30 January 2021
Here is a list of my advices and resources for ASU CSE 545 PCTF prep.
In the context of PCTF, the key topics that you want to study are:
Binary Hacking will be covered in Week 5.
pwnable.kr is a slightly more advanced pwn wargame. Working through the Todder’s Bottle section is enough for CSE 545.
Adam has a series of video writeups on pwnable.kr Toddler’s Bottle.
pwn.college is the open-source version of CSE 466 taught by Yan and Connor, focusing on binary exploitation only. It comes with lecture videos and challenges hosted on CTFd, but no writeup for challenges.
Web hacking will be covered in Week 6 and Week 7. In particular, Week 6 covers Web Technologies and Week 7 covers the actual vulnerabilities.
Natas is the second wargame on OverTheWire, right after Bandit.
In Natas, you would have to read whole bunch of PHP code and write your own custom scripts using the Python Requests library. These skills are extremely valuable for attack-defense CTFs.
John Hammond has a series of video writeups on Natas. Very helpful.
This is the CTF game that I am hosting at http://ctf.ret2basic.com via CTFd.
Penetration testing is not covered in CSE 545, but it will definitely be a major part of PCTF.
Pentesting for n00bs contains video writeups for 10 beginner Hack The Box machines.
The key here is to understand the pentest methodology:
The “Play” tier of Proving Grounds is free to public. This is a nice place for practicing and understanding pentest methodology.
Attack and Defense is the key of PCTF. When you have enough background in beginning pwn + web + pentest, check out these two videos by Ippsec.
Follow the timestamps and take notes:
Take notes on every command!
Same. Take notes!
To play Juice Shop CTF, you will need to set up a local version of Juice Shop (the vulnerable web application) and submit flags on CTFd.
First install Docker using my Docker setup script:
$ wget https://raw.githubusercontent.com/ret2basic/Docker-Setup-Script/main/docker_setup.sh $ chmod +x docker_setup.sh $ ./docker_setup.sh
Log out and log back in for the docker group membership to evaluate.
Pull and run the Juice Shop Docker image in detached mode:
$ docker pull bkimminich/juice-shop $ docker run -d --name juice_shop -e "NODE_ENV=ctf" -p 3000:3000 bkimminich/juice-shop
Note that the environment variable
"NODE_ENV=ctf" is required to display flags.
Now navigate to
http://localhost:3000 and start hacking!
If you want to stop and remove the container:
$ docker rm -f juice_shop