Never Ending Security

It starts all here

Wiki-like CTF write-ups repositories, maintained by the community. 2013, 2014 and 2015

CTF write-ups 2013-2014-2015

There are some problems with CTF write-ups in general:

  • they’re scattered across the interwebs
  • they don’t usually include the original files needed to solve the challenge
  • some of them are incomplete or skip ‘obvious’ parts of the explanation, and are therefore not as helpful for newcomers
  • often they disappear when the owner forgets to renew their domain or shuts down their blog

This repository aims to solve those problems.

It’s a collection of CTF source files and write-ups that anyone can contribute to. Did you just publish a CTF write-up? Let us know, and we’ll add a link to your post — or just add the link yourself and submit a pull request. Spot an issue with a solution? Correct it, and send a pull request.


  • Write-ups for CTFs that occurred in 2013
  • backdoorctf-2013
  • Write-ups for CTFs that occurred in 2014
  • 31c3-ctf-2014
  • Write-ups for CTFs that occurred in 2015
  • 0ctf-2015

A collection of tools used to maintain and create CTF writeup folders:

Generate a CTF directory/skeleton

Use this tool to generate a CTF skeleton.

This is how I usually maintain a new CTF directory/skeleton

  • Create an empty directory for the CTF, ending with the current year, e.g. example-ctf-2015/
  • Create an empty directory in this new CTF directory for each task category, e.g. mkdir crypto web misc trivia
  • Create an empty for each task in the according category folder, e.g. mkdir crypto/{rsalot, rsanne}
  • Download all CTF files during the CTF and save the description, points, original task name, solves and task category for each file in a file named info, e.g. crypto/rsalot/info and crypto/rsanne/info
  • Generate a for each info file in the CTF directory using the tool, e.g. python example-ctf-2015/ info 'Example CTF'
  • Remove all info files (make a backup of your CTF directory just in case) using find example-ctf-2015 -name info -delete
  • Tell git to ignore all files that are bigger than 10MBytes with cd example-ctf-2015; find . -size +10M >> .gitignore
  • Edit each to fill in missing information (e.g. Authors, references and solves)
  • Move the CTF directory to the write-ups-$YEAR repo, making sure that it not yet exist

A general collection of information, tools, and tips regarding CTFs and similar security competitions:

CTF Resources


This repository aims to be an archive of information, tools, and references regarding CTF competitions.

CTFs, especially for beginners, can be very daunting and almost impossible to approach. With some general overviews of common CTF topics and more in-depth research and explanation in specific technologies both beginners and veterans can learn, contribute, and collaborate to expand their knowledge.

Quick Start

  1. First time? READ THIS! and then the section below. Once you understand the basics, use the resources in the topics directory to try to solve challenges on websites like OverTheWire
  2. Beginner? Use the guides found in the topics directory to try to find out what type of challenges you are presented with and participate in some of the CTFs on ctftime.
  3. Intermediate? Navigate straight to the topic you are interested in to find extra online resources to help you solve more complex challenges.
  4. Master? Help improve this repository! Have a new type of vulnerability you want to explain? Write about it and how to use it! Have a new tool people can use? add it to the tools directory!

What are CTFs?

CTFs are computer security/hacking competitions which generally consist of participants breaking, investigating, reverse engineering and doing anything they can to reach the end goal, a “flag” which is usually found as a string of text.

DEF CON hosts what is the most widely known and first major CTF, occurring annually at the hacking conference in Las Vegas. Many different competitions have branched off since then, and numerous ones are available year round. One of the best places to see when CTFs are being scheduled isCTFTime, an active website with calendars and team rankings.


A very simple type of CTF challenge consists of looking at the source code of websites or programs to find flags and/or hints. For example, can you find the flag hidden on this page?

Moving On

You may be able to solve some CTF challenges after looking through the documents in this repository and understanding the basics of the technologies and subjects covered, but you won’t be very proficient or successful for long. To be an adept CTF competitor you have to be able to combine many different strategies and tools to find the flag. Developing the ability to find flags quickly takes practice more than anything, and participating in numerous CTFs will allow you to expand your understanding and abilities, leading you to success. Spend some time on CTFTime working through CTFs to truly improve and learn.


Now that you know the basics of CTFs, you can visit ctftime and try out a CTF! Using your background knowledge and the information on this page you’ll be able to develop a solid basis in computer security.


Cryptography is the practice and study of techniques for secure communication in the presence of third parties. – Wikipedia

In the case of CTFs, the goal is usually to crack or clone cryptographic objects or algorithms to reach the flag.


If you look around the folders in this page you should be able to find a suitable way to solve this simple cipher:

Hint: Julius Caesar's favorite cipher

kxn iye lbedec

Getting Started


Sources/See More

Introduction to Cryptography

Caesar Cipher

The Caesar Cipher is a very simple and common encryption method which does not appear often in full-fledged CTFs but forms part of the basis of cryptography. It simply shifts a string of letters a certain number of positions up or down the alphabet.

Let’s say we want to encrypt the string hello world to give to our friend whose favorite number is 3. We will shift our string left 3.

Taking the first letter h in our string and going 3 places up the alphabet(as it is a left shift) gives us the letter e. We then start our new, encrypted string with the letter.

Doing so for the whole original string creates a jumbled mess of incomprehensible letters to anyone but the reader with the proper decryption shift:

Original: hello world

Final: ebiil tloia

To let our friend read this, we would send him the final string with the instructions right 3, and either by hand, with a website, or with a script, he would be able to extract our message.


Caesar ciphers are usually presented in very low-point tasks, if at all, and can be easy to detect and check for. Strings containing incomprehensibly jumbled letters are possible Caesar ciphers and should be checked.


There are many approaches to cracking Caesar ciphers, but usually the best way to solve them is to write a script or run the string through a website which will print out all the possible shifts of a string. From those results the most comprehensible and logical solution can be chosen.

CTF Example


Sources/See More

Brute force caeser cipher cracker

Vigenère Cipher

The Vigenère Cipher is a method of encrypting alphabetic text by using a series of different Caesar ciphers based on the letters of a keyword – Wikipedia.

Please read the article on Caesar Ciphers if you haven’t already because the Vigenère Cipher is a direct derivative of the former. The Vigenère cipher takes a keyword and applies a certain caeser cipher to it multiple times according to the letters of a keyword.

To-Do Example


Vigenère Ciphers appear to be identical to any other substitution cipher, but trying to solve it as Caesar Cipher will not work. Check for this type of cipher if the Caesar Cipher crack does not work.



CTF Example

DEKTHON 2014 had a simple vigenère cipher with no hints and only a line of text:


Solution can be found here.

Sources/See More

Online Vigenère cracker

MD5 Hashing

MD5 is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number –Wikipedia.

This system is commonly used to check the integrity of files (like downloads). The way MD5 hashes are created, any slight variation in a file creates a new hash that is completely different than the previous, making changes in files (e.g. corruption in download or tampering) very apparent.

Creating an MD5 hash is very simple, as there are multiple online tools like md5-creatorand even a command line tool md5sum which will quickly create a sum from input.


MD5 hashes are very standard, as they are always 128 bits, or 32-character strings.



Sources/See More

Easy MD5 cracker







CTF Example

BackdoorCTF 2014 had an RSA challenge which simply provided a public key and encrypted text file.

The solution can be found here.

Sources/See More

CTF Write-up


Steganography is the art or practice of concealing a message, image, or file within another message, image, or file. – Wikipedia

In the context of CTFs steganography usually involves finding the hints or flags that have been hidden with steganography. Most commonly a media file will be given as a task with no further instructions, and the participants have to be able to uncover the message that has been encoded in the media.


Images are a very common medium for steganography, as they are easy to manipulate and simple to view and transport. Files in Images give a good introduction for beginner steganography.

Getting Started

A rudimentary knowledge of media filetypes (e.g. jpg, bmp, png for pictures and wav, mp3 for sound) is essential to steganography, as understanding in what ways files can be hidden and obscured is crucial. Also, understanding basic linux is important, as a multitude of tools are specifically for bash.

Sources/See More

Hiding a file in an image

One of the most common steganography tricks is to hide a file inside of an image. The file will open normally as an image but will also hold hidden files inside, commonly zip, text, and even other image files.

The reason this works is because when an image file is read it has starting and ending bytes dictating the size of the image. The image viewer that you use will use the information between these bytes to present an image to you, ignoring anything after the terminating byte.

For example, The terminating byte for a JPEG is FF D9 in hex, so using a hex viewer (xxdis good for linux, or something like HxD for windows) you can find out where the image finishes. These bytes are sometimes hard to find in a sea of numbers though, so looking at the dump of the hex (the text representing the hex bytes) can also help you find hidden .txt or .zip files.


A very simple implementation of this strategy is used in the example.jpg file in this directory. If you save it to your computer and open it up with an image viewer, you should be presented with a simple jpg image.

Now lets try to find the flag. Open up the image in your favorite hex editor and start looking around for something odd (You may find the flag itself from the dump at this point, but for the sake of example try extracting it). Near the bottom of the file you should see the terminating byte of a jpg ffd9:

01e17a0: 685c 7fab 8eb4 5b32 61f1 c4ff d950 4b03 h\....[2a....PK.

Another important part of this line is the PK near the end. PK are the initials of Phil Katz, the inventor of the zip file, and indicate that a zip file starts at that point.

Using this information we can use another handy linux tool, dd). The dd command is very versatile and allows for the copying and converting of a multitude of files. In our case, we are going to be using it to extract the zip file.

We know where the location of the zip file is, but dd only takes decimal values, so we convert the hexadecimal location 0x01e17ad from hex to decimal to get 1972141.

Pluging this into dd:

dd if=example.jpg bs=1 skip=1972141

This takes in the image example.jpg, the ‘in file’ if, reads one block at a time, ‘block size’ bs, skips to block 1972141, skip, and writes it to the ‘out file’ zip we call When this completes you should have a zip file you can easily unzip to access the text file inside.

This is the long way of solving a simple steganography problem but shows how the strategy works. In the Solving section more concise and efficient methods are described.


These challenges are usually presented as a simple picture with no other instructions, and it is up to the competitor to run it through a hex editor to find out if it involves steganography. If you are presented with an image and no instructions, your safest bet is that is has something hidden after the closing tags of the image.


Although it is possible and at times practical to solve these tasks using linux tools likedd, there are some tools that make it much easier. Binwalk is an immensely useful tool which automatically detects and extracts files hidden with steganography tools

CTF Example

Steganography of this type is usually not scored very highly but is decently widespread. BackdoorCTF 2014 created one which is generally straightforward, ctfexample.jpg, but involves multiple layers.

Sources/See More





Hidden Text in Images

A simple steganography trick that is often used for watermarks instead of outright steganography is the act of hiding nearly invisible text in images. The text can be hidden by making it nearly invisible (turning down it’s opacity to below 5%) or using certain colors and filters on it. Although the text is undiscernable to the naked eye, it is still there, and there are a variety of tools which allow the text to be extracted.


Using the tactics detailed below, can you find the flag in this image?



Detecting this type of steganography can be somewhat challenging, but once you know it is being used there are a multitude of tools you can use to find the flag. If you find that there are no other files hidden in the image (e.g. .zip files), you should try to find flags hidden with this method.


There are multiple ways to find flags hidden in this manner:

  • GIMP or Photoshop can be used to uncover the flag by using different filters and color ranges. This tutorial works remarkably well for finding hidden text.
  • Stegsolve is an immensly useful program for many steganography challenges, allowing you to go through dozens of color filters to try to uncover hidden text.
  • There are many scripts that have been written to substitute certain colors and make hidden the text legible, for example this Ruby script highlights colors passed to it in the image.

CTF Example

PlaidCTF 2014 had a steganography challenge recently with this image:


The write-up for this challenge can be found here

Sources/See More


Web challenges in CTF competitions usually involve the use of HTTP (or similar protocols) and technologies involved in information transfer and display over the internet like PHP, CMS’s (e.g. Django), SQL, Javascript, and more. There are many tools used to access and interact with the web tasks, and choosing the right one is a major facet of the challenges. Although web browsers are the most common and well known way of interacting with the internet, tools like curl and nc allow for extra options and parameters to be passed and utilized.


To-Do (need a website/server)

Getting Started

Command Line and the Web

If you are running linux and want extended functionality (like passing custom headers) in web challenges, bash (terminal) commands are your best bet. cURL is a simple but extensible command-line tool for transferring data using various protocols, and allows users to use HTTP to interact with servers, including POST and GET methods.


To see curl at work, you can simply run curl (Google), and the html of Google’s home page should appear.

There are many other options and flags that can be passed to curl, making it an extremely useful tool in CTFs

Sources/See More



HTTP (Hypertext Transfer Protocol)


PHP is a server-side scripting language designed for web development.

Sources/See More


SQL Injections


Many challenges in CTFs will be completely random and unprecedented, requiring simply logic, knowledge, and patience to be solved. There is no sure-fire way to prepare for these, but as you complete more CTFs you will be able to recognize and hopefully have more clues on how to solve them.


In recent CTFs the sheer variety of miscellaneous tasks has been highly exemplified, for example:

Sources/See More

CTF Write-Ups



Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s