Skip to content
CTF

CTF Methodology Guide

Systematic approach to solving CTF challenges

General Approach

1. Read the Challenge

TEXT 
- Note the category (Web, Crypto, Forensics, Pwn, Rev, Misc)
- Check points (often indicates difficulty)
- Look for hints in description
- Download all provided files

2. Initial Reconnaissance

BASH 
# For any file
file challenge_file
strings challenge_file | head -50
xxd challenge_file | head -20

# Check file size and timestamps
ls -la challenge_file

3. Document Everything

TEXT 
- Keep notes of what you tried
- Save intermediate outputs
- Screenshot interesting findings
- Note dead ends (saves time if revisiting)

Category-Specific Approaches

Web Challenges

TEXT 
1. View source (Ctrl+U)
2. Check /robots.txt, /sitemap.xml
3. Inspect cookies and local storage
4. Check HTTP headers (curl -I)
5. Try common paths (/admin, /flag, /.git)
6. Look for input fields to test
7. Check JavaScript files
8. Test for IDOR, SQLi, XSS, SSTI

Forensics

TEXT 
1. Identify file type (file, binwalk)
2. Check metadata (exiftool)
3. Extract strings
4. Look for embedded files (binwalk -e)
5. Check for steganography
6. Carve files (foremost, scalpel)
7. Memory analysis (volatility)

Cryptography

TEXT 
1. Identify cipher type
2. Check for classical ciphers first
3. Look for patterns (repeated chars, frequencies)
4. Try common encodings (Base64, hex, ROT)
5. Check key length (Kasiski, Friedman)
6. Use online tools (KeySec, dcode.fr)

Reverse Engineering

TEXT 
1. Identify architecture (file)
2. Check strings for clues
3. Run with ltrace/strace
4. Static analysis (Ghidra, IDA)
5. Find main function
6. Identify key comparisons
7. Dynamic analysis (GDB, x64dbg)

Pwn (Binary Exploitation)

TEXT 
1. Check security (checksec)
2. Find vulnerability (buffer overflow, format string)
3. Calculate offsets
4. Find useful gadgets (ROPgadget)
5. Build exploit
6. Test locally, then remote

Time Management

TEXT 
- Don't spend too long on one challenge
- If stuck > 30 min, move to another
- Return with fresh perspective
- Check if hints released
- Collaborate with team

Common Flag Locations

TEXT 
# Files
./flag.txt, ./flag, ../flag
/flag, /home/*/flag.txt
/etc/flag, /root/flag.txt

# Environment
printenv | grep -i flag
echo $FLAG

# Databases
SELECT * FROM flags;
SELECT * FROM secrets;

# Response headers/cookies
Check all HTTP responses

Essential Tools

Category Tools
Web Burp Suite, Browser DevTools
Forensics binwalk, exiftool, Autopsy
Crypto KeySec, RsaCtfTool, hashcat
Reversing Ghidra, GDB, radare2
Pwn pwntools, ROPgadget, checksec
Stego steghide, zsteg, stegsolve

Useful Resources

TEXT 
CTFtime.org - Upcoming CTFs
picoCTF - Practice CTFs
HackTheBox - CTF-style challenges
TryHackMe - Guided learning
OverTheWire - Wargames
Back to Cheatsheets
On this page