Types of Capture the Flag Questions

BY

If even gamified learning sounds daunting, then find solace in the fact that CTF questions typically fall into five categories. You don’t have to become an expert in every subject matter area, but you should have a working knowledge of each.

Question Type 1: Binary Exploitation

Binary exploitation comes down to making an application act differently than how it was intended to run. By making the application run differently, you’re gaining valuable information that you’ll use to alter or commandeer the target.

Common binary exploits use a technique known as memory corruption, which can enable an attacker to gain unauthorized privileges to the system that is running the application, or by hijacking the control flow of the application and injecting their commands directly into the system.

Question Type 2: Reverse Engineering

Sometimes the flag will be a string hidden inside the application code. Depending on the challenge type and level of difficulty the task, you might need to use reverse engineering.

Reverse engineering challenges require an intimate knowledge debugger and disassembler software. The goal: Take a compiled binary, rip it apart, and find out how it works.

You will want to be familiar with how the application uses control flow, loops, and conditionals so that you can figure out how to bend the program to your will, and then hopefully capture the flag.

Question Type 3: Web Exploitation

These question types cover a wide range of different methods to exploit web-based resources. While the methods are broad, there’s are tools commonly associated with web exploitation, including Nmap, Wireshark, and Metasploit.

Some of the easier flags are even accessible through your web browser through “View Page Source” or the equivalent in your browser.

Question Type 4: Cryptography

Cryptography challenges are particularly fun. Even the definition for cryptography sounds fun. “Cryptography is the practice and study of techniques for secure communication in the presence of third parties.” In practice, however, they can be difficult. Often enough, these questions are based on string conversions from one format to another. For instance, you might be given a file that starts like this:

8a10247f90d0a05538888ad6205882196f5f6d05c21ec8dca0cb0be02c3f8b09e382963f443aa514daa501257b09a36bf8c4c392d8ca1bf4395f0d5f2542148c7e5ff22237969874bf66cb85357ef99956accf13ba1af36ca7a91a50533c4d89b7353f908c5a166774293b0bf6247391df69c87dacc4125a99ec417221b58170e633381e3847c6b1c28dda2913c011e13fc4406f8fe73bbf78e803e1d995ce4d
bd20aad820c9e387ea57408566e5844c1e470e9d6fbbdba3a6b4df1dd85bce2208f1944f1827d015df9c46c22803f41d1052acb721977f0ccc13db95c970252091ea5e36e423ee6a2f2d12ef909fcadd42529885d221af1225e32161b85e6dc03465cf398c937846b18bac05e88820a567caac113762753dffbe6ece09823bab5aee947a682bb3156f42df1d8dc320a897ee79981cf937390b4ae93eb8657f6c
ed9eccbe79394ca0575a81d1fa51443aa3e83e5e3cdb7a4c5897faa6b4ac123c1dde2dff4d7c5b77d2aa3c090cebce70340e7f0e0b754ca26b9c108ca0dbfdcd8aa230eb9420654b252ffc118e830179cc12b64b2819f81edcc2543d759c422c3850051d543c9bc1dcda7c2a6c9896e1161d61c3c13c80ee79c08379abf3e189f2ecf5f997db17db69467bf6dfd485522d084d6e00a329526848bb85414a7e6a

And scrolls forever. Your challenge: “In this file are a bunch of hex-encoded ciphertexts. One of them has been encrypted with ECB. Detect it.” And that’s an intro Cryptopals challenge.

In other cases, you’ll have to encrypt or decrypt messages. You’ll need to have a good handle on programming for cryptography. If you don’t, it’s a lucrative skill to attain.

Question Type 5: Forensics

This type of question in a CTF environment can cover a lot of ground, but it is quite common that you’ll be asked to find files or information hidden within other file types. For instance, a simple jpg or png file could be manipulated to hold information such as text, or even an executable.

By digging into these files with scripts and tools, competitors can extract data (normally encrypted) and then run it against a series of other tools as they try to decode the coveted flag. There are many useful tutorials and write-ups online that can get you started.