Logo
Raise the Flag So I Can Capture It

Raise the Flag So I Can Capture It

November 18, 2024
9 min read
Table of Contents

TL;DR

For a long time now I have been thinking about writing my own CTF solutions for many reasons but the main reason was that I wanted to understand the topic I am solving the challenge on and understand the steps to the extent that I can replicate the same solution again regardless of the solution as far as it was under the same category and can be solved.

Reaseaches

The first thing that came to my mind, was how to stand out from the rest. what is it that makes a good write-up, and most importantly how do you define a good, bad, or useless write-up?

There are not so many tutorials out there talking about this topic, mostly because one looks at others’ write-ups, and sees that it’s just a step-by-step guide on what solution you took to solve a specific challenge, what could go wrong, but it’s not about what could go wrong or not, it’s about what others can’t get right.

But firstly, I am not claiming that this would produce the best write-up to exist or even a professional one, this is just how I see fits my style and goal, and in the end, what defines good or not for you is what you expect from a write-up depending on how much knowledge hungry you are, the more you are the harder it is to satisfy you.

To be Good.

To say that a write-up is good, it has to offer something that either steps up the game from the rest or at least gets near the best 1% write-ups of the same challenge or topic and for that matter let’s try to set some rules first.

  • Clarity: But not too much, more often than not I see write-ups where the writer only wrote the solutions, indeed that’s not bad for some audiences, but most of the time, being clear focusing on the main topic and providing the solution without spoon-feeding it is the best way to go about it.

  • Structure: Follow some structure in writing, not just what comes to mind is the right thing to put down, seamlessly walking through a roadmap of what you want to write down would make it more comprehensive

  • Actionable: What you provide should be replicable and extendable, open ways for others to try their thoughts, don’t assert dominance. Fellow chad.

  • Visuals: The more visuals, the less you write, the more we understand.

  • Reproducibility: Make sure to mention everything, don’t skip anything and don’t try to be a genie, actually be genies but a human one please, we all love learning from your mistakes, seeing how you think, and even inspiring by your steps.

  • Credit: Always credit resources, teammates, or references that helped you along the way. PLEASE

Credit, please

Step 0x0 ── Information

The most important thing is information, information for you when you need to revise something real quick and want to read the info Do not just rely on your memory to remember what this write-up was for or what step was taken.

Include the following at the very beginning of the write-up:

  • CTF Name (if it’s a room, machine or challenge skip)
  • Challenge Name
  • Challenge Description
  • Challenge Category (e.g., Web, Pwn, Crypto, Forensics)
  • Challenge Points (indicates difficulty)
  • CTF Year and Date (To mark if outdated or not)
Author
sinmaven
Category
Crypto
Points
300
Solves
1201
Files
ciphered_clues.zip

Investigator: Our communication channels were intercepted, and the encryption was tampered with. Can you recover the original message?
Me: I noticed the encryption might be vulnerable to padding oracle attacks. The clues are ciphered—find them and decrypt the truth.

Step 0x1 ── Not much is much

Try to provide a TL;DR after the challenge information, the first thing you search for is the challenge itself, write up for X. The second thing is just a quick overview, simple and just a glimpse of the path you took or the thought that you got.

not much

Example: In this challenge, we had to exploit an insecure deserialization vulnerability in a web application to gain remote code execution. Using Burp Suite and Python, we constructed a payload to pop a reverse shell and retrieve the flag. This write-up explores the rabbit holes encountered and the final solution step-by-step.

That was just an example, it’s up to you how to catch the reader’s attention while also providing a good overview of what you are trying to show.

Step 0x2 ── Structure

Outline the flow of your solution, and be organized about it, most of the write-ups provide the answers, but few of them provide the thought behind it and fewer provide a way to think, a layout of the steps without the actual steps taken or how they were executed.

Here’s a detailed example of how the structure might look like:

Challenge Overview

  • Challenge Name: Ciphered Clues
  • Category: Crypto
  • Description: Our communication channels were intercepted, and the encryption was tampered with. Your mission is to decrypt the tampered message and recover the original information.
  • Points: 300

Initial Analysis

  • Extracted ciphered_clues.zip containing:

    • ciphered_message.enc: The encrypted message.
    • instructions.txt: Hint: Encryption uses AES-CBC with padding issues.
    • vulnerable_server.py: A Python script simulating a padding oracle vulnerability.
  • The script confirmed the server leaks padding error details, enabling a padding oracle attack.

Exploitation

Approach
  1. Modify ciphertext blocks and observe server responses to validate padding.
  2. Use the leaked information to infer plaintext byte by byte.
Automation
  • Implemented a Python script to automate the padding oracle attack:
    import requests
     
    url = "http://localhost:5000/decrypt"
    ciphertext = bytes.fromhex("...")  # Replace with actual ciphertext
     
    def padding_oracle_attack(ciphertext):
        plaintext = b""
        # Implementation here...
        return plaintext
     
    print(padding_oracle_attack(ciphertext))

Execution

  • Running the script decrypted the message:
    python3 exploit.py

FLAG: SMVN{Th3_0racl3_kn0ws}

Reflection

  • Lesson: Improper padding validation can compromise encrypted data.
  • Tip: Always avoid exposing cryptographic error details.

This is just a simple structure, it’s just a template and the rest is for you, you can remove some of it, edit it, and not use it in the first place, but at the end, you have to have a structure. The main key here is not just to be a writer, but the reader of your writeups and don’t assume any knowledge about the machine or the challenge you’re solving, one day you’ll need to remember something by reading what you wrote just to find that you assumed that WE already know or remember it.

Step 0x3 ── Write the content

This is where everything happens, you put in the juice of your brain and ideas out to the world in a way that communicates Good to others’ brains and this is actually up to you, be creative, and minimal, use jargon, don’t use jargon, noodles don’t noodles. This part is what will make you unique, the rest is just to support it so actually no tips from me here apart from being concise avoiding unnecessary information and using visuals, to the point that you start questioning your sanity.

Step 0x4 ── Rabbit holes

Be honest. Yes, that’s it, just be honest about your mistakes, share your thoughts, what wrong paths you took and what did it lead to Mention Why did you think that way, and what gave it away for you to think like that. You actually will need such information even for yourself later to be able to know what baffled you. and mention How you realised it was incorrect, after what step did it get revealed?

And offer tips to avoid falling for it. first time for others, never again for you.

You if you never write it

Step 0x5 ── Highlight the solution

Once you reach the right solution, be glad about it, show your steps, what you think might be a prerequisite for it, tools used, environment setup…etc. Test your solution one more time after you got all the steps, and see if it’s right, did you solve it faster, have you changed your steps this time, did you recognize that a step could be improved?

All of this information helps you create an image of how optimal your solution is, it might be right but not the right one.

let me give you an example that I always like to give, I have a friend who’s a farmer, and every day he goes to his potato field to take care of it, but one day I wanted to learn about what his job exactly, and how he does it and I couldn’t so I asked him this; what makes it that you are the farmer and I am not? And instead of teaching me how to farm, he taught me how not to. What are all his faults, mistakes, wrong habits, bad products, weird Minecraft villager noises that he had to go through to be not just a farmer but The farmer.

That applies to you too, share the process, not the success.

Step 0x5_1 ── Make it Reproducible

Finally, showed the right answer and now want some peace of mind, the write up is done and you went to eat some potatoes, but not yet to make something special, I don’t need you to just give me the solution for that one challenge, but all similar or related challenges, make it Reproducible.

And I won’t speak much of it here other than telling you that you can turn your steps into an automated script and host it on GitHub so anyone can use it on all similar challenge use cases, try to recreate the same challenge but on a miniature scale, and make it away to learn the infrastructure given whether it’s a website or server and also give the others to learn what’s inside.

Now you can go eat your potatoes. bye