Friday, March 8, 2013

InCTF 2013 Writeup (update)


Part 1.
Two  months ago, my friends and I registered in the InCTF  2013 organised by Amrita Vishwa Vidyapeetham University.  A CTF (Capture The Flag) is a hacking competition where the objective(in the final round) is to hack the opponent's system and capture the 'flags'.  5 of us registered in the event as 5 members was mandatory.  There are 3 rounds in all. The 1st round questions were available readily. It consisted of a list of tasks and questions to be completed.
The concept of giving the 1st round as a 'learning round' is very good. We thought it would be a daunting task to complete all the challenges, and my friends backed out one by one until only two of us were left. So, two of us started working on it. What we realized is that the tasks given are actually very useful in real life, although it may not be apparent at first glance. Earlier, I used to run exploits and scripts without really understanding them. Now it is becoming a bit clearer, although I still  have a long way to go We also learnt things we would never have learnt in any academic course.  Example, how to hack linux passwords, how to start or stop ssh or apache servers, How to secure apache or MySQL, PHP and MySQL database connectivity, Reverse engineering (the toughest in our opinion) cyber security concepts, networking, buffer overflows etc.

So, In the last day for submission of the First round answers, we compiled everything and in the rush of the hour, and I wrote this article. Anyway, this is only the 1st round, we will  see what  more is to come in the other rounds. I have a feeling this is just the tip of the iceberg!

Part 2 (updated)

Since Round 1 was the learning phase, we had plenty of time, but in Round 2, time was rather limited as there were live challenges posted in the portal. The challenges included web hacking, reverse engineering, buffer overflows digital forensics etc. We were supposed to crack the challenges and find the 'flags'. These flags should be submitted at the portal to get the points. It was really tough for us as it was the first time we had seen such challenges. And I knew we weren't the only ones having a hard time as the scoreboard showed that from the  154 teams, only about 37 teams managed to solve at least one challenge, the rest couldn't score a single point. Now, with some effort, we managed to solve 2 or 3 challenges and that was it. We couldn't solve any other challenge. We thought that was the end of it.
However, we were surprised to learn that  we were selected to participate in the 3rd (Final) round. It was really exciting for us, but due to conflict in timing with our University exams, we had to forfeit from the contest.
The organizers of InCTF are doing a great job of creating cyber security awareness and helping students set foot  in the path toward ethical hacking.
Here, I have compiled a list of tips which anyone wishing to participate in CTFs should remember. My team will be participating again in the next CTF event, and we are following the same.


Tips for contesting in a CTF

1. Learn Linux (commands, scripting etc)
2. Learn Assembly Language programming. SecurityTube has excellent videos.
3. Learn C and C++  under Linux environment. That means use gcc compiler. Don't use Turbo C, it will get you nowhere.
4. Learn HTML,JavaScript, PHP and  MySQL, and after that, learn web hacking techniques like SQL injection and XSS.
5. Learn Buffer Overflows. Again,  SecurityTube has excellent videos.
6. Learn shellcoding, reverse engineering and  exploit writing.



2 comments:

  1. Do write about your experience during second round too!

    ReplyDelete
  2. Yes. Written and updated within the same article.

    ReplyDelete