Presentation is loading. Please wait.

Presentation is loading. Please wait.

Project CTF Yeganeh Safaei Arizona State University

Published byCharlotte Hancock Modified over 6 years ago

Similar presentations

Presentation on theme: "Project CTF Yeganeh Safaei Arizona State University"— Presentation transcript:

1 Project CTF Yeganeh Safaei Arizona State University
CSE 545 – Software Security Spring 2017 Yeganeh Safaei Arizona State University

2 Capture The Flag CTF is an attack-defense hacking competition.
Each team is competing against all the other teams. All teams have the same virtual machine with a set of vulnerable services. Each team is responsible for keeping their services running at all time.

3 CTF Architecture … … Game Network Admin Network Vuln VM Vuln VM
Router VM Admin Network Scriptbot/Gamebot Score Board Team Interface

4 Flag Each service is associated with a tuple (flagid ,token, flag)
Token 4vCANiiRVvge2UGMA Flag FLG798aHS0P2eQJV

5 sample_py service exploit

6 Goal The goal of each team is to find the vulnerability in their local copy of the service and patch their service. Exploiting all the other teams’ services to get flags. Submitting the acquired flag to the team interface. Running the exploits for every game tick.

7 https://ictf.cs.ucsb.edu/
Where to begin Login to ictf framework with your team information $ pip install ictf Then, from within a python shell, such as iPython, you can run: >>> from ictf import iCTF >>> i = iCTF(“ >>> t = To access your team’s VM, use the SSH keys, IP address, and port provided here: >>> key_info = t.get_ssh_keys() The ‘ctf_key’ is a key with access to the ‘ctf’ user, and the ‘root_key’ gives access to the ‘root’ user. ‘Ip’ and ‘port’ refer to the SSH server on your team VM. You’ll want to save those keys to files: >>> with open(“ctf_key”, ‘wb’) as f: …        f.write(key_info[‘ctf_key’]) >>> with open(“root_key”, ‘wb’) as f: …        f.write(key_info[‘root_key’]) Your hostname and port are provided as well; continuing the above example: >>> print key_info[‘ip’] >>> print key_info[‘port’]

8 Access Your VM You can then access the VM: $ ssh -i </path/to/ctf_key> -p <port number> Once logged in, you can run: >>> t.get_service_list() You can use the iCTF client to get a list of teams’ IP addresses, and the flag ID for the flag you must steal: >>> targets = t.get_targets(<service ID>) Submit flags: >>> t.submit_flag([“FLGxxxxxxx”,”FLGyyyyyyyyy”, ‘FLGzzzzzzzzz])

9 Suggestions Lots of tools to automate the exploits pwntools,…
Use a monitoring tools to check the incoming/outgoing traffic Tcpdump, wireshark,… Have your scripts and project ready for the final.

Download ppt "Project CTF Yeganeh Safaei Arizona State University"

Similar presentations

Introduction To The Course Network Architecture Hervey Allen Chris Evans Phil Regnauld September 3 - 4, 2009 Santiago, Chile.

Introduction To The Course Network Architecture Hervey Allen Chris Evans Phil Regnauld September 3 - 4, 2009 Santiago, Chile.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Implementing a menu based application in FutureGrid

Implementing a menu based application in FutureGrid
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.

PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.
CIS 193A – Lesson10 Protecting Your Network. CIS 193A – Lesson10 Focus Question What information contained in packets can be used as matching criteria.

CIS 193A – Lesson10 Protecting Your Network. CIS 193A – Lesson10 Focus Question What information contained in packets can be used as matching criteria.
CTF Mike Gerschefske Justin Gray. What is it? Came from Defcon Came from Defcon UCSB sp0nsorz – won last years Defcon UCSB sp0nsorz – won last years Defcon.

CTF Mike Gerschefske Justin Gray. What is it? Came from Defcon Came from Defcon UCSB sp0nsorz – won last years Defcon UCSB sp0nsorz – won last years Defcon.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Brad Baker CS526 May 7 th, 2008 5/7/2008 1. 1. Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.

Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.
Building service testbeds on FIRE D5.2.5 Virtual Cluster on Federated Cloud Demonstration Kit August 2012 Version 1.0 Copyright © 2012 CESGA. All rights.

Building service testbeds on FIRE D5.2.5 Virtual Cluster on Federated Cloud Demonstration Kit August 2012 Version 1.0 Copyright © 2012 CESGA. All rights.
COEN 252 Computer Forensics

COEN 252 Computer Forensics
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Dynamic and Secure DNS Tianyi Xing.  Establish a dynamic and secure DNS service in the mobicloud system.

Dynamic and Secure DNS Tianyi Xing.  Establish a dynamic and secure DNS service in the mobicloud system.
 International  UCSB Sponsored  Application security  ! network security  ! os security  Custom services 2.

 International  UCSB Sponsored  Application security  ! network security  ! os security  Custom services 2.
COEN 252 Computer Forensics Collecting Network-based Evidence.

COEN 252 Computer Forensics Collecting Network-based Evidence.

Similar presentations

Ads by Google