Software Security - S18

CSE 545

CTF1 Preparation Guide

A key part of studying security is putting your skills to the test in practice. Hacking challenges known as Capture The Flag (CTF) competitions are a great way to do this.

Our first in-class CTF will be held on Wednesday, January 24th in EDC 117 at the usual time (4:35-5:50pm). This warm-up challenge will focus on the network security topics we have covered so far. You will be attacking a set of vulnerable network services. Your goal is to exploit each vulnerability and retrieve a secret value known as the “flag”.

You will need to bring your own laptop (with a working internet connection) in order to participate. Access to a Linux terminal is strongly recommended.

Step 1: Create an account in CTFd

Our first CTF will be an individual effort. To get started, you need to create an account in our online CTF system.

Click on the link below and use your homework hacker alias as your username.

Create CTFd Account (use your existing hacker alias!)

After submitting the form, your account should be created and logged in immediately.

Step 2: Submitting your first flag

Now, open the list of challenges in the system and click on Challenge 1.

You will see a popup with specific instructions on how to obtain the flag. Follow the instructions and submit the flag in the same popup window. You’ve scored your first point!

With each flag you submit, your score will go up on the scoreboard, where you can also view your classmates’ progress.

Note that all flags start with FLG so that you can easily recognize them. For this CTF, you only need to submit each flag once (there are no distinct rounds, and there is no patching of services).

Step 3: Solving the challenges

Solve Challenge 2 and Challenge 3 found on the same page and submit the flags as you did before. Clicking on each challenge name on the challenges page will give you helpful hints about where the vulnerable service is running and how to attack it.

Grading

Your participation and score on the in-class CTFs will be a factor in your project score. You must solve three of the challenges by 4:00pm on Monday, January 29th to receive maximum points.

Useful Tools

All the challenges can be solved using the tools and techniques we discussed in class. Useful commands include netcat, nmap, telnet, curl, etc. Read the man pages for these tools before the CTF.

Collaboration

You can help each other during the in-class portion of the CTF, but do not share answers (“flags”) by any means. Remember that this is still an individual effort and you are expected to understand how to break each challenge.