# CTF Tips And Tricks There are some things that I always use when doing anything before actually running the binary. This is called static analysis - analysing the binary or thing in question when it's not changing, or not running - being the same, or static. The very first thing that I like to do is see what "low hanging fruit" we have available, or what information we have available without much effort. ## Strings: I like to first check what strings are in the binary. to do that, we run or Just because we love radare2 and its family, we might as well get used to some of it's family members and their syntax. In the strings, we might find a flag, some username or passwords, anything that may help us investigate the binary further. ## File type: Next, we want to check what file type we're dealing with. We have two main file types that we find in CTFs: ``` ELF - Executable and Linkable format - a Linux executable PE - Portable Executable - a Windows executable ``` We can find out what type of executable it is by running: ``` $ file ./filename ``` or ``` $ rabin2 -I ./filename ``` rabin2 will return a lot more information about the binary than just it's file type (if it's little or big endian, has a canary, full or partial pic etc.). It's mainly used when doing pwn from the amount of information that we get from it, but it's still a nice tool to have. ## Trace program execution: Here, we're seeing what is happening with the program - we're now moving to dynamic analysis, as we're executing the binary and seeing what steps it's taking.\ To see a trace of the program, we can use either: ``` $ ltrace ./filename ``` or ``` $ strace ./filename ``` The difference between these two tools is that `strace` intercepts *system calls* made by the *glibc* and other *libraries directly into the kernel*. `ltrace` intercepts *library and system calls* made by the *application* to *C libraries such as glibc*. They do display similar outputs, but it's good to know what each tool does before diving straight into it. If we don't get anything from these, then we start to play around with the binary. We execute it, and see what prompt it asks us for. We can input any of these to see what output we get: * Characters: "A" * Strings: "Hello World" * Integers: 1 * Floating point numbers: 1.5 * Negative numbers: -1 * Boolean: True or False * Format strings: %x * Buffer overflow: (Provide more characters than the buffer can accept) * Hex: 0xdeadc0de * And some more may come to me later :) If none of those work, then I think that it's time to start using our tools. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://the-winrars.gitbook.io/references/reverse-engineering/ctf-tips-and-tricks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.