1 of 35

TURBOCRYPT CTF

ADAM JANDGA

2 of 35

INTRODUCTION

  • I created my own capture the flag environment
  • We did a couple of capture the flag activates through this course
  • The goal of a capture the flag is to discover vulnerabilities in the system and find secrets you are not supposed to find

3 of 35

WHY DO A CAPTURE THE FLAG (CTF)

I chose to do a CTF because it is a great way to get into the feel of breaking into a machine and finding hidden secrets

01

When this bootcamp started, I got an older thinkpad and installed Kali Linux on it to mess around

02

After doing research on how to gain skills for the cyberseciruty field, I found CTFs

03

It was also mentioned a couple times by Amin and Jeff and it was something that interested me

04

I also figured it was a nice way to combine different things we learned over this course of 6 months

05

4 of 35

INSPIRATION

HackTheBox

TryHackMe

VulnHub

5 of 35

TOPICS INCLUDED

Cloud

Cryptography

Binary

Crontab

Linux

Python

6 of 35

SETUP

First, I created an instance with Ubuntu using aws lightsails

7 of 35

SETUP

8 of 35

SETUP

9 of 35

FLAG 1

  • Here is a simple script to encrypt text using the Caesar Cipher:
    • #!/bin/bash
    • if [ "$#" -ne 2 ]; then
    • echo "Usage: $0 <shift> <text>"
    • exit 1
    • fi
    • shift=$1
    • text=$2
    • encrypted=$(echo "$text" | tr 'a-zA-Z' "$(printf %s {a..z}$(printf %s {A..Z}) | cut -b$((shift+1))-26$((shift+1))-26)")
    • echo "Encrypted text: $encrypted”
  • chmod +x caesar.sh
  • ./caesar.sh 3 "You cracked the Caesar cipher flag. Here is flag 1: jD2l9ZpRmY"

10 of 35

FLAG 2

http://35.93.11.241/.flag.html

11 of 35

FLAG 3

Here is a script to turn text into binary

#!/bin/bash

if [ "$#" -ne 1 ]; then

echo "Usage: $0 <text>"

exit 1

fi

text=$1

# Convert text to binary

binary=$(echo -n "$text" | xxd -b | awk '{print $2}' | tr -d '\n')

echo "Binary representation: $binary“

chmod +x binary.sh

./text_to_binary.sh "Here is Flag 3: B1n4rY!"

12 of 35

FLAG 4

  • cd /home/ubuntu/Downloads/
  • sudo apt-get update
  • sudo apt-get install steghide
  • curl -o question.jpg https://static.vecteezy.com/system/resources/previews/007/126/739/non_2x/question-mark-icon-free-vector.jpg
  • echo "Here is flag 4: St3g4n0" > secret.txt
  • steghide embed -ef secret.txt -cf question.jpg -sf question-mark.jpg

13 of 35

FLAG 5

  • cd /home/ubuntu/
  • nano .flag.txt
  • Here is flag 5: H1dd3n F1l3

14 of 35

FLAG 6

  • cd /home/ubuntu/
  • mkdir Python
  • cd Python
  • nano simpleprogram.py
    • print(“Hello, World!”)
    • #Flag 6: Pyth0n_R4nd0m

15 of 35

FLAG 7

  • cd /home/ubuntu/
  • nano flag.txt
    • Flag 7: Z1pP4aa_7r3nD
  • zip -e data.zip flag.txt
    • Password: flag

16 of 35

FLAG 8

  • sudo adduser administrator
  • sudo usermod -aG administrator
  • su - administrator
  • cd /home/administrator/
  • nano flag.txt
    • Flag 8: Adm1n_Fl4g
  • Run command exit to leave administrator back into ubuntu user

17 of 35

FLAG 9

  • cd /home/ubuntu/
  • mkdir Scripts
  • nano script.sh
    • #!/bin/bash
    • echo "Flag 9: Cr0n_Sch3d" >> /home/ubuntu/.logfile.txt
  • chmod +x .script.sh
  • touch /home/ubuntu/.logfile.txt
  • crontab -e
  • 0 2 * * * /home/ubuntu/Scripts/.script.sh

18 of 35

FLAG 10

  • cd /home/ubuntu/Scripts/
  • nano .background.sh
    • #!/bin/bash
    • while true; do
    • echo “Flag 10: B4ckgr0und” >> /home/ubuntu/.backlog.txt
    • sleep 60
    • done
  • chmod +x .background.sh
  • touch /home/ubuntu/.backlog.txt
  • nohup /home/ubuntu/Scripts/.background.sh &

19 of 35

DEMONSTRATION PREVIEW

  • I will be demonstrating how a user can find all 10 flags
  • It will be easier to see how all these flags use a different concept we have learned over this 6 month time period

20 of 35

DEMONSTRATION

21 of 35

22 of 35

23 of 35

http://35.93.11.241/.flag.html

24 of 35

25 of 35

26 of 35

27 of 35

28 of 35

29 of 35

30 of 35

31 of 35

All 10 flags have been found

32 of 35

OUTCOMES

  • In this demonstration I displayed how to find all 10 hidden flags and clearly showed skills of using different concepts learned throughout this course
  • I know these were complex ideas very simplified, but I ran into many issues trying to set up a local virtual machine, eventually leading to using AWS LightSail
  • Having the framework for a CTF done, it will be very easy to create a more complex one

33 of 35

MITIGATIONS

Use stronger encryptions rather than the Caesar cipher

For the hidden HTML flag, we learn to regularly scan webserver directories

We can use code signing to verify the integrity of the binary files

Regularly scanning images for hidden content

Implement strong file permissions

Apply code obfuscation to make script analysis more challenging

Use stronger passwords for encrypted zip files

Enforce stronger passwords especially for admin users

Regularly audit cron job configurations

Monitor running background processes

34 of 35

RESOURCES

Internet

BootCamp Notes

AWS Lightsail

35 of 35

THANK YOU