How to download the RCS CTF event platform?

Welcome to RCS CTF? Ready to get hacking? Follow the steps below to download the RCS CTF event platform and get started with the challenges.

• Open your web browser and navigate to the link: http://100.64.0.11:5173

How to connect to Tailscale and access the challenges?

1. After signing in or signing up, visit https://tailscale.com/download to download Tailscale for your specific OS.

2. Install Tailscale by following the installation instructions provided on the Tailscale website for your OS.

3. Open your command line interface (CLI) or terminal on your computer.

4. Check if Tailscale is installed successfully by typing the following command and pressing Enter:

   1

   tailscale

5. If the installation is successful, proceed to connect to Tailscale using the following command:

   1	tailscale up --login-server http://3.111.220.12/ --authkey c37caddfa0e7cc2a3c0c0971b5777631df3fadce197586c6

   Replace http://3.111.220.12/ with the actual login server address and c37caddfa0e7cc2a3c0c0971b5777631df3fadce197586c6 with your authentic key.

6. If the connection is successful, you will be able to interact with the challenges on eectf. Verify the connection by attempting to access the specified challenges.

7. If you encounter any problems during the process, please contact your nearby coordinator for assistance.

8. Congratulations! You are now ready to participate in the challenges. Happy hacking!

For MAC users only

1. Open Security & Privacy:

2. In the System Preferences window, click on “Security & Privacy.”
   Unlock to Make Changes:

3. If the padlock icon in the bottom-left corner is locked, click on it and enter your administrator password to unlock it.
   Allow the App to Open:

4. In the “General” tab of the Security & Privacy preferences, you will see information about the blocked application.

5. Click on the “Open Anyway” button next to the message about the blocked application.

6. A new dialog will appear, asking if you’re sure you want to open the application. Click “Open.”
   Confirm Opening:

7. If prompted again, confirm that you want to open the application.
   Open the Application:

The application should now open without any issues.

Join us for the much-anticipated Capture the Flag (CTF) event, Republic of Cyber Sentinels (RCSCTF24), meticulously organized by EncryptEdge. Set in the vibrant atmosphere of the LPU Campus, this offline event is scheduled for the 26th and 27th of January 2024.

Registrations are now live!

Event Details

• Event Name: Republic of Cyber Sentinels
• CTF Name: RCSCTF24
• Duration: 26th January - 27th January 2024 (24 hours)
• Event Type: Offline
• Organizing Team: EncryptEdge
• Location: LPU Campus
• Team Size: Max 4 members

Invitations

Students from universities all around India and working professionals are cordially invited to participate in this dynamic event.

Event Passes

• Campus Student Pass: ₹250 INR
• Standard Pass: ₹350 INR
• Standard Pass: ₹500 INR

Event Highlights

• Dynamic Challenges: RCSCTF24 will feature multiple challenges, each rooted in real-life scenarios, offering a highly immersive and practical experience.
• 24-Hour Marathon: The event spans a full 24 hours, packed with continuous engagement and excitement.
• Food and Refreshments: Delicious food will be provided, keeping the energy high throughout the event.
• Interactive Sessions and Quizzes: Beyond the CTF, the event includes interactive sessions from speakers, quizzes, and other fun activities, ensuring a well-rounded and enriching experience.
• Networking Opportunities: Meet and connect with fellow cybersecurity enthusiasts and professionals.

Join us for the much-anticipated Capture the Flag (CTF) event, Republic of Cyber Sentinels (RCSCTF24), meticulously organized by EncryptEdge. Set in the vibrant atmosphere of the LPU Campus, this offline event is scheduled for the 26th and 27th of January 2024.

Registrations are now live!

Event Details

• Event Name: Republic of Cyber Sentinels
• CTF Name: RCSCTF24
• Duration: 26th January - 27th January 2024 (24 hours)
• Event Type: Offline
• Organizing Team: EncryptEdge
• Location: LPU Campus
• Team Size: Max 4 members

Invitations

Students from Universities all around India and LPU students are cordially invited to participate in this dynamic event.

Event Passes

• Campus Student Pass: ₹250 INR
• Standard Pass: ₹350 INR
• Standard Pass: ₹500 INR

Event Highlights

• Dynamic Challenges: RCSCTF24 will feature 5 challenges, each rooted in real-life scenarios, offering a highly immersive and practical experience.
• Geo-Tagging / Geocaching Challenge: Adding a unique twist, the event includes an exciting Geo-tagging / Geocaching type challenge, encouraging outdoor exploration and problem-solving.
• 24-Hour Marathon: The event spans a full 24 hours, packed with continuous engagement and excitement.
• Food and Refreshments: Delicious food will be provided, keeping the energy high throughout the event.
• Interactive Sessions and Quizzes: Beyond the CTF, the event includes interactive sessions from speakers, quizzes, and other fun activities, ensuring a well-rounded and enriching experience.
• Networking Opportunities: Meet and connect with fellow cybersecurity enthusiasts and professionals.

Common Wireless Hacking Strategies

To effectively protect your wireless network, it’s crucial to understand the common tactics employed by hackers:

• 1. War-driving: Hackers use wireless scanning tools to identify and locate vulnerable wireless networks within range.
• 2. Weak encryption: Hackers can easily penetrate networks using outdated or weak encryption protocols like WEP (Wired Equivalent Privacy) or WPA1.
• 3. Phishing attacks: Hackers create fake access points with similar names to legitimate ones, tricking users into revealing sensitive information.
• 4. Malware injection: Hackers compromise network devices or websites to inject malware, infecting connected devices with malicious software.
• 5. Man-in-the-middle (MITM) attacks: Hackers intercept data transmissions between devices, allowing them to eavesdrop or modify sensitive information.

In this blog we will focus on compromising

2.Weak encryptions

Requirements –

Kali-linux , Aircrack-ng, Network Adapter supporting monitor mode , target Network , Wordlists of password guess

• Step 1 - Pre attack preparation : So as you know Hacking without permission is illegal. So lets be anonymous before hacking into the network. As you know in LAN networks devices gets identified by its MAC address

MAC address stands for Media Access Control address. It is a unique identifier assigned to each network adapter or network interface card (NIC) by the manufacturer. MAC addresses are 48-bit hexadecimal numbers, typically represented in colon separated pairs (e.g., 00:0C:29:9A:1B:1D).
It is also known as Physical address we can not change the MAC address because it is physically attached with our NIC but using some methods or hack-tricks we can spoof the MAC . Here we will use ifconfig utility to spoof the MAC else we can try for automatic MAC changer software’s as well

Here I have used ifconfig ens33 down to stop the interface, then I used command ifconfig ens33 hw ether 00:11:22:33:44:55 which is spoofing my original MAC with Provided fake MAC in the command. Then simply used ifconfig ens33 up to again start the services.

Most Common Privilege Escalation Methods in Linux

Common Linux Privesc

1. Enumeration

• LinEnum : Simple Bash Script that performs common commands related to privilege escalation & enumertaes the user privileges

• LinPeas : LinPEAS is a script that search for possible paths to escalate privileges on Linux/Unix*/MacOS hosts. The checks are explained on book.hacktricks.xyz

• Script : You can find the script at LinuEnum and LinPeas

OR

• Raw

2. Abusing SUID/GUID Files

• SUID/GUID : These are files with special permissions. People allowed can execute these files as owner of the file

• Finding SUID Binaries : Simple find command can help you with that

For Bash:

hping3 is a versatile and powerful command-line utility that is primarily used for crafting and sending custom packets over a network.

To install this tool, run the below command according to you Linux distro:

For Debian/Ubuntu:

1

sudo apt-get install hping3

For Fedora:

1

sudo dnf install hping3

For Arch Linux:

1

sudo pacman -S hping3

This tool need root privilages, so run this tool as root or use sudo before the commands. Replace “target” with your target IP.

Basic Commands:

List all commands:

1

help

Displays a summary of activity:

1

dashboard

Exit recon-ng:

1

exit

Workspace Management:

List Workspaces:

1

workspaces list

Create Workspaces:

Nmap (Network Mapper) is an open-source tool used for network discovery and security auditing. It’s a powerful and utility that helps users scan and map networks to find hosts, services, open ports, and more.

This is cheat sheet for nmap commands.

Penetration testing distros like Kali and Parrot os has nmap tool preinstalled. But if you are using any other linux distro, then run the below command according to the distro to install nmap:

For Debian/Ubuntu:

1

sudo apt-get install nmap

For Fedora:

1

sudo dnf install nmap

For Arch Linux:

1

sudo pacman -S nmap

Note: In all the below command “10.10.0.1” is used as target. Change it according to your target.