There’s a lot of foundational stuff that is sometimes not obvious to people who are just starting out in CTF.

What does nc <ip> mean?

For example,

nc chal.examplectf.com 12345

This is a quick way of saying that a server is running at a specific IP on a specific port. nc stands for netcat, which is a tool that lets you talk to a server through your command line.

NOTE

This also means that the flag is hidden on the server, and will not appear in any of the files that have been distributed to you.

In reality, you’d probably only use nc to play around with it initially. You’d probably want to move to using a script soon, because you are usually given a copy of the program to play around with locally.

With vanilla Python, you can open a socket and replicate the nc behavior with:

import socket
s = socket()
s.connect(("chal.examplectf.com", 12345))

Alternatively, use pwntools:

from pwn import *
r = remote("chal.examplectf.com", 12345)

Why do I get a binary and a C file?

The binary is often provided because the specific addresses are meaningful to construct an attack. Sometimes a libc is also provided to help craft attacks that need specific libc addresses.

Using something like pwntools makes it easy to do exploration and perform automated searches for addresses through a binary locally very quickly, and then swap out the target to the server once you’ve found a method to crack the binary.

I get some text file with values like N, e, c. What does this mean?

These are usually some values for working with a cryptosystem called RSA.

  • NN is the modulus. It’s part of the public key. It’s calculated with N=p×qN = p \times q, but usually pp and qq are left as private
  • ee is the public exponent. It’s also part of the public key
  • cc is the ciphertext.
  • mm (if included) is the message, but this is usually the thing you’re looking for

Lots of CTFs will do modified versions of RSA as a puzzle.

NOTE

If the NN is just given to you directly instead of in a script, just go ahead and chuck the NN into factordb to see if it’s already been factored!

I need to quickly convert some data

CyberChef is my tool of choice when it comes to this stuff.

I have a file but I don’t know what it is

Plug the file through the file command! It’ll tell you what kind of file it is, by looking at the first few numbers. For example:

$ file binary
binary: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=62bc37ea6fa41f79dc756cc63ece93d8c5499e89, for GNU/Linux 3.2.0, not stripped

This means it’s an executable program.

Another useful tool is binwalk, which tells you if there’s other files packed in there. This is sometimes useful for some forensics challenges.

I’m on Windows. What do?

Install WSL or dual boot.