Getting started
Continuing my series on “Capture the Flag” challenges and learning the first steps to do them. The very first CTF in our series I will focus on overthewire.org.
Typically with CTF Challenges you have to find a bug and exploit it to find a flag and submit that flag to the challenge site. Overthewire is different in that its a series of war games where you ssh to the host and if you succeed in the given task you will get a password to the next level. Easy as that.
First overthewire CTF
Lest take a look at the Bandit war game starting at Level0 gives you the login details for the first round. After you login then you progress to Level0 -> Level1.
What!!!! It just couldn’t be that easy, but yet it is.
cat readme
There it is in all it’s glory, the the password for the next level.
And now your off, when I first did it, I got about 15 in a row before I got stuck but I kept with it and got by. Then later, at level 32 I got really stuck and ran into my first clue that Ethical Hacking and CTF challenges were not always the same thing. That CTFs can be rabbit holes where you learn nothing useful.
Things you will learn doing overthewire challenges.
Overthewire is great a introducing you to rot13, base64 and the Swiss army knife of network tools, Netcat. You will also learn about exploiting SUID bits, messing with cron and git. Making use of all that time you spent Linux by using it to brute force a password with scripts you wrote yourself. At least up until you hit level 32. I would love to hear your approach to how you did it in the comments section.
When I was doing these I did well up to this point. But here I was stuck, no clue how to proceed. The solution was something I never heard of. I could not find anything in the man pages and I will probably never forget the solution or ever use it again. It was all part of the fun.
Conclusion
overthewire is a great site for getting started in CTF Challenges. I have great memories of doing them. After the bandit wargame, things step up a gear and can get quit difficult. Especially as when you get to a certain level you are not even given a hint on what to do. Mostly Bandit wont challenge you too much but when it does, you will find many solutions online. Don’t feel bad if you have to look at them as it’s all the about learning experience.