Get all your tools installed before it starts, there is no reason to waste your limited time on stuff that can be done beforehand.
Practice before you go. Find a CTF that is online or a VM that could be downloaded and practice.
When performing a buffer overflow attack against a binary on a webserver I needed a way to send a number of A’s followed by the memory address of the function I wanted run. First I used perl to create the file containing the needed payload, the following is a shortened version of the command used piped into a file.
perl -e ‘print “\x41\x41\x41…..\xba\x85\x04\x08″‘ > tmp_n.txt
Next I needed the data to be sent to a specific URL, so I used a curl command. The following is the command and explanation, the URL was changed to hide the CTF info.
cat tmp_n.txt | curl -k https://fake.ctf.net/16/binary_name -X POST –data-binary @-
cat tmp_n.txt – show the contexts of the file in std_out
| – pipe command separating the first command (cat) from the second command (curl)
curl -k … – command used to send information to the URL/binary
The curl command broken down into it’s parts are as follows.
-k – used when the curl command generates a certificate error when issued
https://… – the URL and name of the binary I wanted to send my payload to
-X POST – specifies a custom request method to use when communicating with the server, in this case a POST method
–data_binary – this posts the data exactly as specified with no extra processing
@- – the secret that works. 😉
Pay attention to everything during a CTF. For example instructions, cheatsheets, and other information that is provided. 🙂