What is CTF (Capture The Flag)?
CTF stands for “Capture The Flag,” which translates directly to “Capture the Flag Game.
In a nutshell, CTF is an information security quiz.
CTF is an event in which participants use their knowledge and skills to find answers, called flags, to the information security questions posed.
When participants (respondents) find the Flag (answer), they can earn points, and participants compete against each other for the total points earned within a time limit.
The rules vary from event to event, such as individual competition, team competition, and points earned depending on the speed of the answers and the difficulty of the questions.
Translated with www.DeepL.com/Translator (free version)
The largest CTF event is DEFCON in the U.S., while SECCON organized by the Japan Network Security Association is the largest event in Japan.
About CTF Training
The information security knowledge required by the CTF is extensive.
Networking, software, programming, operating systems, cryptography, etc…
The CTF requires a broad and deep knowledge of information technology, but in other words, if you participate in CTF events and do CTF training, you will naturally acquire knowledge.
Why CTF Training is Recommended
To be honest, I can’t understand a reference book on information security if I don’t know anything about the field.
I think that most people try to work in this field and gradually gain knowledge as they do it every day, and then they can understand the reference books.
However, it is very difficult to live in such an environment, so you can deepen your knowledge of information security by doing CTF training in an easy-to-access quiz format.
And most importantly, I enjoy solving the problems. Many of the problems are difficult, but the excitement I feel when I solve them is exceptional. In this sense, CTF training is also effective because the emotional experience remains deep in the memory.
Translated with www.DeepL.com/Translator (free version)
About “ksnctf”, a website recommended for CTF training
There are many sites on the Internet that offer CTF practice, but one site that is easy for beginners to join is
ksnctf https://ksnctf.sweetduet.info/
is recommended.
This site is prepared with CTF training questions and anyone can easily solve them.
サイトksnctfのトップページ(https://ksnctf.sweetduet.info/から引用)
Furthermore, what is good about ksnctf is that it is a user-participation site, with a system whereby users earn points for solving problems.
For problems, points are set according to the difficulty level, and you can earn points for solving them.
For example, easy problems earn 5 points, difficult problems earn 100 points, and so on.
It is a simple but good mechanism that you get points for solving problems. It is a simple but good system, because it is not fun to solve problems in a casual way.
And since this is a user-participation type site, the total points are used for ranking.
The cycle of solving problems, earning points, improving ranking, and trying to solve more problems keeps you motivated and allows you to train repeatedly.
This is quite important to maintain motivation, because there are many difficult problems in CTF training, and it is easy to feel that you have had enough, but you want to try harder because you want to get points.
These points can’t be used for any service, but… it’s a strange thing about people, they get motivated when they receive points or when their ranking improves.
All you need is a Twitter account.
If you just want to solve problems, you do not need to log in.
However, to use the point and ranking features mentioned above, you need to log in using your Twitter account.
However, there is no need to go through a complicated procedure
Enter your Twitter account ID and password to log in
or
or by authenticating the ksnctf linkage while logged in to your own Twitter account.
You can log in with your Twitter account ID and password. It only takes a moment.
How to use ksnctf (try to solve ksnctf #2 Test Problem)
Now, we will show you how to use ksnctf by actually solving practice problems.
First, select a test question from the list of questions on the top page of the site.
In ksnctf, a form for entering the answer (Flag) is provided below the question text.
The format of each question is different, but the form for entering the answer (Flag) is the same for each question.
In this test question, the answer (Flag) is written directly in the question text, so all you have to do is copy it and enter it in the answer form.
If the answer is correct, the message “Conguratiration” will be displayed.
ksnctf#2 Solving Easy Cipher
Then, I also try to solve ksnctf #2 Easy Cipher.
First of all, I do not understand the English meaning of the problem title Easy Cipher.
If I don’t understand it in English like this, I will try to translate it anyway.
This is because, as is the case with the real CTF, the title is often a clue to solving the problem.
日本語に直すと、「簡単な暗号」という意味です。
And the problem statement is
EBG KVVV vf n fvzcyr yrggre fhofgvghgvba pvcure gung ercynprf n yrggre jvgu gur yrggre KVVV yrggref nsgre vg va gur nycunorg. EBG KVVV vf na rknzcyr bs gur Pnrfne pvcure, qrirybcrq va napvrag Ebzr. Synt vf SYNTFjmtkOWFNZdjkkNH. Vafreg na haqrefpber vzzrqvngryl nsgre SYNT.
This is a list of unintelligible English words.
However, given the title of the problem, “A Simple Cipher,” we can guess that this string of English is a simple cipher, and that we can just decrypt it.
I don’t know what the English in the problem text means, but given that only English is used, I can guess that the English letters are converted (encrypted) into other English.
A simple cipher is the Caesar cipher.
The Caesar cipher is a cipher method that was used by the ancient Roman leader Caesar (Caesar in English).
The Caesar cipher is a simple ciphertext that is constructed by shifting the letters of the original word by a few letters.
For example, by shifting the letters of the word “Hello” back three letters, the ciphertext becomes
Hello→Khoor
which is an unintelligible word.
In Japanese, if you shift back three letters in the word hello, you get
Hello→Suunoto he
in Japanese. It is simple, but it is encrypted.
I will try to shift the letters, assuming that the Caesar cipher is also used in this problem text.
By the way, there are several sites on the Internet that can encrypt and compound using the Caesar cipher, so it is easy to use these sites.
In this case, we used this site.
If you enter the original sentence (plaintext) and the number of shifts (how many characters to shift), you can encrypt it.
Conversely, it is also possible to compound the ciphertext.
I did not know how many characters were shifted, so I shifted one character at a time. 13 characters later, I had an English sentence that made sense.
Translating this English text gave the answer.
When this answer was entered as Flag, the correct answer message was successfully displayed.
Incidentally, this 13-letter shifting technique is recognized as ROT13 in the Caesar cipher.
It seems that this method is to shift 13 letters, half of the 26 letters in the alphabet.
In this case, I shifted one letter at a time with a little bit of force, but if you are familiar with the ROT13 method, you could have shifted 13 letters and arrived at the correct answer quickly. I think that those who know the ROT13 method could have shifted 13 letters and reached the correct answer quickly.
summary
As mentioned above, we have introduced CTF training.
The interesting thing about CTF is that you can reach the correct answer even from various angles.
Even in the Caesar cipher problem above, I don’t think anyone can suddenly understand the meaning of this ciphertext.
However, it is possible to understand the meaning of the
The title of the question
Knowledge of Caesar cipher
The ciphertext is only in English, and it is in a certain amount of chunks (words).
The title of the question, knowledge of Caesar’s Cipher, and the fact that the ciphertext is in English only and in some chunks (words).
The important thing is to be able to guess and to search for the necessary knowledge by yourself.
CTF training is the best study method for developing exactly these two skills.
I hope to explain another problem tail as well.
関連記事:
- How to install Ubuntu on VMware virtual environment (using iso files)
- [2022 Newest Version] Google Analytics and Adsense links were not set up… I’ll walk you through the steps to set up your tracking code! [GA4]
- [2022] GoogleAdsence has been shut down! My Experience
- How to set up Kali Linux 2022.1 on VMware.