Resources

• Picoctf: CMU founded CTF training and learning platform great for "learn as you go."
• HackTheBox: Best for beginners, offers certified courses and learning paths along with hands-on labs in combination to theory.
• CyberChief: For Encryption/Decryption and Encode/Decode

General Knowledge

Terminal

• grep
• strings
• | (pipe)

TCP/IP Protocol

• Most common type of networking protocol that focuses on reliability, achived through 3 way handshake before establishing a network connection and a 4 way handshake terminating the connection.
  • 3-way handshake (establishing):
    • SYN flagged packet is being sent from host machine to target machine/server
      • "Hello are you available to connect?"
    • SYN-ACK flagged packet is returned from the target machine/server back to the host, acknowledging availability through an extra ACK flag
      • "Hello, yes! I'm able to connect"
    • ACK flagged packet is sent again from the host machine to the target machine/server, officially estabilishing a connection
      • "Awesome let's share the formula of koka-kola here"
  • 4-way handshake (terminating):
    • FIN flagged packet is sent from the host to the target machine/server
      • "Yo bro imma dip."
    • ACK flagged packet is sent from the target machine/server back to the host, notifiying the host that the connection is close on its end
      • "Aight bruh I gotchu, lemme send you this last thing."
    • FIN flagged packet is sent from the target machine/server to the host, indicating its finalization to the connection
      • "Alright, now I'm actually done too."
    • ACK flagged packet is sent from the host machine to the target machine/server, officially closing the connection
      • (Cool, *hangs up the call)

OSI Model

Under Construction

Forensics

• Base64 encoding: transforms any binary data (like images or files) into a string of printable ASCII characters
• Steganography: method that hides information in a non-secret file such as an image, or audio. The existence of the hidden message is unobservable to the viewer. Some of the most common techniques used includes LSB (least significant bit).
• Network Protocol Analysis:

Tools

Image Analysis

• zsteg: Package based on Ruby allows user to check metadata of images and steganography; specifically for .png and ,bmp images. It analyzes images to detect hidden data and extract hidden information on least significant and other steganography techniques.
• steghide: Steganography tool used to hide/reveal hidden data in images/audio files; mostly used with .jpeg, .bmp, .wav, and .au files.
• identify: Tool from ImageMagick, used to analyze and display information about image files such as image format, dimensions, file size, medatadata and properties.

Skills:

• Converting files to base64 and to an image file

# -d stands for decode
cat file.txt | base64 -d > file.jpeg

Networking

• Wireshark: Tool for network package analysis for pcap and pcapngfiles. It breaksdown the networking traffic and displays a wide range of information, including network protocols, destination IP address and target addresses, file uploads, etc...

Cryptography

• Hash: Hash encryption generates a unique hashcode for each piece of data. It is often used to check file integrity by comparing the hash value of the package being installed and the original package to prevent potential modifications from unauthorized parties. Given a hashed value, to try to get the original value, we can use wordlist and word maps and try all different combinations to get their hashcode and comparing to the given hashed value. This is called bruteforce attacking/guess and checking.

• RSA Encryption: Asymmetric encryption that involves the encrypted message (C), the original message (M), public key (e, n), and private key (d, n). Where d and e are prime of the product n.

  • Mathematical relationships are:

    • Encryption C ≡ Mᵉ (mod n)
    • Decryption M ≡ Cᵈ (mod n)

    Note

    ≡ indicates congruence, where under the context of A ≡ B (mod n), it means A and B have the same remainder when divided by n.

    Example Use of RSA

    Key Generation (Creating the Padlock and Key)

    This is the most complex part, done once by the receiver (let's call her Alice).

    • Choose Two Prime Numbers: Alice picks two large, random, and distinct prime numbers, p and q.
      • Example (using small, manageable numbers): p = 3, q = 11
    • Calculate the Modulus (n): Multiply p and q to get n. This number will be part of both the public and private keys.
      • n = p * q = 3 * 11 = 33
      • n is the "padlock" itself. Its length in bits (e.g., 2048, 4096) is what we refer to as the "key size" and determines the security.
    • Calculate Euler's Totient (φ(n)): This is φ(n) = (p-1) * (q-1). It's the number of integers less than n that are relatively prime to n (i.e., share no common factors with n).
      • φ(n) = (3-1) * (11-1) = 2 * 10 = 20
    • Choose the Public Exponent (e): Alice picks a number e that must be:
      • Less than φ(n) (which is 20).
      • A coprime with φ(n) (meaning they share no common factors other than 1).
      • Example: e = 7 (7 and 20 share no common factors).

      The pair (e, n) is the Public Key. Alice can broadcast this to the world. In our example, the public key is (7, 33).

    • Calculate the Private Exponent (d): This is the magic step. Alice calculates d, which is the modular multiplicative inverse of e mod φ(n). In simpler terms, d is the number that satisfies this equation:
      • (d * e) mod φ(n) = 1
      • (d * 7) mod 20 = 1
      • After calculating, d = 3 (because 3 * 7 = 21, and 21 mod 20 = 1).

      Info

      The pair (d, n) is the Private Key. Alice must guard this with her life. In our example, the private key is (3, 33).

    Encryption (Locking the Message)

    Now, someone else (Bob) wants to send Alice a secret message. The message must be a number M less than n. (In real life, text is converted into a large number).

    • Bob gets Alice's Public Key: (e, n) = (7, 33).
    • He has his message, which is a number M. Let's say M = 4 (for example, representing the letter 'D').
    • He encrypts it using the encryption formula to get the ciphertext C: -C = M^e mod n
      • C = 4^7 mod 33
        • Let's calculate: 4^7 = 16,384
        • 16,384 / 33 = 496.606... -> 33 * 496 = 16,368
        • 16,384 - 16,368 = 16
        • So, C = 16
    • Bob sends the ciphertext C = 16 to Alice.

    Decryption (Unlocking the Message)

    Info

    Alice receives the ciphertext C = 16. She uses her Private Key: (d, n) = (3, 33).

    • She decrypts it using the decryption formula to recover the original message M:
      • M = C^d mod n
      • M = 16^3 mod 33
        • Let's calculate: 16^3 = 4,096
        • 4,096 / 33 = 124.121... -> 33 * 124 = 4,092 - 4,096 - 4,092 = 4
      • So, M = 4
    • Alice has successfully decrypted the secret message 4 that Bob sent.

Tools

Hack-cracking

• hashcat: GPU-accelerated tool for hash-cracking such as SHA1, SHA2-256, MD5, bcrypt.

  hashcat -m (hashtype: 0 = MD5, 100 = SHA1, 1400 = SHA2-256, 3200 = bcrypt) -a 0 (hashed text) (wordlist path)

Contributors

Lunear01aier9500

Changelog

1/26/26, 1:35 AM

View All Changelog

• 90502-Added more information and reformatted using details moduleon 1/26/26
• 35118-Grammar and Spell Checks for the entire Webon 12/11/25
• 5810a-Cleaner way of displaying contributors in articles.on 12/9/25
• d5554-Fix typos and enhance clarity in CTF second brain guideon 11/11/25
• 4fc42-Update author name in CTF guideon 11/11/25
• 26c5a-Restructuring tags.on 11/10/25
• aa7ed-CTF page Updateon 10/18/25
• 4d57f-CTF guide updatedon 10/18/25
• 0547e-updated ctf pageon 10/17/25
• c30bc-New ctf pageon 10/17/25