Capture The Flag - A Security Wargame

Capture The Flag Security Wargame

Capture The Flag is a security wargame with 6 challenges, embedded on an ultra-light Linux Live CD (Tiny Core Linux). This can help you to practice the process of identifying and exploiting common security problems.

How To Run Capture The Flag

First, download the latest Capture The Flag ISO image (download link is at the end of this article).

Then burn the ISO image on a CD and boot your computer from it. Or you can just use a virtualization software like the VirtualBox.

I recommend you to use a virtualization software, because it is more convenient.


Here is how to setup Capture The Flag using VirtualBox:

1. Download and install VirtualBox on your computer.

2. Run the VirtualBox application. You will see a window as shown below.

Oracle VM VirtualBox Manager Window Screenshot

3. Click on "New".

Name and operating system snapshot

4. Enter a name for the Virtual Machine, and select type "Linux", and then select version "Linux 2.6/3.x/4.x (32 bit)". Then click "Next".

Memory size window Snapshot

5. Select the amount of memory (RAM) for the Virtual Machine (The recommended memory size is 512 MB; minimum is 256MB). Then click "Next".

Hard disk window snapshot

6. Now, make sure that you have selected the "Create a virtual hard disk now" option, and then click on "Create".

Hard disk file type window snapshot

7. Select "VDI (VirtualBox Disk Image)", then click on the "Next" button.

Storage on physical hard disk snapshot

8. Select the "Dynamically allocated" option, and then click "Next".

File location and size window snapshot

9. Now type the name of the new virtual hard disk file into the box or click on the folder icon to select a different folder to create the file in. Then select the size of the virtual hard disk. Then click on the "Create" button.

Congratulations, you have successfully created a virtual machine.

VirtualBox Manager window snapshot

10. Now, select the Virtual Machine,  and then click on "Start".

Select start-up disk window snapshot

11. Click on the folder icon and then select the "Capture The Flag" ISO image. Then click on the "Start" button.

VM running Capture the Flag snapshot

12. Press the "Enter" key to start the system, or type fr, jp or hu and "Enter" to use French, Japanese or Hungarian keymap, respectively.

After the system has started, you will see the instructions to pass the first challenge:

Capture The Flag Snapshot

If you need, you can install additional software in the running system, it's totally OK and not cheating. Switch to the tc user with the su - tc command, and use the tce program -- TinyCore's package manager. It's easy, just follow the instructions.

The goal is to advance through the levels one by one, discovering the password to the next level at each step, until you reach "The Flag" (and celebrate):

Capture The Flag End Snapshot

Note: If you want to get root access in the live system, you can either do su - tc to become the admin user, or boot the system with the mc superuser boot option. This is no secret, and you won't learn anything this way.

That's all. I hope you enjoy the challenges. Happy hacking!


No comments

Powered by Blogger.