banner
破影岚歌

破影岚歌的博客

bilibili
twitter
github
HomeArchives笔记系列关于我捐赠

CTF Challenge Types

#CTF学习笔记34
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The article discusses different types of challenges in CTF competitions, including Web, Pwn, Reverse, Crypto, and Misc. Each type focuses on different skills such as web security, binary exploitation, reverse engineering, cryptography, and miscellaneous tasks. Participants need to analyze and exploit vulnerabilities in various scenarios to obtain flags.

Most of the web-related questions are related to skills such as the web, Web, HTTP, etc. They mainly test the participants' knowledge and skills in web attack and defense. Common topics include SQL injection, XSS, code execution, code audit, and so on. Generally, web questions only provide a URL that can be accessed. Some questions may also provide attachments.

Pwn#

Pwn questions focus on the participants' ability to discover and exploit binary vulnerabilities, with common topics such as stack overflow, format string vulnerabilities, UAF, Double Free, and other common binary vulnerabilities. Participants need to reverse engineer the provided binary executable file, identify vulnerabilities, exploit them, write corresponding exploit scripts (Exploit), and then attack the remote server provided by the organizer to obtain the flag. Typically, Pwn questions provide remote server information in the form of nc IP_ADDRESS PORT, for example, nc 1.2.3.4 4567, indicating that the challenge is running on port 4567 at IP 1.2.3.4.

Reverse#

Reverse questions test participants' ability in reverse engineering. Participants will be given an executable binary file, sometimes it may also be an Android APK installation package. Participants need to reverse the given program, analyze its working principle, and ultimately obtain the flag based on the program's behavior.

Crypto#

Crypto questions test participants' understanding of cryptography, with topics such as RSA, AES, DES, etc. being common in cryptography challenges. Sometimes, an encryption script and ciphertext may be provided, and participants need to deduce the plaintext based on the encryption process.

Misc#

Miscellaneous refers to miscellaneous items that do not fall into the above categories. Participants will be given an attachment to download and analyze, ultimately leading to the flag.

Common types of challenges include image steganography, video steganography, document steganography, traffic analysis, protocol analysis, games, IoT-related challenges, and more. The variety is diverse.

FLAG#

ctfhub{c8fde6edc982a5a29d6ae461f1373fe6}

Original Author: CTFHub
Original Link: https://writeup.ctfhub.com/Skill/ 基础知识 /vFs9oqFwtcc2x6D5h4weaE.html

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.