Tips and Tricks (CTF)

Get all your tools installed before it starts, there is no reason to waste your limited time on stuff that can be done beforehand.

Practice before you go.  Find a CTF that is online or a VM that could be downloaded and practice.

When performing a buffer overflow attack against a binary on a webserver I needed a way to send a number of A’s followed by the memory address of the function I wanted run.  First I used perl to create the file containing the needed payload, the following is a shortened version of the command used piped into a file.

perl -e ‘print “\x41\x41\x41…..\xba\x85\x04\x08″‘ > tmp_n.txt

Next I needed the data to be sent to a specific URL, so I used a curl command.  The following is the command and explanation, the URL was changed to hide the CTF info.

cat tmp_n.txt | curl -k https://fake.ctf.net/16/binary_name -X POST –data-binary @-

cat tmp_n.txt         – show the contexts of the file in std_out

|                               – pipe command separating the first command (cat) from the second                                         command (curl)

curl -k …                  – command used to send information to the URL/binary

The curl command broken down into it’s parts are as follows.

-k                               – used when the curl command generates a certificate error when                                               issued

https://…                    – the URL and name of the binary I wanted to send my payload to

-X POST                     – specifies a custom request method to use when communicating                                                with the server, in this case a POST method

–data_binary           – this posts the data exactly as specified with no extra processing

@-                               – the secret that works.  😉

 

Pay attention to everything during a CTF.  For example instructions, cheatsheets, and other information that is provided.  🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s