gctf-2023-retro/docs/index.md

gCTF 2023 | LATIZA

This document contains some notes about how we solved some of the problems. The idea is to write the process to get to the solution rather than describing them. The hardest part for beginners is going from 0 to 1. The main goal is that everyone from the team can be on the same page about the resources and tools used.

The source code of this document is in this repository.

tools

Main tools used during the competition.

nc

netcat command is available in Unix. Used to connect to remote services. In this case, several challenges are hosted in a server, and you should interact with the server to get the flag.

nc wfw1.2023.ctfcompetition.com 1337

pwntools

pwntools is a python library with several useful primitives for CTFs. In particular, we used it as a programmatic replacement for nc.

from pwn import *

r = remote('wfw1.2023.ctfcompetition.com', 1337)
r.sendline('hello')
r.recvline()

This way, it is easier to automatize the interaction with the server.

Decompiler

Ghidra Great tool to decompile binaries. You get some pseudo-C code. Pictures of some problems.

I've read in the general gctf discord about some alternatives that I haven't tried:

• Radare2
• IDA This one seems very good but is not free.
• Binary Ninja

Debugger

dbg

• pwndbg is a GDB plug-in that makes debugging with GDB suck less This one works great.

Solver

• Z3 is a powerful theorem prover. You can think about it like an SAT solver on steroids.
• What was the other alternative mentioned by @alex for C++ symbolic execution?

Other UNIX tools

• readelf
• strings
• ???

Hex editor

Edit binary files with hex editors. I have used Hex Editor extension from VSCode.

misc

Everything that doesn't fit in the other categories.

• MINE THE GAP
• NPC
• PAPAPAPA
• SYMATRIX
• TOTALLY NOT BRUTE FORCE

crypto

Usually, it is easy to understand the goal by inspecting the given code. The problem is generally about cracking some insecure crypto primitive involving "heavy" math.

• CURSVED
• LEAST COMMON GENOMINATOR
• MHK2
• MYTLS
• PRIMES
• ZIP

pwn

You are given an application (usually in a stand-alone binary or a binary running in a server) with some "clear" functionality containing a not-so-clear vulnerability. In this case, the goal is to exploit the vulnerability to make the app do something unintended. Some common vulnerabilities are gaining shell access or reading a file you are not supposed to read.

• GRADEBOOK
• KCONCAT
• STORYGEN
• UBF
• WATTHEWASM
• WRITE-FLAG-WHERE

reversing

You are given an application (usually in a stand-alone binary or a binary running in a server) with an obscure functionality. The first part of the goal is trying to figure out what the application is doing by inspecting the code.

• AUXIN
• FLANGTON
• JXL
• OLDSCHOOL
• PNG2
• TURTLE
• ZERMATT

web

You are given a web application with some functionality. The goal is to exploit some vulnerability in the web application to get the flag. This is where you will find the most common vulnerabilities, like SQL injection, XSS, etc.

• BIOHAZARD
• NOTENINJA
• POSTVIEWER V2
• UNDER-CONSTRUCTION
• VEGGIE SODA

sandbox

You are given a sandboxed environment where you can run some code. The goal is to exploit some vulnerability in the sandbox to get the flag.

• FASTBOX
• GVISOR
• LIGHTBOX
• V8BOX