Skip to main content

Welcome to CTF!

Welcome to the Capture the Flag (CTF) assignment! This document will guide you through the necessary steps to prepare your environment, understand the challenge structure, and utilize powerful tools to successfully capture the flags.

What is CTF?

Capture the Flag (CTF) is a cybersecurity competition where participants must find and retrieve hidden flags, typically strings of text, from challenges involving vulnerabilities, exploitation, or other computer security tasks. These challenges often include reverse engineering, binary exploitation, web exploitation, and more.

The goal of this CTF assignment is to analyze and exploit provided binaries to retrieve flags. You will be provided with both a binary and the source code, which you can use to test and develop your exploits. However, the flag returned by the local binary is a fake flag, not the real flag. The real flag can be captured if you exploit the binary running on the remote CTF server. Thus, your task is to first develop an exploit working on the local binary, and then apply it to the remote server to capture the real flag.

The CTF Server runs the same binary!

Be aware that the CTF server runs the same binary, which is provided to you. The only difference is the flag---i.e., if you exploit the local binary, you get the fake flag. If you exploit the remote binary, you get the real flag.

How the CTF Works

  1. Setup Local Environment: Before getting started, you'll need to set up your local environment with pwntools, a Python library that will help you interact with and exploit binaries. Check Setup: Local Environment for more details.

  2. Local Exploit: You are provided with a binary and its source code. Your first task is to analyze the source code and exploit this binary to understand how it works. If you were able to solve the problem in the given binary, the binary will output a fake flag. Though the fake flag is not the flag you can submit to score, this step is crucial for developing your remote exploit to capture the real flag. Check Guide: Local Exploit for more details.

  3. Remote Exploit: After developing a exploit locally, your final task is to perform the remote exploitation. That is, you will need to connect to the CTF server at kayle.snu.ac.kr to retrieve the real flag. Check Guide: Remote Exploit for more details.

Good luck, and happy hacking!