# **Edita CTF 2023: Starter Pack**
# Cryptography
Cryptography is the reason we can use banking apps, transmit sensitive information over the web, and in general protect our privacy. However, a large part of CTFs is breaking widely used encryption schemes which are improperly implemented. The math may seem daunting, but more often than not, a simple understanding of the underlying principles will allow you to find flaws and crack the code.
The word “cryptography” technically means the art of writing codes. When it comes to digital forensics, it’s a method you can use to understand how data is constructed for your analysis.
---
We are going to introduce you to one of the greatest tools on cryptographic CTF challenges: [CyberChef](https://gchq.github.io/CyberChef)
CyberChef has many many types of encryption and encoding algorithms built within it and it all comes in a nice GUI way. Want to base64 encode some data? Drag and drop the 'To Base64' tab. Want to further encode it in hex? 'Drag and drop the 'To Hex'. You can mix and match to do some magic.
You can also decode values using cyberchef with "decode <encoding_type>" blocks. I would suggest messing around with many different encryptions and encodings like url encoding, bsae64, hex, ceasar cipher, vigenere cipher, hashing programs, and many more.
Doing cryptography CTF challenges help build a solid foundation for many fields. You can get into blockchain, create cryptographic algorithms for banks, an encryption algorithm for network traffic and much more.
---
# Basic Linux Commands
Learning basic Linux is essential for programmers and computer science students as it is widely used in server environments and cloud services. Proficiency in Linux provides valuable skills for deploying applications, administering servers, and navigating command-line tools.
Command line tools are somethign which you will be using lot of in CTFs. While there are GUI tools, you will mostly be working on a terminal when you go into higher levels of programming and infosec.
Some linux commands you may use frequently are:
ls – Displays information about files in the current directory.
pwd – Displays the current working directory.
mkdir – Creates a directory.
cd – To navigate between different folders.
rmdir – Removes empty directories from the directory lists.
mv – Rename and Replace the files
rm – Delete files
locate– Find a file in the database.
touch – Create empty files
cat – Display file contents on terminal
strings- The string command prints the text stream of all human readable content within a file. (Try opening an image with notepad and then use strings on it)
clear – Clear terminal
ps- Display the processes in terminal
man – Access manual for all Linux commands. Using 'man <command_name>' you can find all the manual for the command.
grep- Search for a specific string in an output. Especially used when you want to find the flag within say some gibirish
echo- Display active processes on the terminal
wget – download files from the internet
tr- translating or deleting characters. Like say you want to base64 decode or encode your text strem (output) you cna use tr or for when you want to remove all commas from your output.
file- Used to find the file type of a file. This is further explained in Forensics.
There is much more to linux that I havent even touched and if you want to delve deeper into the linux please feel free to do so, there are many resources dedicated to this.
---
# Forensics
Forensics is the art of recovering the digital footprints left by an attacker on a computer. There are plenty of methods to find data which seem to be deleted, changed, not stored or covertly stolen. Forensics is a very wide topic and I cant really cover it all here nor do I know enough to talk about it. So I shall only talk about some which we may use in this CTF here.
* Meta Data
* File Formats
* Steganography
* Networking (Wireshark)
Foresics CTFs are a wonderfull way to get into blue teaming in cyber security. While I am not talking about it, there way more types of forensics challenges. Like going through windows event logs, finding hacker traces on machine image files etc.
---
**Meta Data**
Meta data is bassically data about data. Different types of data (like image, documents, audio files etc) have different types of meta data. For an image it might be dimentions of image, capture time, dates, camera information etc, while for a audio it might artist name, recording date and title.
One tool that is extensively used to look at meta data is the **exiftool**. This is an inbuilt tool within Linux distros and even wsl. For example:
This image of a very cool cat. Lets use exiftool to have a look at its meta data.
The image above shows us the meta of this image. We can see the file type, access permissions, the dimentions etc. Pretty much most of what we want to would need to know about the image.
Sometimes CTFs will hide data within the meta data which you have to find the flag from.
Where does it get this data about data from? It will be discussed further in file formats.
---
**File Formates**
Have you ever wondered how your computer recognizes an image as an image and not a word document?
***File signatures!*** These are bytes within a file used to identify the format of the file. Generally they’re 2-4 bytes long, found at the beginning of a file. You can use any hex editor to have a look at it. I am using HxD but you can use an online hex editor or an inbuilt one within Linux.
The image above is the hex editor veiw of the cool cat image from before. You can see that there is the 'y0ya JFIF' within the decoded text part and 'FF D8 FF E0 xx xx 4A 46
49 46 00' in the hex bytes veiw.
What a computer does is read the first few of these bytes and then cross checks it and then spews out the file type.
All file types like .docx, .png, etc have their own set of file headers (the file signatures). You can see all these file headers from a database online such as [Gary Kessler's](https://www.garykessler.net/library/file_sigs.html).
*It is also within these hex bytes that the meta data of a file is stored*
Maybe an image file has some broken file headers and when you try to open it, your computer will say its curropted. You can use hex editors to fix it the file headers.
Hex editors are used to edit hex bytes, hence its funcationailty isnt limited to fixing file headers. You can manipualte the dimentions of the image which you want to show to your veiwer, like showing only a small portion of the whole picture and many other cool stuff.
---
**Steganography**
It is art of hiding data within plain site. Writing on a word document with white text can also be considered as a form of steganography but the more mainstream methods are hiding information within videos, images, audio files and network traffic. Al Qaeda once used porn videos to communicate the target locations.
So how does one hide data within images? Well images are just collection of pixels in the end. By changing the RGB value of the pixels we can hide information within it since we cant really say the difference between (0,201,39) and (0,202,40) with our naked eye but we can decode it with specific stegnographic algorithms. This is an example of LSB or Least Significat Bit Steganography. A video is just a collection of images so it works in a similar manner.
There are multiple tools to detect steganography such as stegseek and many tools to extract steganofied data such as zsteg, steghide etc which go through each byte and find the hidden data. For a more detailed explaination than I can ever manage in this small documentation, try watching this [video by computerphile](https://www.youtube.com/watch?v=TWEXCYQKyDc&t=697s)
---
**Networking**
Data being transported from one place to another is solely possible only due to the great networking foundation we have. Want to send a mail? Use SMTP protocol. Want to see a website? Use http and TLS (which form HTTPS).
There are many other protocols such as TCP and UDP for communication between 2 devices, FTP to transfer files, SSH to form a secure connection and many many more and this is just the surface. You can always look up them on youtube. I personally like [Computerphile](https://www.youtube.com/@Computerphile) which has just soo many videos on it.
So how can one see such network traffic being sent all over the internet? Thats where the tool wireshark is used. Wireshark can analyze network packets sent and presents them in a nice readable way. The network traffic is recorded and saved within a file with format .pcap or .pcapng.
When you open a pcap file within wireshark you are greeted with such a home page. The different lines which are enumerated in the image are network packets. From the image itself we can see some data about the network packets like Time sent, source ip address and port, destination ip address and port, legnth of network packet etc. In the bellow 2 tabs we can see more data about the packet which we select such as the data sent etc.
There is also a search bar in which we can filter and search for network packets. Such as looking for packets that use TCP, HTTP procols, or which has a certain source or destination IP address. You can right click on network packets and use the any parameter as a filtering option like shown bellow:
Finding all network packets than used HTTP protocol
In the Statistics tab of the home page, if you navigate to the protocols hierarchy tab, we can see all the protocols used and their usage in the recorded network traffic i.e the pcap file.
There is obviously more to wireshark and I encourage the readers to learn more about networking. This is an absolutely beautifull field.
* If you want to dive further into Forensics, there are many many resources in the wild including youtube. Computerphile is one of my favourite channels.
* You can also ask around in our discord server for such resources. We even have a dedicated #resources channel for this.
---
# Reverse Engineering
Reverse Engineering in a CTF is typically the process of taking a compiled (machine code, bytecode) program and converting it back into a more human readable format.
Very often the goal of a reverse engineering challenge is to understand the functionality of a given program such that you can identify deeper issues.
While our challenges dont use it, most reverse engineering challenges in the future requires you to analyze assembly code which can be decompiled to C program. Why assembly? because its the lowest level human readable computer language. But this should not scare you. If you want to get into malware analysis or game hacking, knowing such things is pretty much compulsory so deal with it.
I cant really say more about reverse engineering since thats pretty much it so.... moving on.
---
# Web Exploitation
Websites all around the world are programmed using various programming languages. While there are specific vulnerabilities in each programming langage that the developer should be aware of, there are issues fundamental to the internet that can show up regardless of the chosen language or framework.
Sometimes CTFs hide their flags within the source code of their site, maybe a hidden directory or even within the cookies.
Some vulnerabilities that often show up in CTFs as web security challenges where the user needs to exploit a bug to gain some kind of higher level privelege.
* SQL Injection
* Command Injection
* Directory Traversal
* Cross Site Request Forgery
* Cross Site Scripting
* Server Side Request Forgery
We well not cover all these in our CTF but if your interested in web exploitation, please do check our picoctf, overthewire natas, websecurity academy and many other places to learn more (links in our discord #resources channel).
Web Exploitation CTFs are very usefull if you want to get into bug bounty or any web based security role. They teach you how the web and websites work and you learn how to crack them, inturn making the site more secure when you report the bugs, and you get bounties for finding bugs, sometimes in 1000s of dollars.
---
Sign in with Wallet
Connect another wallet