Image for post
Image for post
The RIT Security Club

RITSEC Spring 2019 CTF — Week 13 and Conclusion

The final week of RITSEC’s Spring 2019 CTF has concluded. Although the official challenge write-ups for the semester CTF will be posted on RITSEC’s GitHub for those interested, I have more detailed write-ups here each week for the challenges I am able to solve. I do this because as a freshman, when I read the challenge write-ups they often went step-by-step but never elaborated on why a certain command was run or the strategy the user followed when solving the challenges. This is my effort to elaborate on the reasoning to the process.

Topic — Scripting

This week, participants were challenged to write scripts for a variety of purposes, including port scanning, wireless packet capturing, web scraping, log parsing, and many more. However, in order to earn points for these challenges, each language may only be used three times. The languages allowed for these challenges were:

  • Python 3
  • Python 2.7 (only for challenges involving Empire and Scapy)
  • PowerShell
  • Bash
  • Perl
  • Ruby
  • Go
  • JavaScript
  • PHP

These scripts are available on GitHub.

Easy 1: Create a Week 13 GitHub repository

There you are, done! :D

GitHub repositories can be created via the GitHub website or by creating a local repository with git init and then committing and pushing it to GitHub.

Easy 2: Caesar cipher solver (Perl)

A caesar cipher simply adds 1 to the ASCII value of each letter in a word.

Easy 3: Networking configuration (PowerShell)

This PowerShell script sets static IP, gateway, and DNS settings for a Windows Server box. It also installs Active Directory and sets the domain name.

Easy 4: Sort IP addresses (Bash)

This Bash script is just a simple one-line command that takes a file or standard input and sorts numbers. To read more about the sort command, see here.

Medium 1: Blue Team Script (Bash)

This script does the following:

  • Creates the backup user “ritsec”
  • Changes the password on the root account
  • Disables SSH
  • Deletes the crontab file
  • Backs up the FTP and MySQL configurations
  • Enables iptables and sets basic rules

Medium 2: Port Scanner (Ruby)

This script is a basic alternative to nmap. Credit to HackingLoops and RubyGuides for helping me learn Ruby socket programming.

Medium 3: SSH log parser (Python 3)

This script analyzes an SSH log for successful logins. It then looks up the location of the IP address that the request came from.

Medium 4: Web Scraper (Go)

This script scrapes data from a website. Credit to the Go Tour and Gregory Schier for helping me learn Go HTML parsing and concurrency.

Hard 2: Anything that doesn’t exist yet! (Python 3)

This script is part of a larger project used to monitor file changes and create a visual representation of them for RIT’s Computer System Forensics class. The report and presentation are linked in the project GitHub.

Bonus: Wireless client MAC address logger (Python 2)

This script records the MAC addresses of all nearby wireless clients. It requires a wireless card capable of running in monitor mode.

Conclusion

Knowing popular languages such as Python, PowerShell, Ruby, and Go are incredibly useful (and hireable) skills. Unfortunately, I am not as familiar with Ruby or Go as I am with the former, although this experience has made me quite a bit more interested in learning Ruby. Perhaps that will be a project for this summer.

With that, the RITSEC Spring 2019 CTF has concluded! This semester covered advanced web and network exploitation techniques, Windows and Linux forensics, binary exploitation, red and blue team competition techniques and strategies, and scripting. I would like to say a huge thank-you to the club and both tech leads (Scott Brink and Suggwan Choi) for their efforts in creating these challenges this semester.

After two years of RITSEC challenges, my skills have grown immensely. Although I am still nowhere near a professional, I began the Weekly CTF in September 2017 and struggled to solve even the easy challenge for Week 1’s Intro to Linux topic. However, I slowly became more capable and finally solved my first Hard challenge in March 2018 (Cisco IOS Networking week). Returning in the fall of 2018 after my freshman year concluded, I found that I was no longer struggling at most of the challenges and was rather proficient at most of them!

During this time, I noticed an unfortunate result of all club members being active and incredibly busy students. Due to this the club sometimes has a mediocre track record with publishing solutions for challenges. To solve this problem, I took it upon myself to write these solutions giving insight into CTF strategies; I wanted to help the club enable others to learn and grow as I did. While keeping up with with weekly solutions, my goal for this semester was to make first place, and I was able to do amid tough competition from many of my friends! I’d also like to thank them for assistance in proofing my solutions and helping me explain some of the challenges.

As I now feel that I am outgrowing the RITSEC Weekly CTF, I might turn my attention to Hack The Box this summer amid my other obligations. I will be on a full-time co-op at Parsons Corporation in the Washington, D.C. area and plan to obtain several CCNA certifications during this time as well. I also hope to go to DEFCON for the first time, so I guess I will see how it goes!

If you want to know more about RITSEC check out their website or attend a meeting if you’re on RIT’s campus — but not during summer break. Until next semester!

Written by

DFIR, CTFs, disinformation, STEM education, and pretty much anything else that comes to mind. RIT Computing Security ’22. wyatttauber.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store