How CTFs Works? (Capture The Flag)
The CTFs challenges can be in different themes, but the only purpose of them to gain complete access to machine. CTFs challanger hides a flag.txt or user.txt inside server you need to penetrate to get to those flag keys. It can be any challenges, for fronted like, SQLi, XSS, LFI etc… Even services running on a server like smtp or 445 EternalBlue famous exploit, Anyway you got my idea 🙂
Okay, now we got into server, but we only completed first phase and found first key, now we have to move on to gain complete access to machine through rooting the box. Again it depends on the theme how the challenger has setup the box and how many phases it has, So we have to keep going until we root the box or getting System in Windows.
So, I’m sharing some sites where you can sign-up and participate in challenges.
HackTheBox is a platform which provides an environment for exploiting machines and solving different challenges like, Reverse Engineering, Stenography etc.. We simple have to connect to VPN in order to access there machines because they haven’t connected there machines with Internet. One of the best thing about HackTheBox is making an signup account it’s itself a challenge which i was really excited to solve when i did registration.
After creating an account you have to download VPN config file (openvpn file.ovpn | openvpn –config file.ovpn). Now you have access to there machines, every week they retire there old box and launch new machines and lot of things to learn every time. They have a graph which let us know that which machine is difficult to solve. In HackTheBox we have to obtain two flag one is user.txt and another one after gaining root or system access and you can read root.txt file.
Suggestions:- If you’re a beginner don’t sign-up for hackthebox because you can’t really do much then.
Vulnhub is another great platform for hackers. It contains vulnerable VM machines which you have to download and setup on your computer. This can be an advantage because there’s no one else will be messing around with that box. In hackthebox users most of the times f**ked boxes which we have to reset everytime. But in vulnhub you have compete access over it. It also has some great vm machines which even are similar to OSCP certification lab challenges.
Suggestions:- If you’re a beginner sign-up for vulnhub because you can Google about there write-ups if you get stuck somewhere.
Pwnerrank is another platform dedicated for information security learning, training and practicing by solving a set challenges.
If you are bored of long documents, courses and training materials that tell you everything. In PwnerRank take only exactly what you need.
Don’t just read documents watch videos and answer boring multiple-choice quizzes. Select an infosec topic and start solving tasks in a real environment to deeply understand how things work.
Build a reputation by solving the maximum amounts of challenges and share your achievement with community members.
We are building a large learning and competition community for infosec enthusiasts.
Suggestions: If you’re a beginner sign-up for Pwnerrank because you can learn alot by solving some basic challenges.
If you’re looking for some competition 🙂 just look around the events which will be upcoming through CTFtime.org
Resources: If your looking for some write-ups or want to share your CTFs write-ups i would recommend signup here: https://hacktoday.net/c/CTF