/home/ret2basic

ASU CSE | Pwnie Island | Computer Security Research

ASU CSE 545 PCTF Playbook

30 January 2021

Introduction

Hello Hackers!

Here is a list of my advices and resources for ASU CSE 545 PCTF prep.

In the context of PCTF, the key topics that you want to study are:

  • C code auditing
  • PHP code auditing
  • Python scripting (Requests and Scapy)
  • Exploit development with Pwntools
  1. Genearal CTF Skills
  2. Pwn
  3. Web
  4. Pentest
  5. Attack and Defense
  6. Juice Shop CTF Setup

General CTF Skills

Step 1: picoGym

picoGym

Step 2: redpwnCTF

redpwnCTF

Pwn

Binary Hacking will be covered in Week 5.

Step 1: pwnable.kr Toddler’s Bottle

pwnable.kr is a slightly more advanced pwn wargame. Working through the Todder’s Bottle section is enough for CSE 545.

Adam has a series of video writeups on pwnable.kr Toddler’s Bottle.

Step 2: pwn.college

pwn.college is the open-source version of CSE 466 taught by Yan and Connor, focusing on binary exploitation only. It comes with lecture videos and challenges hosted on CTFd, but no writeup for challenges.

Web

Web hacking will be covered in Week 6 and Week 7. In particular, Week 6 covers Web Technologies and Week 7 covers the actual vulnerabilities.

Step 1: OverTheWire Natas

Natas is the second wargame on OverTheWire, right after Bandit.

In Natas, you would have to read whole bunch of PHP code and write your own custom scripts using the Python Requests library. These skills are extremely valuable for attack-defense CTFs.

John Hammond has a series of video writeups on Natas. Very helpful.

Step 2: Juice Shop CTF

This is the CTF game that I am hosting at http://ctf.ret2basic.com via CTFd.

Pentest

Penetration testing is not covered in CSE 545, but it will definitely be a major part of PCTF.

Step 1: Pentesting for n00bs by TCM

Pentesting for n00bs contains video writeups for 10 beginner Hack The Box machines.

The key here is to understand the pentest methodology:

  1. Recon (passive information gathering)
    • Learn the rules, read instructions, search on Github, and know your rivals
  2. Enumeration (active information gathering)
    • In pentest, use Nmap; In attack-defense CTF, use custom tool (I am going to build one)
  3. Exploitation (most likely web-based exploits)
    • This step needs to be automated
  4. Privilege Escalation (most likely stack overflow in SUID binaries)
    • This step needs to be automated as well
  5. Persistance (mainly PHP backdoors)
    • This step is crucial in attack-defense CTF but often neglected by pentesters

Step 2: Offensive Security Proving Grounds

The “Play” tier of Proving Grounds is free to public. This is a nice place for practicing and understanding pentest methodology.

Attack and Defense

Attack and Defense is the key of PCTF. When you have enough background in beginning pwn + web + pentest, check out these two videos by Ippsec.

Step 1: Cyber Mayhem Red Team Play by IppSec

Cyber Mayhem Red Team Play

Follow the timestamps and take notes:

Timestamps

Take notes on every command!

Step 2: Cyber Mayhem Blue Team Play by IppSec

Cyber Mayhem Blue Team

Same. Take notes!

Juice Shop CTF Setup

To play Juice Shop CTF, you will need to set up a local version of Juice Shop (the vulnerable web application) and submit flags on CTFd.

First install Docker using my Docker setup script:

$ wget https://raw.githubusercontent.com/ret2basic/Docker-Setup-Script/main/docker_setup.sh
$ chmod +x docker_setup.sh
$ ./docker_setup.sh

Log out and log back in for the docker group membership to evaluate.

Pull and run the Juice Shop Docker image in detached mode:

$ docker pull bkimminich/juice-shop
$ docker run -d --name juice_shop -e "NODE_ENV=ctf" -p 3000:3000 bkimminich/juice-shop

Note that the environment variable "NODE_ENV=ctf" is required to display flags.

Now navigate to http://localhost:3000 and start hacking!

If you want to stop and remove the container:

$ docker rm -f juice_shop