Introduction
Flag
Flag is a special string format that needs to be submit in the CTF platform indicate the player solved the challenge.
Flag could be in format like flag{example} OR could be the direct answer such as:
IP Address
Md5 hash
Anything
Stages in iHack 2024
There will be 3 stages:
Stage 1 - Jeopardy
Stage 2 - Attack and Defense
Stage 3 - Jeopardy Time-Based Attack
How to play?
Team consist of 3 people
Play with strategy
Laptop with a good speed (For VM)
Comfortable using Windows and Linux - Linux got a lot of useful security tools
Good foundation knowledge of security, OS, programming and networking.
Solve the challenges and submit the flag
OS
Linux for sure
Lot of CTF tools pre-installed in Linux
We used both Kali Linux and Windows
Some tools are easier to play in windows environment and some not.
Use VM or bash for Windows
Suggestions: Kali Linux, Remnux, Flare VM
Jeopardy
You will be given a few categories of challenges. Solve the cybersecurity challenges and find the flag. The team with the most points will win.
Strategy
Focus on solving challenges that you find easy first.
Solve easy one first. For the sake of momentum, motivation and brain processing.
Distribute the challenges among your team members. Dedicate a person in the team to specific category based on interests and their skill.
Dedicate yourself to a challenge until you feel exhausted.
Assign a dedicated person to solve challenges within a specific category.
Categories in Jeopardy
Digital Forensics = Analyze artifacts
Reverse Engineering = Reverse the given program/file and find the flag
Malware Analysis = Analyze malware and find the flag
Web = Hack the web system and solve the challenge
Pwn = Reverse the given program first, and try to exploit the program to get flag/shell
Boot2root = Hack the box that contains several services/ports such as Web, SSH and etc. Get the USER privilege and ROOT privilege
Attack and Defense
You will be given an IP address with several vulnerable services and ports, similar to the other team's setup. Your objectives are:
Defend your services from being hacked or exploited by the other team.
Attack the other team's IP services and ports to capture the flag.
Do not disable your services to prevent exploitation, as doing so will result in penalties for your team.
The services might be:
Vulnerable website (Web Pentest)
Vulnerable running binary (ELF Pwn)
Vulnerable outdated application (Public exploit)
General Strategy
Defend Yourself First: Apply patches to your services.
Identify and Exploit Vulnerabilities: Once you identify the vulnerable code or points, use your knowledge of the exploit to attack the other team.
Strategy to Defend
Scan Your IP: Identify which services are running.
Gain Access: Without credentials or direct access to patch the services, exploit your own services to gain shell access.
Identify Vulnerabilities: After gaining shell or backdoor access to your system, locate the vulnerable points.
Patch Vulnerabilities: Patch the vulnerable code to defend against attacks from the other team.
Strategy to Attack
Leverage Previous Knowledge: Use your experience in finding, attacking, and patching your own services to exploit the other team's vulnerabilities.
Target Unpatched Systems: Focus on teams that have not patched their systems.
Use given API to automate attack, more flag!
Jeopardy Time-Based
Within a given time frame, all teams will be presented with the same challenge and have the same amount of time to solve it. When time is up, the challenge will change to another question. The first team to solve each challenge will earn points. The team with the most points will win.
Teamwork is crucial during this time. All team members should be dedicated to solving the same question. There is a high possibility of encountering IoT challenges, and web challenges might also be included.
Tips before the game
Prepare your tools and cheat sheet
Do not study hard a day before CTF,
Sometimes when your brain is loaded up too much.. you will blank during the game.
Just relax and calm.
Tips during the game
Refer your cheat sheets.
If you don’t know how to approach, please ask Google and ChatGPT
If you’re stuck. Free your mind by rest. Take a walk, eat your lunch, perform solat and come back later.
Dump exercise
Last updated