We are wargamers and CTF developers, and we’re building a stronger game in global cyberdefense wargaming.
Capture the Flag (CTF) is a special kind of information security competitions.
There are three common types of CTFs:
- Jeopardy
- Attack-Defense
- mixed
Jeopardy-style CTFs has a couple of questions (tasks) in range of categories. For example, Web, Forensic, Crypto, Binary or something else. Team can gain some points for every solved task. More points for more complicated tasks usually. The next task in chain can be opened only after some team solve previous task. Then the game time is over sum of points shows you a CTF winner. Famous example of such CTF is Defcon CTF quals.
Well, attack-defense is another interesting kind of competitions. Here every team has own network(or only one host) with vulnerable services. Your team has time for patching your services and developing exploits usually. So, then organizers connects participants of competition and the wargame starts! You should protect own services for defense points and hack opponents for attack points. Historically this is a first type of CTFs, everybody knows about DEF CON CTF – something like a World Cup of all other competitions.
Mixed competitions may vary possible formats. It may be something like wargame with special time for task-based elements (like UCSB iCTF).
CTF games often touch on many other aspects of information security: cryptography, steganography, binary analysis, reverse engineering, mobile security and others. Good teams generally have strong skills and experience in all these issues.
HackBama’s CTF game incorporates all three types. Competitors will be given pieces of hardware which they must put together to form a computer. Then which create an operating system and stand up communication/networking to connect it to the battleground. Where the competitors try to control and take over simulated computers.
You’ll then begin in the virtual battlegrounds.
In HackBama CTF, there are levels to attain. When you find a new piece of software, or a new login; a system message from an account called Operator will inform you of your progress. You’ll also gain access to more commands and system resources.
These days, the guest account is disabled by default in Windows and other operating systems, but in times gone by, it was considered a courtesy to grant such access to anyone who may need temporary use of your computer.
To help remote guests log in, the account usually had no password. Enter the username guest and press ‘enter’, and you’ll log straight into the remote host’s guest account. The guest account is limited in what it can do, and the aim in hacking is always to gain the best system privileges possible because this gives the best access and control. Press Ctrl-D to log out of the remote host and you’ll be returned to the battlegrounds central server.
It’s time to cross the line into the world of real hacking by ‘illegally’ gaining a privileged account on a host. Find more tools and gain more access. Establish footholds onto the network controlling parts of the network, while keeping others out!