Exploiting simple network services in CTF’s

Greg
3 min readSep 6, 2019

For those of you that enjoy CTF’s here are a few tips on how you can go about testing non HTTP network services.

There are plenty of different services out there to test with, and this is by no means an exhaustive tutorial, but gives you a few tips to get started testing non HTTP based services.

So how could we approach attacking these services?

In CTF challenges where you are given the binary it can make like alot easier as you can decompile the software to understand its structure and how the binary operates.

Initially you may start with:

  • running strings to identify readable text within the binary.
  • Extracting the binary (depending on its format) using tools such as objdump, NSA's Ghindra framework, OllyDbg etc.

Then use the insights you gain from debugging the code locally to understand how the software is operating.

Typically in the case of CTF’s these binaries won’t contain the flag you want to capture, but have the same program structure so that you can build a network based attack.

Once you have an initial understanding run the binary and debug with GDB. ExploitDB has a quick primer

  • Examine the behaviour with different inputs
  • Walk through the logical functionality of the program

--

--

Greg

Security addict, 17+ years in industry making systems more secure and finding those that aren’t