banner
破影岚歌

破影岚歌的博客

bilibili
twitter
github
HomeArchives笔记系列关于我捐赠

CTF Question Types

#CTF学习笔记261
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The article discusses different types of challenges in CTF competitions, including Web, Pwn, Reverse, Crypto, and Misc. Each type focuses on specific skills such as web security, binary exploitation, reverse engineering, cryptography, and miscellaneous tasks. Participants need to demonstrate their knowledge and abilities in these areas to solve the challenges and obtain the flag.

Most of the web-based questions are related to skills such as network, web, HTTP, etc. They mainly test the participants' knowledge and skills in web attack and defense. Common topics include SQL injection, XSS, code execution, code auditing, and so on. Generally, web questions only provide a URL that can be accessed. Some questions may also provide attachments.

Pwn#

Pwn questions focus on the participants' ability to discover and exploit binary vulnerabilities, with common topics including stack overflow, format string vulnerabilities, UAF, Double Free, and other common binary vulnerabilities. Participants need to reverse engineer the provided binary executable file, identify vulnerabilities, exploit them, write corresponding exploit scripts (Exploit), and then attack the remote server provided by the organizer to obtain the flag. Typically, Pwn questions provide remote server information in the form of nc IP_ADDRESS PORT, for example, nc 1.2.3.4 4567, indicating that the challenge is running on port 4567 at IP 1.2.3.4.

Reverse#

Reverse questions test the participants' ability in reverse engineering. Participants are given an executable binary file, sometimes an Android APK installation package. They need to reverse the given program, analyze its working principle, and ultimately obtain the flag based on the program's behavior.

Crypto#

Crypto questions test the participants' understanding of cryptography, with topics such as RSA, AES, DES, etc., being common in cryptography challenges. Sometimes, an encryption script and ciphertext are provided, and participants need to deduce the plaintext based on the encryption process.

Misc#

Miscellaneous questions cover topics that do not fall into the above categories. Participants are given an attachment to download and analyze, ultimately leading to the discovery of the flag.

Common question types include image steganography, video steganography, document steganography, traffic analysis, protocol analysis, games, IoT-related challenges, and more, offering a wide variety of challenges.

FLAG#

ctfhub{c8fde6edc982a5a29d6ae461f1373fe6}

Original Author: CTFHub
Original Link: https://writeup.ctfhub.com/Skill/ 基础知识 /vFs9oqFwtcc2x6D5h4weaE.html

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.