Of course, individuals who excel in CTFs often amass huge amount of experience and skills in their knowledge base. To gain knowledge and skills, you might be interested to practice in one of these websites:
Picoctf.org is one of the most common platforms for beginners to practice their skills. All of their challenges operate on a Capture-The-Flag (CTF) mode which is the common form of cybersecurity competitions. The goal is to find the flag, often in the format of “picoctf{flag}”.
TryHackMe is also another website that allows you to practice with their challenges. They include a browser-based Kali machine especially for users who do not want to install new software. TryHackMe also provides guides for beginners to develop their skills as well.
Most of the guides are crafted such that they are ‘walkthroughs’, guiding users through the challenges. Once you are more familiar, you may wish to try out more challenging rooms which have less guidance.
This guide will focus on the "Glory of the Garden" challenge on PicoCTF. Let's read the description:
This garden contains more than it seems.
For many image forensics challenges, the first few steps we take are to check the image’s metadata, hex data and whether stenography has been done on the file. As for this challenge, we suspect that the flag could be hidden in the hex data of the file.
<aside> 🚩 Try solving this challenge on your own before proceeding.
</aside>
Each file is made up of binary data. We can use a program called strings **to dump all the text strings embedded in the binary file.
Using the strings command on the file will allow the flag to be found from the data as such: strings <filename>. To know more about strings, simply type man strings.
<aside> ❓ Try to only obtain strings which have more than 6 characters in length.
</aside>
For a more in-depth explanation, you can also refer to this video.
