├── binary
    └── binary.md
├── general
    └── general.md
├── web
    └── web.md
└── README.md


/binary/binary.md:
--------------------------------------------------------------------------------
1 | ## Strings
2 | 
3 | Run strings against the binary using a quality greplist file, such as those found in http://github.com/danielmiessler/SecLists, and evaluate the output for hits. You will often find extremely juicy content right there in the strings.
4 | 


--------------------------------------------------------------------------------
/general/general.md:
--------------------------------------------------------------------------------
 1 | ## Read the instructions extremely carefully 
 2 | 
 3 | - The instructions often have major clues in the wording of the task itself. Read it as if the answer is present in the text.
 4 | 
 5 | ## Look for clues on the page
 6 | 
 7 | - There are often clues in the content that is being displayed. Include pictures in your review for clues.
 8 | 
 9 | ## Check your tools
10 | 
11 | - If the challenge requires the use of tools, like grep, or some other utility or application, and the challenge depends on those translation steps working correctly, *make sure the tools are working properly*. Instead of changing your approach immediately, try the tool on another browser, another platform, etc.
12 | 


--------------------------------------------------------------------------------
/web/web.md:
--------------------------------------------------------------------------------
 1 | ## Solution in Source Code
 2 | 
 3 | Don't forget to review the source code of the page(s) you're looking at. The solution is often right in front of you--frequently in a comment.
 4 | 
 5 | ## Check Your POST Values 
 6 | 
 7 | Make sure you check your POST values (especially your cookies) to ensure there isn't trivial encoding being used to hide security-sensitive information, e.g. username=admin
 8 | 
 9 | ## Content Discovery
10 | 
11 | There is often juicy content hanging off the tree structure you're working within, e.g. /admin, etc. Make sure you using something like Dirbuster or Burp's Content Discovery under Engagement Tools.
12 | 
13 | ## Injection Flaws
14 | 
15 | Injection flaws in CTFs are often fairly straightforward. Have a basic list of injections handy for attacking key parameters.
16 | 
17 | ## Bypassing Authentication via SQLi
18 | 
19 | Don't forget to try bypassing authenticaiton altogher via a basic SQL Injection.
20 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | CTFSolutionTypes
2 | ================
3 | 
4 | This page will list abstracted Capture the Flag (CTF) solutions for the purpose of helping testers think creatively and quickly when either doing CTF challenges or real-world assessments. I will primarily be adding content from web-based challenges because that's where my expertise lies, but I will happily add content to the other types when I come across them or as I receive <a href="mailto:daniel@danielmiessler.com">submissions</a>.
5 | 
6 | The concept is simple: testers' minds sometimes go blank when staring at a CTF or a real-world challenge, and I thought it'd be helpful to provide a list of <em>types</em> of solution that are possible to prompt the creative juices. So the idea is that you'd get stuck in a particular challenge, review this list, and think, "Oh, damn, forgot to check that!". In short, most CTF solutions (and real-world vulnerabilities as well for that matter) fall into a depressingly small number of categories, and being able to quickly find vulns within them is potentially quite valuable.
7 | 


--------------------------------------------------------------------------------