibly valuable in enhancing my knowledge.
As I progressed and overcame each challenge, I noticed a significant improvement in my comprehension of cryptography. The exposure to these tasks deepened my appreciation for the field’s importance in ensuring information security and confidentiality.
In the easy challenges, I had the opportunity to explore various cryptographic techniques and concepts. In the “MOD” challenge, I learned about XOR encryption, a simple form of encryption using bitwise XOR operation. This challenge also taught me about cryptanalysis, where I had to break the XOR encryption to obtain the hidden information.
In the “Common Primes” challenge, I encountered common factor attacks, where I had to find the prime factor “p” from a list of modulus values. This attack exploits the vulnerability of using common prime factors in RSA encryption, and I used techniques to identify and extract the prime factors.
The “Wojtek’s Enigma” challenge introduced me to the Enigma machine, a historical cipher machine used during World War II. I learned about the process of cracking ciphertext encrypted by an Enigma machine. By understanding the Enigma’s configuration and settings, I successfully deciphered the encrypted message.
In the “Grandfather cipher” challenge, I explored the Vigenère cipher, a polyalphabetic substitution cipher that uses a keyword to encrypt plaintext. The Kasiski test, a method to crack the Vigenère cipher, allowed me to find the keyword length and decrypt the ciphertext using this information.
In the “Flawless AES” challenge, I delved into the Advanced Encryption Standard (AES), a widely used symmetric encryption algorithm. I gained insights into how AES works and learned about different types of attacks that could potentially break the cipher’s security.
In the medium challenges, I delved deeper into attacks related to RSA encryption. In the “Common Thread” challenge, I encountered the common modulus attack, a technique that exploits the reuse of the same modulus in different RSA keys. By understanding this attack, I learned how to exploit RSA encryption in scenarios where multiple public keys share the same modulus. This allowed me to recover the plaintext messages from the ciphertext encrypted with different public keys using the common modulus.
In the “Too Close for Comfort” challenge, I explored Fermat’s factorization method, a technique used to factorize a composite number N into its prime factors P and Q. Understanding this method allowed me to efficiently break the RSA encryption by finding the prime factors of the modulus N and using them to decrypt the ciphertext.
In the hard challenge “IS IT AN RSA???”, I immersed myself in a thorough exploration of how RSA encryption functions and the methodologies to break it. Understanding the inner workings of RSA encryption allowed me to analyze and assess the security of RSA implementations. By applying cryptographic principles and techniques, I attempted to identify potential vulnerabilities and weaknesses in the RSA encryption scheme.
In the challenge “Treasure Trove,” I encountered encrypted image data represented in hexadecimal format. To successfully decrypt the image, I meticulously analyzed the encryption technique employed. By identifying the encryption algorithm and employing decryption methods, I was able to recover the original image and unveil the hidden treasure within.
These challenging tasks pushed my cryptographic knowledge and analytical skills to the limit, providing me with valuable experience in analyzing and breaking complex encryption schemes. The hands-on practice in tackling these challenging scenarios equipped me with a deeper understanding of encryption mechanisms, decryption techniques, and the importance of robust cryptographic implementations.
Indeed, this CTF was a unique and exceptional experience. The challenges presented were closely aligned with the topics covered during the webinar, making it an informative and educational event. I express my sincere gratitude to IISc for organizing such an enriching event and to the bi0s team for creating and curating incredible challenges that pushed my skills and knowledge to new heights.
I must extend a special thanks to AmunRha for their active involvement and unwavering support throughout the entire event. Their responsiveness and willingness to assist, regardless of the complexity of the queries, made the CTF even more enjoyable and rewarding.
Once again, I am grateful for the opportunity to participate in this CTF and for the knowledge and growth it has brought to my cybersecurity journey. I look forward to future events and challenges that continue to enhance my skills and passion for cybersecurity.
While I have briefly shared my experiences here, I encourage others to explore the challenges and write-up provided here. Engaging with the challenges firsthand will undoubtedly provide a deeper understanding of the topics and a chance to further develop cybersecurity skills.
