Welcome to CTF101, a site documenting the basics of playing Capture the Flags. This guide was written and maintained by the OSIRIS Lab at New York University in collaboration with CTFd . In this handbook you'll learn the basics™ behind the methodologies and techniques needed to succeed in Capture the Flag competitions.

Capture the Flags, or CTFs, are computer security competitions. Teams of competitors (or just individuals) are pitted against each other in various challenges across multiple security disciplines, competing to earn the most points. Why play CTFs?

Jan 26, 2024 · Capture the Flag Competition Wiki. Web Exploitation. Websites all around the world are programmed using various programming languages.

Capture the Flag Competition Wiki. Cryptography. Cryptography is the reason we can use banking apps, transmit sensitive information over the web, and in general protect our privacy.

Jan 26, 2024 · Capture the Flag Competition Wiki. Binary Exploitation. Binaries, or executables, are machine code for a computer to execute.

Capture the Flag Competition Wiki. Steganography. Steganography is the practice of hiding data in plain sight.

Capture the Flag Competition Wiki. This payload sets the username parameter to an empty string to break out of the query and then adds a comment (--) that effectively hides the second single quote.Using this technique of adding SQL statements to an existing query we can force databases to return data that it was not meant to return.

Wireshark uses a filetype called .pcap, or "packet capture", to record traffic. Info .pcap 's are often distributed in CTF challenges to provide recorded traffic history and are one of the most common forms of forensics challenge.

Well with our buffer overflow knowledge, now we can! All we have to do is overwrite the saved EIP on the stack to the address where give_shell is. Then, when main returns, it will pop that address off of the stack and jump to it, running give_shell, and giving us our shell.. Assuming give_shell is at 0x08048fd0, we could use something like this: python -c "print 'A'*108 + …

Capture the Flag Competition Wiki. Forensics. Forensics is the art of recovering the digital trail left on a computer.