CapturetheFlagCTFWrite-Up

docx

School

Thomas Edison State College *

*We aren’t endorsed by this school

Course

351

Subject

Computer Science

Date

Feb 20, 2024

Type

docx

Pages

2

Uploaded by MagistrateWolverinePerson30

Report
Capture the Flag (CTF) Write-Up Section I: The Solves I attempted the following 10 CTF challenges: Category 1 Challenge 3: o 1-3. Convert the string below from hex to ASCII: 55 4d 43 47 2d 38 30 38 30 o Answer: UMCG-8080 Category 1 Challenge 4: o 1-4. Convert this to a dotted decimal notation IPv4 address: c7.c9.cc.22 Answer format: 1.1.1.1 o Answer: 199.201.204.34 Category 1 Challenge 5 o 1-5. Find the appropriate substitution cipher to decode the phrase below and find the flag. nqrycuv znelynaq o Answer: Adelphi Maryland Category 4 Challenge 1 o 4-1. Use the IIS log to determine what version of curl was used by the web client. Answer format: X.XX.X o Answer: 7.19.7 Category 4 Challenge 2 o 4-2. Use the IIS log to determine which version of Nikto was used to scan this machine. o Answer: 2.1.6 Category 4 Challenge 8 o 4-8. Use the IIS log to determine what country is the attack on this server coming from. o Answer: China Category 6 Challenge 1 o 6-1. In this capture file, what is the IP address of the SSH server? o Answer: 192.168.1.200 Category 6 Challenge 2 o 6-2. In this capture file, what is the FTP password with UMGC in it? o Answer: UMGC-234562 Category 8 Challenge 1 o 8-1. Given the hash below, find the password for the user listed. bart:"":"":A988BBFD3CFDE311AAD3B435B51404EE:9CE736F7B01B851A7BBB9DA1B 67E6C98 o Answer: BARTMaN Category 8 Challenge 3 o 8-3. Given the hash below, find the password for the user listed.
santaslittlehelper:"":"":C41A0804FF1D42C3AAD3B435B51404EE:5A32DC0BCECC7424 8C38C4B22A6EDE94 o Answer: gooddog Section II: Strategies Employed Category 1 Challenge 3: For this challenge, I researched multiple hex to ASCII converters. I ended up using https://www.binaryhexconverter.com/hex-to-ascii-text-converter. I liked that this converter had detailed explanations of both hex and ASCI below the converter. This tool is open source and was easy for me to use. Once the hex input was converted into ASCII, I confirmed answer with the class quiz provided. Category 4 Challenge 8: For this challenge, I used my prior exposure to a similar instance. I remembered that during our class we used a tool that was able to give use all the background information on an IP address. I was unsure of the tool name, so I conducted Google search of this challenge’s IP address. The search results immediately showed IP search tools with said IP address results. I choose www.findip-address.com website. This website gave me information like it’s location, CIDR, the ISP it uses, user type, and even exact longitude and longitude location. This tool was easy to use, open sourced, and gave me detailed information. Once location was found, I confirmed answer with the class quiz provided. Section III: Lessons Learned What are your strengths/How would your skills benefit a CTF team? o My strengths are those of research. My knowledge currently runs short on hacking tools and hacking identification but my researching skills would benefit a CTF team. I am skilled at identifying context clues to gear my research and pave the fastest way to obtaining information needed. Which challenge banks did you find easy? o I found categories 1 and 4 to be the easiest. One reason being that I did not need to download additional tools to my computer. My route to the answer relied on my research skills and on early knowledge from this class. What areas do you need more practice in? o I believe I need the most practice in determining with downloadable tools I need. Once I figured it out using research, I had to familiarize myself with the programs. I had previously used Wireshark before, but I ended up needing extra practice using it for some of the challenges. Which challenge banks did you struggle with or avoid? o I had challenges with opening the 7-zip files in category 5. After troubleshooting and failing, I moved on to the next category. I believe this category made me anxious and that is why I ended up not following through. After clearing my mind of the challenges, I will try this category again. Were there challenges you attempted but did not complete or challenges that you did not attempt? o Yes, attempted and didn’t complete categories 5 and 10. I attempted different methods of opening up the 7-zip files in category 5 but failed. I also skipped category 10 because I attempted to download the virtual machines provided in the exercise but downloads estimated at 2-3 hours. How can you improve your skills in that area (strategies, tools, websites, etc.)? o I think practicing and continuous use of these tools and websites will help improve my skills. This exercise helped me discover many tools and websites that I had not used before. I do not see many of these scenarios at work since I am not working in the IT field, so these hands-on challenges put the readings into a much better perspective. Even though some of the challenges were hard and took several times to get the answer, it was a good eye-opening practice.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

CPAN112_ProgramAssignment_CostVolumeProfitAnalysis_BreakEven.docx
CPAN112_Lab04.docx
CECS 229 Programming Assignment #1.pdf
Discussion 2 Switching.docx
Homework 2 - Solution -in class problem.docx
combinepdf (13).pdf
Class 10 Prep (1).Rmd
CST8116 - Assignment #2.doc
Fix_M03.docx
Capstone_7_1.docx
HW4.docx
SEMINAR 3.docx
Recommended textbooks for you
Text book image
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
EBK JAVA PROGRAMMING
Computer Science
ISBN:9781305480537
Author:FARRELL
Publisher:CENGAGE LEARNING - CONSIGNMENT
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
EBK JAVA PROGRAMMING
Computer Science
ISBN:9781305480537
Author:FARRELL
Publisher:CENGAGE LEARNING - CONSIGNMENT
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
SEE MORE TEXTBOOKS