Cyber Journal

Learning techniques and Develop Strategy from Walkthroughs and Capture The Flag Challenges write-ups

There is a big sense of accomplishment when solving a box completely on your own, but when you’re just getting started, that can feel impossible. A great resource for HackTheBox players trying to learn is writeups, both the official writeups available to VIP subscribers and the many written and video writeups developed by the HackTheBox community. 

Some people worry about spoilers and robbing themselves of a potential learning experience, and while there’s some logic to this thought process, with over 250 machines available on HackTheBox and new ones published every week, there will always be more boxes to learn from. Ignoring these resources can slow down your success, leaving you demotivated and not learning at all.

The Three Most Important Skillsets

When learning to hack vulnerable machines like on HackTheBox, the necessary skills can be divided into three categories:

  • Technical Foundation – Understanding how services work internally as well as concepts like networking. Having a strong foundation allows people to quickly perform enumeration which aids in turning a simple proof of concept into a weaponized exploit or efficiently pivoting throughout a network once an initial foothold is gained.
  • Hacking Techniques – Identifying services and knowing the attack paths of this service. This is the “most teachable” skill as it isn’t hard to know what tools or payloads to try out on a service. However, if you don’t have a strong foundation then you’ll likely miss small things like Tomcat being hosted through Apache/Nginx or having an SSRF (Server Side Request Forgery) on a box in the cloud. Both of which aren’t immediately apparent from network scans but do have unique attacks.
  • Persistence and Endurance – Knowing how to keep driving into a problem looking for creative ways to get information out of it. This is a combination of creative thinking and stick-to-it that takes a long time to develop.

Many people focus on Hacking Techniques, which is fine but without all three skills, it will be hard to find success. An easy way to identify if you fall into this category is how much time you spend on a box after getting the root flag. After rooting the box, you should spend time looking at how each service was installed and reading other writeups to identify anything you may have missed.

Improving all three of these skill sets can be really tough, especially if you are not well-rounded already. If you are having trouble solving easy machines, chances are there’s just a small component you are missing. If you follow the steps below, we are sure you’ll find success!

Repetition Guarantees Success

Repetition is the best way to consistently be successful. Not only is it a proven method of memory retention but as long as you stick with it, you haven’t failed! Solving machines on HackTheBox without any guidance requires a lot of endurance and foundations that no beginners possess. If you burn yourself out trying to solve a machine, it will be tough for you to stay motivated in order to reap the benefits of repetition.

Set Small Predictable Goals

It’s always great to see progress, without write-ups machines are an open-ended problem which makes it very unpredictable on the amount of time you’ll spend solving a machine. If your goal is two machines per week and your training plan does not involve write-ups then a machine could take 30 minutes to full days. Having such an unpredictable time requirement means it won’t fit into a schedule which makes consistency difficult.

Treat Writeups as a Virtual Way to Shadow

One of the things I wish I knew when I was younger is that professionals often don’t know what they are doing and learn “on the job”. When people join a tech company, it shouldn’t be expected that they hit the ground running and are immediately successful. Oftentimes new employees will shadow an experienced person and soak up their knowledge. This method is great but historically it did require getting a job first and shadowing on the job has become less efficient with the major shift to remote work. However, reading write ups or watching videos provides many of the same benefits of shadowing. The only thing that may be difficult is asking questions but you’d be surprised how often you’ll get a response when leaving a comment on their media or asking on Twitter.

Create a Training Plan

Knowing the benefits of repetition, goals, and virtual shadowing, you can combine everything and create a training plan, which will help keep you motivated and always learning. Below are two different potential training plans, the first is how ippsec would approach it and the second is 0xdf’s. The purpose of showing both is to demonstrate there is no one answer, find what works for you, and make it your own!

The Ippsec Way

  1. Establish Your Methodology: Read writeups, or watch videos and work along side them. Don’t worry about “spoilers” ruining your learning experience, there will always be more boxes.
  2. Validate The Methodology: Watch a video in its entirety, then immediately do the box. If you are short on time, then divide machines parts, for example watching up to the user flag then solving the machine.
  3. Work on Memory Retention: Add some time between watching the video and solving the machine. Start off with a few hour break between the video and solving the machine. Eventually, graduate up to waiting a day between. Don’t be afraid to go back and watch the video when you are stuck on a part for 20-30 minutes.
  4. Make Hacking Muscle Memory: Watch multiple videos but solve the machine yourself days later. Having watched multiple videos or read writeups before solving the box will really test your skills.

The 0xdf Way

  1. Note taking is key. Writing something down is a great way to lock in information. Create some key sections in a way that works for you. I use markdown files in Typora, but find what works best for you.
  2. When you first start, you are missing a lot of the information needed to complete a machine. Work alongside write-ups / video solutions, but don’t copy and paste. Type commands in, and make sure you understand what they do. Quiz yourself about what would happen if you changed various arguments in the commands, and then check if you are correct. Record the tools and syntax you learned in your notes for future reference.
  3. Once you start being able to predict what the writeup author will do next, start working out ahead of the writeup / video. Try the various techniques from your notes, and you may start to see vectors to explore, and explore them. When you get stuck, go back to the writeup and read/watch up to the point where you’re stuck and get a nudge forward. Make sure to update your notes with the new techniques you’ve learned.
  4. Over time, you’ll find your notes contain more and more of what you need to explore a box. The secret is to find the balance. The more you practice, the less you want to rely on walkthroughs. That said, even the most talented hackers will often work in teams because anyone can get stuck.

Credits to : IPPSEC and HACKTHEBOX team

To Read Some CTF Walk Through here is curated list by Hacking Articles : https://www.hackingarticles.in/ctf-challenges-walkthrough/

Some List of Tools that should be present in at your disposal while solving these CTF challenges : https://github.com/devploit/ctf-awesome-resources

Some List of Tools which might help in solving CTF : by apsdehal /

Solve

Tools used for solving CTF challenges

Attacks

Tools used for performing various kinds of attacks

  • Bettercap – Framework to perform MITM (Man in the Middle) attacks.
  • Yersinia – Attack various protocols on layer 2.

Crypto

Tools used for solving Crypto challenges

  • CyberChef – Web app for analysing and decoding data.
  • FeatherDuster – An automated, modular cryptanalysis tool.
  • Hash Extender – A utility tool for performing hash length extension attacks.
  • padding-oracle-attacker – A CLI tool to execute padding oracle attacks.
  • PkCrack – A tool for Breaking PkZip-encryption.
  • QuipQuip – An online tool for breaking substitution ciphers or vigenere ciphers (without key).
  • RSACTFTool – A tool for recovering RSA private key with various attack.
  • RSATool – Generate private key with knowledge of p and q.
  • XORTool – A tool to analyze multi-byte xor cipher.

Bruteforcers

Tools used for various kind of bruteforcing (passwords etc.)

  • Hashcat – Password Cracker
  • Hydra – A parallelized login cracker which supports numerous protocols to attack
  • John The Jumbo – Community enhanced version of John the Ripper.
  • John The Ripper – Password Cracker.
  • Nozzlr – Nozzlr is a bruteforce framework, trully modular and script-friendly.
  • Ophcrack – Windows password cracker based on rainbow tables.
  • Patator – Patator is a multi-purpose brute-forcer, with a modular design.
  • Turbo Intruder – Burp Suite extension for sending large numbers of HTTP requests

Exploits

Tools used for solving Exploits challenges

  • DLLInjector – Inject dlls in processes.
  • libformatstr – Simplify format string exploitation.
  • Metasploit – Penetration testing software.
  • one_gadget – A tool to find the one gadget execve('/bin/sh', NULL, NULL) call.
    • gem install one_gadget
  • Pwntools – CTF Framework for writing exploits.
  • Qira – QEMU Interactive Runtime Analyser.
  • ROP Gadget – Framework for ROP exploitation.
  • V0lt – Security CTF Toolkit.

Forensics

Tools used for solving Forensics challenges

  • Aircrack-Ng – Crack 802.11 WEP and WPA-PSK keys.
    • apt-get install aircrack-ng
  • Audacity – Analyze sound files (mp3, m4a, whatever).
    • apt-get install audacity
  • Bkhive and Samdump2 – Dump SYSTEM and SAM files.
    • apt-get install samdump2 bkhive
  • CFF Explorer – PE Editor.
  • Creddump – Dump windows credentials.
  • DVCS Ripper – Rips web accessible (distributed) version control systems.
  • Exif Tool – Read, write and edit file metadata.
  • Extundelete – Used for recovering lost data from mountable images.
  • Fibratus – Tool for exploration and tracing of the Windows kernel.
  • Foremost – Extract particular kind of files using headers.
    • apt-get install foremost
  • Fsck.ext4 – Used to fix corrupt filesystems.
  • Malzilla – Malware hunting tool.
  • NetworkMiner – Network Forensic Analysis Tool.
  • PDF Streams Inflater – Find and extract zlib files compressed in PDF files.
  • Pngcheck – Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.
    • apt-get install pngcheck
  • ResourcesExtract – Extract various filetypes from exes.
  • Shellbags – Investigate NT_USER.dat files.
  • Snow – A Whitespace Steganography Tool.
  • USBRip – Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.
  • Volatility – To investigate memory dumps.
  • Wireshark – Used to analyze pcap or pcapng files

Registry Viewers

  • OfflineRegistryView – Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format.
  • Registry Viewer® – Used to view Windows registries.

Networking

Tools used for solving Networking challenges

  • Masscan – Mass IP port scanner, TCP port scanner.
  • Monit – A linux tool to check a host on the network (and other non-network activities).
  • Nipe – Nipe is a script to make Tor Network your default gateway.
  • Nmap – An open source utility for network discovery and security auditing.
  • Wireshark – Analyze the network dumps.
    • apt-get install wireshark
  • Zeek – An open-source network security monitor.
  • Zmap – An open-source network scanner.

Reversing

Tools used for solving Reversing challenges

  • Androguard – Reverse engineer Android applications.
  • Angr – platform-agnostic binary analysis framework.
  • Apk2Gold – Yet another Android decompiler.
  • ApkTool – Android Decompiler.
  • Barf – Binary Analysis and Reverse engineering Framework.
  • Binary Ninja – Binary analysis framework.
  • BinUtils – Collection of binary tools.
  • BinWalk – Analyze, reverse engineer, and extract firmware images.
  • Boomerang – Decompile x86/SPARC/PowerPC/ST-20 binaries to C.
  • ctf_import – run basic functions from stripped binaries cross platform.
  • cwe_checker – cwe_checker finds vulnerable patterns in binary executables.
  • demovfuscator – A work-in-progress deobfuscator for movfuscated binaries.
  • Frida – Dynamic Code Injection.
  • GDB – The GNU project debugger.
  • GEF – GDB plugin.
  • Ghidra – Open Source suite of reverse engineering tools. Similar to IDA Pro.
  • Hopper – Reverse engineering tool (disassembler) for OSX and Linux.
  • IDA Pro – Most used Reversing software.
  • Jadx – Decompile Android files.
  • Java Decompilers – An online decompiler for Java and Android APKs.
  • Krakatau – Java decompiler and disassembler.
  • Objection – Runtime Mobile Exploration.
  • PEDA – GDB plugin (only python2.7).
  • Pin – A dynamic binary instrumentaion tool by Intel.
  • PINCE – GDB front-end/reverse engineering tool, focused on game-hacking and automation.
  • PinCTF – A tool which uses intel pin for Side Channel Analysis.
  • Plasma – An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.
  • Pwndbg – A GDB plugin that provides a suite of utilities to hack around GDB easily.
  • radare2 – A portable reversing framework.
  • Triton – Dynamic Binary Analysis (DBA) framework.
  • Uncompyle – Decompile Python 2.7 binaries (.pyc).
  • WinDbg – Windows debugger distributed by Microsoft.
  • Xocopy – Program that can copy executables with execute, but no read permission.
  • Z3 – A theorem prover from Microsoft Research.

JavaScript Deobfuscators

  • Detox – A Javascript malware analysis tool.
  • Revelo – Analyze obfuscated Javascript code.

SWF Analyzers

  • RABCDAsm – Collection of utilities including an ActionScript 3 assembler/disassembler.
  • Swftools – Collection of utilities to work with SWF files.
  • Xxxswf – A Python script for analyzing Flash files.

Services

Various kind of useful services available around the internet

  • CSWSH – Cross-Site WebSocket Hijacking Tester.
  • Request Bin – Lets you inspect http requests to a particular url.

Steganography

Tools used for solving Steganography challenges

  • AperiSolve – Aperi’Solve is a platform which performs layer analysis on image (open-source).
  • Convert – Convert images b/w formats and apply filters.
  • Exif – Shows EXIF information in JPEG files.
  • Exiftool – Read and write meta information in files.
  • Exiv2 – Image metadata manipulation tool.
  • Image Steganography – Embeds text and files in images with optional encryption. Easy-to-use UI.
  • Image Steganography Online – This is a client-side Javascript tool to steganographically hide images inside the lower “bits” of other images
  • ImageMagick – Tool for manipulating images.
  • Outguess – Universal steganographic tool.
  • Pngtools – For various analysis related to PNGs.
    • apt-get install pngtools
  • SmartDeblur – Used to deblur and fix defocused images.
  • Steganabara – Tool for stegano analysis written in Java.
  • SteganographyOnline – Online steganography encoder and decoder.
  • Stegbreak – Launches brute-force dictionary attacks on JPG image.
  • StegCracker – Steganography brute-force utility to uncover hidden data inside files.
  • stegextract – Detect hidden files and text in images.
  • Steghide – Hide data in various kind of images.
  • StegOnline – Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source).
  • Stegsolve – Apply various steganography techniques to images.
  • Zsteg – PNG/BMP analysis.

Web

Tools used for solving Web challenges

  • BurpSuite – A graphical tool to testing website security.
  • Commix – Automated All-in-One OS Command Injection and Exploitation Tool.
  • Hackbar – Firefox addon for easy web exploitation.
  • OWASP ZAP – Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
  • Postman – Add on for chrome for debugging network requests.
  • Raccoon – A high performance offensive security tool for reconnaissance and vulnerability scanning.
  • SQLMap – Automatic SQL injection and database takeover tool. pip install sqlmap
  • W3af – Web Application Attack and Audit Framework.
  • XSSer – Automated XSS testor.

Resources

Where to discover about CTF

Operating Systems

Penetration testing and security lab Operating Systems

Malware analysts and reverse-engineering

Starter Packs

Collections of installer scripts, useful tools

  • CTF Tools – Collection of setup scripts to install various security research tools.
  • LazyKali – A 2016 refresh of LazyKali which simplifies install of tools and configuration.

Tutorials

Tutorials to learn how to play CTFs

Wargames

Always online CTFs

  • Backdoor – Security Platform by SDSLabs.
  • Crackmes – Reverse Engineering Challenges.
  • CryptoHack – Fun cryptography challenges.
  • echoCTF.RED – Online CTF with a variety of targets to attack.
  • Exploit Exercises – Variety of VMs to learn variety of computer security issues.
  • Exploit.Education – Variety of VMs to learn variety of computer security issues.
  • Gracker – Binary challenges having a slow learning curve, and write-ups for each level.
  • Hack The Box – Weekly CTFs for all types of security enthusiasts.
  • Hack This Site – Training ground for hackers.
  • Hacker101 – CTF from HackerOne
  • Hacking-Lab – Ethical hacking, computer network and security challenge platform.
  • Hone Your Ninja Skills – Web challenges starting from basic ones.
  • IO – Wargame for binary challenges.
  • Microcorruption – Embedded security CTF.
  • Over The Wire – Wargame maintained by OvertheWire Community.
  • PentesterLab – Variety of VM and online challenges (paid).
  • PicoCTF – All year round ctf game. Questions from the yearly picoCTF competition.
  • PWN Challenge – Binary Exploitation Wargame.
  • Pwnable.kr – Pwn Game.
  • Pwnable.tw – Binary wargame.
  • Pwnable.xyz – Binary Exploitation Wargame.
  • Reversin.kr – Reversing challenge.
  • Ringzer0Team – Ringzer0 Team Online CTF.
  • Root-Me – Hacking and Information Security learning platform.
  • ROP Wargames – ROP Wargames.
  • SANS HHC – Challenges with a holiday theme released annually and maintained by SANS.
  • SmashTheStack – A variety of wargames maintained by the SmashTheStack Community.
  • Viblo CTF – Various amazing CTF challenges, in many different categories. Has both Practice mode and Contest mode.
  • VulnHub – VM-based for practical in digital security, computer application & network administration.
  • W3Challs – A penetration testing training platform, which offers various computer challenges, in various categories.
  • WebHacking – Hacking challenges for web.

Self-hosted CTFs

Websites

Various general websites about and on CTF

Wikis

Various Wikis available for learning about CTFs

Writeups Collections

Collections of CTF write-ups

  • 0e85dc6eaf – Write-ups for CTF challenges by 0e85dc6eaf
  • Captf – Dumped CTF challenges and materials by psifertex.
  • CTF write-ups (community) – CTF challenges + write-ups archive maintained by the community.
  • CTFTime Scrapper – Scraps all writeup from CTF Time and organize which to read first.
  • HackThisSite – CTF write-ups repo maintained by HackThisSite team.
  • Mzfr – CTF competition write-ups by mzfr
  • pwntools writeups – A collection of CTF write-ups all using pwntools.
  • SababaSec – A collection of CTF write-ups by the SababaSec team
  • Shell Storm – CTF challenge archive maintained by Jonathan Salwan.
  • Smoke Leet Everyday – CTF write-ups repo maintained by SmokeLeetEveryday team.

By:

xalpha6

Posted in:

Leave a comment