Capture the flag

Capture the flag (CTF) is a kind of game or exercise in which systems are deliberately made vulnerable to exploitation or reverse engineering so that players can steal flags (e.g. secret messages) from them. Although CTFs are often done competitively, they are also done purely for practice. In this assignment, you will each be given a unique set of programs with solutions unique to you, so there will not be any competition. You will be free to discuss techniques in the discussion board and in class, but nobody's solutions will work for anybody else.

Begin by logging into the Chemeketa CTF site. This site is experimental, developed by colleagues at PSU as part of the statewide effort to agree on the goals of CS205. The vulnerable programs are named based on chapter numbers from their textbook, but you can ignore that; there is no reference to any particular text needed to solve the challenges. Your username is the same as your username in elearn. Your password is initially the same as your username.

The CTF site doesn't allow users to change their own passwords, and your default password is published here, which means logging in is more of a means of identity than it is security. It is a violation of academic integrity to log in as another user. If you would like me to set your password to something else, come to office hours and I will set it to whatever you want.

Once you are logged in, download the ‘Ch1-2’ set, which will come as a zip file. Unzip it in any x86_64 Linux environment, such as the CS Student Server. To get instructions, simply run each program, which will explain what its challenge is and prompt you to enter the secret. When you've figured it out, the program will print ‘good job’. Then enter the secret into the CTF site to get credit. There is nothing to submit to elearn.

This week, solve the following levels.

  • Ch1_Ltrace
  • Ch1_Readelf

If you're looking for ways to go beyond this assignment, you might try working ahead, or experimenting with multiple ways of solving these programs and writing up your process. I would appreciate any feedback you have about how using this CTF site works for you or how the CTFs themselves go. And, of course, use the discussion board liberally to talk about strategy!