How to get started in CTF’s and get better ranks in it.
Muhammad Fasal
Posted on August 12, 2020
I don’t know whether I am eligible to write this post or not. But my rank constantly motivates me to write a post. So I decided to write one.
I will start with an introduction with what is a CTF. CTF is capture the flag competition where the participants will attack a vulnerable machines with several vulnerabilities which will make the attacker to get the root flag. Once you submit the root flag , you win.
This post can be more likely to be like How I got started in CTF’s and how I got rank in it. I have got monthly world rank 1 in Tryhackme CTF platform recently and All time rank 101 by the time I am writing this post (August 12, 2020 - 20:16).
I have been hearing the term bug bounty and penetration testing while doing random browsing. Somehow I got an interest in it. But I don’t know where to start. By doing more research on this topics I found that I will be able to take a defensive approach and that’s where I have started. To secure what I code rather than attacking others systems even for bounties. Keeping ourselves updated is one of the most important things in this field.
Oh sorry , the post was about how to start your participations in CTF platforms. Coming to the topic, I have been doing CTF’s in Hackthebox platform for nearly one year after seeing some facebook posts of the people in community. Till now I have acheived Hacker badge there . I think that’s nothing to be proud of and I kept doing it when I get time and I kept learning about new topics on cyber security. On some day during Corona lockdown I got a suggestion in Instagram about tryhackme platform. So I started doing it and I have achieved 0xD level till now and monthly rank 1 in world and all time rank of 101. I have been trying harder to get into higher ranks.
Let’s discuss something about materials now
I learned what I know about CTF’s and tools from the youtube channels of John Hammond and Liveoverflow. Without their content my CTF journey will not be possible at this extent. I am sure about that thing.
Now about tools I use. I have almost never used kali linux, which is said to be OS for penetration testers and hackers in my life. I always prefered Ubuntu or backbox. We can easily install tools in it rather than making things come in handy. I always go for harder way inorder to learn things. Here also same happened.
Things to do while doing a CTF (Scan,enumerate,exploit,escalate)
- The first thing I always do when doing a CTF is to scan the target and find if there's any open port using nmap.
- Most of the time, in easy CTF's I have observed that there will be an FTP that allows anomymous login.
- After scanning you have to enumerate to check there's any hidden directory or not.
- Then most of the times you will get some files which may gives you user access to the system , for example like SSH login.
- After you got the user access check for user flag and submit and then try to escalate the privilege.
- Always use searchsploit or GTFOBins inorder to find exploits for root access.
- After escalate you are now root , submit the root flag and you're done.
Now let me mention some tools I used during the process (my favorite tools)
- Nmap
- Gobuster
- Burpsuite
- smbmap and smbclient
- Hydra
- Some private tools ( I think knowing how to code is important.)
I think i have mentioned everything needed for doing well in CTF’s. Hope I will see the people who are reading the post will also get to higher levels in CTF’s by doing well in it.
Thank you
Posted on August 12, 2020
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.