From aeef05a47fae9b532aa0471e92a8a33e105705ed Mon Sep 17 00:00:00 2001 From: Michael Zhang Date: Wed, 18 Sep 2024 01:14:15 -0500 Subject: [PATCH] faq page wip --- .../index.lagda.md | 2 +- src/content/posts/2024-09-18-ctf-faq.md | 101 ++++++++++++++++++ 2 files changed, 102 insertions(+), 1 deletion(-) create mode 100644 src/content/posts/2024-09-18-ctf-faq.md diff --git a/src/content/posts/2024-09-15-circle-is-a-suspension-over-booleans/index.lagda.md b/src/content/posts/2024-09-15-circle-is-a-suspension-over-booleans/index.lagda.md index 851c0c2..7998b49 100644 --- a/src/content/posts/2024-09-15-circle-is-a-suspension-over-booleans/index.lagda.md +++ b/src/content/posts/2024-09-15-circle-is-a-suspension-over-booleans/index.lagda.md @@ -135,7 +135,7 @@ rightInv (loop i) = -- Σ2→S¹ (merid false) = loop -- Σ2→S¹ (sym (merid true)) = refl_base cong (λ p → p i) ( - cong Σ2→S¹ (merid false ∙ sym (merid true)) ≡⟨ congFunct {x = merid false _} Σ2→S¹ refl refl ⟩ + cong Σ2→S¹ (merid false ∙ sym (merid true)) ≡⟨ congFunct {x = merid false {! !}} Σ2→S¹ refl refl ⟩ loop ∙ refl ≡⟨ sym (rUnit loop) ⟩ loop ∎ ) diff --git a/src/content/posts/2024-09-18-ctf-faq.md b/src/content/posts/2024-09-18-ctf-faq.md new file mode 100644 index 0000000..6107c7a --- /dev/null +++ b/src/content/posts/2024-09-18-ctf-faq.md @@ -0,0 +1,101 @@ +--- +title: CTF FAQ +date: 2024-09-18T00:49:55-05:00 +tags: [ctf] +draft: true +--- + +There's a lot of foundational stuff that is sometimes not obvious to people who are just starting out in CTF. + +### What does nc \ mean? + +For example, + +``` +nc chal.examplectf.com 12345 +``` + +This is a quick way of saying that a server is running at a specific IP on a specific port. +`nc` stands for netcat, which is a tool that lets you talk to a server through your command line. + +> [!admonition: NOTE] +> This also means that the flag is hidden on the server, and will **not** appear in any of the files that have been distributed to you. + +In reality, you'd probably only use `nc` to play around with it initially. +You'd probably want to move to using a script soon, because you are usually given a copy of the program to play around with locally. + +With vanilla Python, you can open a [socket] and replicate the `nc` behavior with: + +[socket]: https://docs.python.org/3/library/socket.html + +```py +import socket +s = socket() +s.connect(("chal.examplectf.com", 12345)) +``` + +Alternatively, use [pwntools]: + +```py +from pwn import * +r = remote("chal.examplectf.com", 12345) +``` + +### Why do I get a binary and a C file? + +The binary is often provided because the specific addresses are meaningful to construct an attack. +Sometimes a libc is also provided to help craft attacks that need specific libc addresses. + +Using something like [pwntools] makes it easy to do exploration and perform automated searches for addresses through a binary locally very quickly, and then swap out the target to the server once you've found a method to crack the binary. + +[pwntools]: https://pwntools.com + +### I get some text file with values like N, e, c. What does this mean? + +These are usually some values for working with a cryptosystem called [RSA]. + +[RSA]: https://en.wikipedia.org/wiki/RSA_(cryptosystem) + +* $N$ is the modulus. It's part of the public key. It's calculated with $N = p \times q$, but usually $p$ and $q$ are left as private +* $e$ is the public exponent. It's also part of the public key +* $c$ is the ciphertext. +* $m$ (if included) is the message, but this is usually the thing you're looking for + +Lots of CTFs will do modified versions of RSA as a puzzle. + +> [!admonition: NOTE] +> If the $N$ is just given to you directly instead of in a script, just go ahead and chuck the $N$ into [factordb] to see if it's already been factored! + +[factordb]: https://factordb.com/ + +### I need to quickly convert some data + +[CyberChef] is my tool of choice when it comes to this stuff. + +[cyberchef]: https://gchq.github.io/CyberChef/ + +### I have a file but I don't know what it is + +Plug the file through the [file] command! +It'll tell you what kind of file it is, by looking at the first few numbers. For example: + +[file]: https://en.wikipedia.org/wiki/File_(command) + +``` +$ file binary +binary: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=62bc37ea6fa41f79dc756cc63ece93d8c5499e89, for GNU/Linux 3.2.0, not stripped +``` + +This means it's an executable program. + +Another useful tool is [binwalk], which tells you if there's other files packed in there. +This is sometimes useful for some forensics challenges. + +[binwalk]: https://github.com/ReFirmLabs/binwalk + +### I'm on Windows. What do? + +Install [WSL] or [dual boot]. + +[WSL]: https://learn.microsoft.com/en-us/windows/wsl/about +[dual boot]: https://wiki.archlinux.org/title/Dual_boot_with_Windows