Cybersecurity is important, there’s no dodging that fact. It is also nothing like the hacking that is shown in most popular media.

网络安全很重要,这是无法回避的事实。 这也与大多数流行媒体所显示的黑客行为完全不同。

However, that does not mean it isn’t interesting, it is undoubtedly so. Due to this intrigue, lots of people want to dip their feet into cybersecurity, myself included, and I have found capture the flag events (CTFs) to be a wonderful way to get a taste of the field.

但是,这并不意味着它并不有趣,它无疑是这样。 由于这种好奇心,很多人都想涉足网络安全(包括我自己在内),我发现捕获标志事件 (CTF)是领略这一领域的绝妙方法。

Now, by no means are CTFs completely accurate in the day-to-day work of a cybersecurity professional but they are very educational and they do help people develop their cybersecurity skillsets, as well as just being fun to participate in.


In addition, if you are a programmer, these will give you an insight into the way you should design your programs so that they are not vulnerable to malevolent users. You don’t want to be the person that stored all their passwords in plain text.

此外,如果您是一名程序员,则这些内容将使您深入了解应如何设计程序,以使程序不容易受到恶意用户的攻击。 您不想成为以纯文本形式存储所有密码的人。

什么是CTF? (What Is a CTF?)

At this point, you may be asking yourself: “Cool, but what is a CTF?”


Essentially, it is a team cybersecurity competition of which there are three main types:


  • Jeopardy: These have a collection of tasks in several distinct categories: web exploits, binary exploitation, reverse engineering, forensics, and cryptography. By solving these challenges, you find “flags” which typically follow a standard format like flag{Th1s_1s_a_flag}. Some examples include picoCTF and Defcon CTF’s qualification round.

    危险: 这些工具有几个不同类别的任务集合:Web漏洞利用,二进制漏洞利用,逆向工程,取证和加密。 通过解决这些挑战,您可以找到通常遵循诸如flag{Th1s_1s_a_flag}类的标准格式的“标志”。 一些示例包括picoCTFDefcon CTF的资格回合。

  • Attack-Defense: In attack-defense competitions, each team is given their own host or service and is tasked with protecting that host from other teams while also trying to exploit other teams’ hosts. Famously, the Defcon CTF final takes this format.

    攻防比赛:在攻防比赛中,每个团队都拥有各自的主机或服务,并负责保护该主机免受其他团队的攻击,同时还尝试利用其他团队的主机。 Defcon CTF决赛采用这种格式,这一点很有名。
  • Mixed: As can be inferred by the name of this type of competition, it is some sort of combination of jeopardy and attack-defense competitions.

    混合: 从这种竞赛的名称可以推断出,这是危险竞赛和防御进攻竞赛的某种组合。

In this article, I will be mainly focusing on the jeopardy-type CTF. In the future, I may write another article on attack-defense competitions.

在本文中,我将主要关注危险型CTF。 将来,我可能还会写另一篇有关攻防比赛的文章。

这些都是什么类别? (What Are All Those Categories?)

Before you get into all of the cool categories in jeopardy contests that I mentioned earlier, you need to learn the basics. Most importantly, you need to familiarize yourself with the Linux terminal.

在进入我之前提到的危险竞赛中所有很酷的类别之前,您需要学习基础知识。 最重要的是,您需要熟悉Linux终端。

Here are a couple of commands that you will use over, and over, and over again:


ls: This command lists out all the files and subdirectories that you are currently in.pwd: This prints your current working directory. If you are in the documents directory, this will return This command changes the directory into any of the subdirectories of the current directory. Eg: If you have an essays folder in your documents folder and your current directory is documents, cd essays, will take you to your essays folder.

These are the absolute basics for the Linux terminal and there are a lot more commands that we will cover in the rest of this article.


To succeed in CTFs, it is also important to know:


  • A scripting language, most popular of which is Python. There are a lot of cool libraries for cybersecurity in Python, including pwn which has a lot of functions that are helpful for CTFs.

    一种脚本语言,最流行的是Python 。 Python中有很多很棒的网络安全库,包括pwn ,它具有许多对CTF有用的功能。

  • Number bases. Having an understanding of how this works is very helpful.

    数字基数。 了解这是如何工作的非常有帮助。
  • JavaScript: Doing good work in web exploitation needs knowledge of JavaScript as well as some SQL for SQL injections.

  • It is also advisable to have a UNIX-based operating system because of all the amazing tools that are readily available on Linux, this can be done in a virtual box, no changing your main OS necessary. However, you can still participate in CTFs on Windows.

    还建议使用基于UNIX的操作系统,因为Linux上现成的所有出色工具都可以在虚拟机中完成,而无需更改主操作系统。 但是,您仍然可以在Windows上参加CTF。

Time to start digging into some heavier stuff.


密码学 (Cryptography)

Cryptography challenges consist of exactly what you think they would, codebreaking. Given a ciphertext, can you decode it into the original message? Can you do the opposite?

密码学挑战完全包含您认为的挑战,包括代码破解。 给定密文,您可以将其解码为原始消息吗? 你能做相反的事情吗?

These types of problems include an encrypted message that you have to decrypt. To prepare for these, it is best to learn different types of ciphers and how to decrypt them.

这些类型的问题包括您必须解密的加密消息。 为了准备这些,最好学习不同类型的密码以及如何解密它们。

Here are some common methods of encryption in these challenges: Caesar Ciphers, Vigenère Ciphers, and RSA. For more info on how to decrypt these, check out this link.

以下是应对这些挑战的一些常见加密方法:Caesar密码,Vigenère密码和RSA。 有关如何解密这些文件的更多信息, 请查看此链接。

隐写术 (Steganography)

Steganography is not cryptography by definition but it does involve hiding messages in plain sight. As a result, many CTF organizers will include steganography challenges in the cryptography section.

从定义上讲,隐秘术不是密码术,但是它确实包含将消息隐藏在可见的地方。 结果,许多CTF组织者将在密码学部分包括隐写术挑战。

Steganography consists of hiding messages in media files, typically audio and images. It is important to note that there aren’t a lot of real applications in the field of cybersecurity with steganography, other than just increasing your knowledge.

隐秘术包括将消息隐藏在媒体文件中,通常是音频和图像。 重要的是要注意,隐秘术在网络安全领域并没有很多实际的应用程序,而只是增加您的知识。

There is a multitude of ways to do this and not enough space in this general-purpose article to cover them all, so here is an in-depth article about steganography:


二进制开发 (Binary Exploitation)

Binary exploitation involves finding vulnerabilities in a program, typically Linux executables, and then exploiting these vulnerabilities to obtain the flag.


These exploitations usually involve either using the program to gain control of a shell or just modifying the program to yield the flag. This is an extremely broad field and some helpful tips can be found here.

这些漏洞通常涉及使用该程序获取对Shell的控制权,或仅修改该程序以产生标志。 这是一个非常广阔的领域, 可以在这里找到一些有用的提示。

法证 (Forensics)

Forensics challenges in CTFs typically have the following aspects:


  • File format analysis: Given various files that have something wrong with them, can you fix them? Can you fix a corrupt file to produce a flag?

    文件格式分析:考虑到各种文件有问题,可以修复它们吗? 您可以修复损坏的文件以产生标志吗?
  • Memory dump analysis: Taking a look at the memory of the system and seeing if any important information can be learned.

  • Steganography: Yes, steganography appears in the forensics section as well.

  • Packet capture analysis: A packet is a segment of data sent from one device to another device over a network. A lot of information can be gleaned from packets and there are a lot of programs for packet analysis and capture out there. Possibly the most popular is Wireshark.

    数据包捕获分析:数据包是通过网络从一个设备发送到另一设备的数据段。 可以从数据包中收集很多信息,并且有很多程序可用于数据包分析和捕获。 可能最受欢迎的是Wireshark

Here is something that goes into a lot of detail on this topic.


网络开发 (Web Exploitation)

Web exploitation challenges have the contestant retrieve the flag from exploiting websites and web apps. There are a couple of ways to do this:

Web开发挑战使参赛者从开发网站和Web应用程序中获取标志。 有两种方法可以做到这一点:

  • SQL injections: Sometimes, the creator of a web app unintentionally makes it so that SQL code can be inputted. This provides a golden opportunity for the exploiter to use SQL to obtain information from the databases of the web app.

    SQL注入:有时,Web应用程序的创建者无意间创建了它,以便可以输入SQL代码。 这为开发人员使用SQL从Web应用程序的数据库中获取信息提供了千载难逢的机会。
  • Just inspecting element: In the easier stages of contests, event organizers may just hide flags in the HTML of the website. They may also have a JavaScript function that needs to take in a certain input to spit out the flag, these can be done with inspect element and some problem-solving skills.

    只是检查元素:在较简单的比赛阶段,活动组织者可能只是在网站HTML中隐藏标志。 他们可能还具有JavaScript函数,该函数需要接受一定的输入才能吐出该标志,这可以使用inspect元素和一些解决问题的技能来完成。
  • Directory traversal: If an application takes in a directory as input and this input is not properly checked, the attacker can mess with the directories to their heart’s desire.

  • XSS (cross-site scripting): This is when the attacker can send JavaScript that will be executed by the browser of another user of the web app.

  • Command injection: Sometimes, developers forget to properly check for input that goes into a system’s shell. If not properly checked, the attacker can send whatever system commands they want to the web app.

    命令注入:有时,开发人员忘记正确检查输入到系统外壳中的输入。 如果未正确检查,攻击者可以将所需的任何系统命令发送到Web应用程序。

For more in-depth information on the above topics, take a look at this wonderful resource.


逆向工程 (Reverse Engineering)

As the name suggests, these types of challenges are based around reverse-engineering a program to figure out how to properly exploit it. The product of a successful exploit is the flag, as desired.

顾名思义,这些类型的挑战基于对程序进行反向工程以找出如何正确利用它的基础。 根据需要,成功利用漏洞的结果就是标志。

These could be given in many programming languages but the following, especially the first two, tend to show up more than others:


  • Assembly: Reading this, you may be thinking that nobody codes in Assembly, on the contrary, quite a lot of people do. It is not extremely widespread but it used in the programming of embedded microsystems which are very relevant. This may be a bummer to learn but it is a fairly useful skill to know.

    汇编:阅读本文,您可能会认为没有人在汇编中编写代码,相反,很多人都在编写。 它不是很普遍,但是它在嵌入式微系统的编程中非常有用。 这可能是一个令人讨厌的学习,但它是一个相当有用的技能。
  • C: Lots of programs are written in C and its control over memory allocation makes it a valuable programming language. Familiarity with C may help you do well in reverse engineering programs written in C.

    C:许多程序都是用C编写的,它对内存分配的控制使其成为一种有价值的编程语言。 熟悉C可能会帮助您在用C编写的逆向工程程序中做得很好。
  • Java: Java is a very popular programming language and has easily-readable code. Knowing Java will help you reverse engineer it tremendously so learning it if you don’t already know it is recommended.

    Java:Java是一种非常流行的编程语言,并且具有易于阅读的代码。 了解Java将极大地帮助您对其进行逆向工程,因此,如果您不了解Java,建议您先学习它。

It is to be noted that there are a lot of times where you are not given the actual source code of the program and are just given the executable.


To overcome this hurdle, we use decompilers. These programs try to convert the executable back into source code.

为了克服这一障碍,我们使用了反编译器。 这些程序尝试将可执行文件转换回源代码。

A great example of a decompiler is Ghidra which was created by the NSA. It is a very powerful tool and very good at it what it does. It would be advisable to have set this up on your computer.

反编译器的一个很好的例子是由NSA创建的Ghidra 。 它是一个非常强大的工具,非常擅长于它的功能。 建议在您的计算机上进行设置。

For a more in-depth explanation of reverse engineering, take a look at this wonderful resource.


初学者友好型CTF (Beginner-Friendly CTFs)

Alright, these CTF things seem cool, how do I participate in one?


Well, future pwner, here’s a list of CTFs that are great for beginners. Note, not all of them are available right now:

好吧,将来的工作经验丰富的人,这里有一些适合初学者的CTF。 请注意,并非所有功能现在都可用:

Now, get out there and capture those flags. Trust me, it is an incredible experience.

现在,走到那里并捕获这些标志。 相信我,这是一次不可思议的经历。



  • 1
  • 0
  • 1
  • 一键三连
  • 扫一扫,分享海报

评论将由博主筛选后显示,对所有人可见 | 还能输入1000个字符
©️2021 CSDN 皮肤主题: 1024 设计师:白松林 返回首页
钱包余额 0