Scribd
Upload
51 views2 pages

Flag4 CTF

Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd35734.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-security/35734/flag4-ctf/dr-c-umarani

Uploaded by

Editor IJTSRD
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
51 views2 pages

Flag4 CTF

Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd35734.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-security/35734/flag4-ctf/dr-c-umarani

Uploaded by

Editor IJTSRD
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

International Journal of Trend in Scientific Research and Development (IJTSRD)

Volume 4 Issue 6, September-October 2020 Available Online: www.ijtsrd.com e-ISSN: 2456 – 6470

Flag4 CTF
Dr. C. Umarani1, R P Shruti2
1Assistance
Professor, 2Student,
1,2Masters in Computer Applications, Jain (Deemed-to-be) University, Bangalore, Karnataka, India

ABSTRACT How to cite this paper: Dr. C. Umarani | R


In today’s world a place where there is a large scope for Security, many people P Shruti "Flag4 CTF" Published in
are busy building applications, web pages and many more but no one actually International Journal
concentrates on security aspect of it. As the technology increases, the flaws in of Trend in Scientific
the security system also increases. The CTF machine is one such solution for Research and
this problem, where the person who is learning hacking can use these kind of Development (ijtsrd),
machines and learn security in a much deeper way. ISSN: 2456-6470,
Volume-4 | Issue-6,
Capture The Flag are games where the hackers have to solve puzzles and find
October 2020, IJTSRD35734
bugs so that they can get through system flaws and find flag, which is the main
pp.1643-1644, URL:
goal. Typical CTFs offer many challenges, most commonly the hackers have to
www.ijtsrd.com/papers/ijtsrd35734.pdf
exploit some kind of service so that you can get remote access to the server
and read the content of the file that contains a special string called “flag”,
Copyright © 2020 by author(s) and
which is a proof that he/she has hacked the system.
International Journal of Trend in Scientific
KEYWORDS: CTF, vulnerability, flag, security, capture the flag, remote desktop Research and Development Journal. This
service, tftpd, tftpd32/64, mssql server is an Open Access
article distributed
under the terms of
the Creative Commons Attribution
License (CC BY 4.0)
(http://creativecommons.org/licenses/by/4.0)

I. INTRODUCTION
There can be many ways to learn hacking and CTF machines Setting up vulnerabilities can be in many ways like web
are one among the most effective ways. The Main goal of CTF vulnerability, database vulnerability, weak password
is to find the flags hidden in the machine by remotely getting vulnerability and many more. There are many new CTFs
access through the vulnerabilities set up. The concept CTFs everyday with every vulnerability glooming. CTFs are a way
came from the traditional outdoor game where two teams to practice hacking.
each have few flags and their objective is to capture other
team’s flags from the base and bring it back to their base III. Proposed System
which would end the game. The combination of different vulnerabilities included makes
every CTF different. In the proposed system, combination of
Finding out the vulnerabilities using some tools or few vulnerabilities have been used. RDS (Remote Desktop
techniques like nmap, sql-injection, etc. is the toughest job. service) is one of the vulnerability through which the hacker
But once the vulnerability has been found, the hacker can get gets remote access. Another vulnerability is through MSSql
into the machine using some other tools like metasploit. which has code execution vulnerability. Another
vulnerability is tftpd32 which has buffer overflow
Vulnerability: It is the weakness in system which can be vulnerability which can cause denial of service. These
exploited by the attacker to gain unauthorized access. These vulnerabilities combined causes the creation of the flag4 CTF
vulnerabilities can allow attackers to run code, access machine. Any hacker can use these CTFs and get to know
system’s memory, install malware through which he/she can vulnerabilities in real time machines.
steal, destroy or modify sensitive data which may affect the
company’s status, fame and trust. A. Securing a machine
It is really important to secure a machine in the organization
Flag: Flags are secrets hidden in purposefully vulnerable point of view because data is everything they have and that
programs or websites. There are two type of CTFs based on is what they have to secure. This is when CTF comes into
the flags. An attacker steals flag from his competitor, this is picture. The hackers are rewarded as per the level of
known as attacker/defence style CTF. The other is where the difficulty for finding the vulnerabilities and bugs.
flags are obtained from organizations, which is known as
jeopardy-style. But when it comes to CTF’s, more the vulnerability much
easier to get through. Therefore based of the level of
II. Existing System difficulty required, the difficulty is setup. In the flag4 CTF, I
The aim of this paper is to help hackers learn break into have set the difficulty to medium as I have configured three
vulnerabilities. In the existing system there are many vulnerabilities which will be discussed further in the paper.
combinations of vulnerabilities set up to help hackers.

@ IJTSRD | Unique Paper ID – IJTSRD35734 | Volume – 4 | Issue – 6 | September-October 2020 Page 1643
International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
B. Setting up the vulnerabilities different extension just to make it a bit tricky. Even the
Vulnerabilities can be setup in many ways and in many credentials can be placed as flags.
levels. There are three levels of difficulty, they are:
In flag4, the flags are placed in different folders and also few
Simple: This level of difficulty will require installation of of them are placed within an image just to trick the attacker.
some affected software.
D. Flowchart
Moderate: This level of difficulty will require installation of
some affected software on a specific operating system.

Complex: This level of difficulty will require installation and


configuration of some affected software on a specific
operating system.

In the flag4 CTF, we are using windows operating system.


Since windows has GUI and many of the users are familiar
with the architecture of windows, it becomes easy for the
attackers to guess where the flag can be placed. As most of
the real world systems in our country are installed with
windows OS, this can be a really practical thing to hack into.
In this flag4 CTF, I have installed three software’s and
configured them according to my needs. These software’s
include Adobe ColdFusion, MSSQL, and TFTP. Fig: Flowchart of CTF

A. Adobe ColdFusion: IV. Conclusion


In flag4 CTF I have installed Adobe ColdFusion 9. There are As we are getting advanced in technology, we are also calling
newer versions of adobe available, but having some threat by our self. That is why every person who uses
vulnerabilities is good for us. technology should have basic awareness about how to
safeguard his/her device. This is only possible when they
By setting this up, RDS login method can be attacked through know about the flaws and vulnerabilities in system. This
a metasploit module and can gain administrative login, this paper helps to know how the everyday simple mistakes of us
can further be used to gain shell access. can cause serious damage to the data. The flag4 CTF is very
useful to the beginners who have not cracked any CTF’s as it
Another method is default credentials can be set up as a is of moderate difficulty.
vulnerability, and directory traversal can be used to gain the
flag. References
[1] https://ieeexplore.ieee.org/abstract/document/7427
B. MSSQL: 865
In most of the systems MSSQL is run almost all the time. This [2] https://ieeexplore.ieee.org/Xplore/home.jsp
can be used as a vulnerability. Here, in flag4 CTF machine we
are using MSSQL 2005 and MSSQL management suite to set [3] https://www.usenix.org/conference/3gse15/summit
up the vulnerabilities. Since this is the vulnerability, we get -program/presentation/chothia
access to the database directly with least effort. [4] https://ieeexplore.ieee.org/abstract/document/7092
098
C. TFTP:
[5] https://www.usenix.org/conference/3gse14/summit
Which can be abbreviated as Trivial File Transfer Protocol, is
-program/presentation/chung
an old service which provides FTP services to
unauthenticated users. Here, we are using Tftpd32 instead of [6] https://dl.acm.org/doi/abs/10.1145/3017680.30177
Tftpd64, again for the same reason of vulnerability. Tftpd32 83
is also vulnerable to buffer overflow. And there is also a [7] https://ieeexplore.ieee.org/abstract/document/8614
metasploit module associated with Tftpd32 which can be 801
really easy to begin with.
[8] https://ieeexplore.ieee.org/abstract/document/7911
C. Flag Placement 890
In the flag4 CTF machine, the flag is hidden in the form of [9] https://www.sciencedirect.com/science/article/pii/
string and also in the steno graphed image which can be B9781931836692500389
retained using some stenographic tools. This is just to make
sure that the attacker thinks in many ways while trying to [10] https://patents.google.com/patent/US7293282B2/e
crack a real world machines. n
[11] https://patents.google.com/patent/US7246171B1/e
Placing a flag is completely the creator’s idea. The file which n
contains flag can be simply named as flag.txt if the creator
[12] https://www.hjp.at/doc/rfc/rfc1350.html
wants it to be too simple. But it can also be named something
else and also the file containing flag can be placed with [13] https://owasp.org/www-project-top-ten/

@ IJTSRD | Unique Paper ID – IJTSRD35734 | Volume – 4 | Issue – 6 | September-October 2020 Page 1644

You might also like