NahamCon CTF 2020: Beginner’s Guide
The NahamCon CTF is a virtual jeopardy-style CTF that occurs during the conference. The 2020 NahamCon, which was held in June of this year, had a good variety of well-written challenges, each with an easy-to-follow path to help along the way.
In this blog series, I’m going to share my experiences from both NahamCon in part 1 and CSI CTF in part 2.
Getting your first flag
For the first challenge, I’ll share an easy one to give you an example. Usually CTFs have an easier challenge for you to solve at first so you can see how everything works and get at least one flag.
Read the Rules Challenge
All flags will typically be in the same format. For NahamConCTF, the format is flag{text} where “text” is the flag.
This challenge is called “Read the Rules” and gives you a link to the rules. You should always read the rules before a CTF–you don’t want to accidentally break them and become disqualified. If brute forcing is not allowed, for example, you want to be aware of this before you use that method as a strategy.
If we look at the source of the rules page, we can find the flag by searching for “flag{“:
The flag is “flag{we_hope_you_enjoy_the_game}”. Also, when you see these challenges that are meant to be an introduction to the CTF, it’s good to avoid overthinking them.
Easy Keesy Challenge
Another challenge I completed during this CTF was Easy Keesy. This challenge gave us a KeePass file.
KeePass is a password manager that stores passwords for as many accounts as you need in order for you to have complex and different passwords without having to remember every single one. The KeePass file is password protected, so we can’t open it.
John the Ripper is a password cracker that runs through a provided wordlist and tries each word as a password until it is successful. Kali Linux comes with wordlists and you will find them under /usr/share/wordlists. The one we will be using is rockyou.txt, which you can download if you do not have Kali.
The first step is to use keepass2john–which comes with John the Ripper–to extract the hash that will be cracked by John to provide the password. I recommend taking the output of keepass2john and putting it into a text file.
Then, use John with the rockyou.txt wordlist to crack the hash.
Most CTFs–at least the beginner to intermediate ones–will use easy passwords in cracking challenges. This means widely used password wordlists or the ones that come with Kali Linux can be used. The intent of the challenge is mostly to see if you know what to do, but not necessarily make it so difficult that you have to go out of your way too much. This isn’t always the case, but most of the time CTFs will make sure to level the field as much as possible.
Conclusion
Overall, NahamCon put together a great CTF. Hopefully, this walkthrough provided beginner CTF participants with a solid snapshot of how things go during the different challenges so you’ll have a head start in future events.
Stay tuned for part 2!
About Hurricane Labs
Hurricane Labs is a dynamic Managed Services Provider that unlocks the potential of Splunk and security for diverse enterprises across the United States. With a dedicated, Splunk-focused team and an emphasis on humanity and collaboration, we provide the skills, resources, and results to help make our customers’ lives easier.
For more information, visit www.hurricanelabs.com and follow us on Twitter @hurricanelabs.
