.::DEFCON 201 Online CTF Practice — PlaidCTF — April 17th-19th::.

April 18, 2020

Welcome to the DEFCON 201 Crypto CTF Practice Challenge!

For over two years we have been planing running our own Wargames and CTF to help people develop their hacking skills. While progress is still being made (we plan to launch our own in Winter 2020), DC201 will also occasionally enter into various online CTF Tournaments to test our skills and to get a sample on how one is set up so we have a blueprint in creating our own.

This Friday, from April 17th, 5:00 PM EST to April 19th, 5:00 PM EST, we invite all DEFCON 201 Members, Attendees and Fans to help us hack the PlaidCTF!

Website: https://plaidctf.com/

Meet-Up: https://www.meetup.com/DEFCON201/events/270087471/

Anyone can enter by joining our group and entering our DISCORD Chat! Once in chat, select the #CTF channel and follow the instructions. This is how you will obtain thd DC201 Team Username and Password Log-In. You are then ready to hack away!

========================================================== DEFCON 201 Discord Link: https://discord.gg/PGgPNEF

::CLIENT INTERFACES::

Clear Net: https://discordapp.com/channels/@me

Windows: https://discordapp.com/api/download?platform=win

macOS: https://discordapp.com/api/download?platform=osx

Linux: https://snapcraft.io/discord

iOS: https://itunes.apple.com/us/app/discord-chat-for-games/id985746746

Android: https://play.google.com/store/apps/details?id=com.discord (We recommend using YALP)

::::Join The DEFCON 201 CTF Time Group: https://ctftime.org/team/40304 ==========================================================

::Recommended Tools::

NMAP : Nmap is a free tool for network discovery and security auditing. It can be used for host discover, open ports, running services, OS details, etc. Nmap send specially crafted packet and analyzes the response. Download NMAP: https://nmap.org/

Wireshark : Wireshark is a free open source network protocol and packet analyzer. It allows us to monitor the entire network traffic by putting network interface into promiscuous mode. Download Wireshark: https://www.wireshark.org/download.html

PuTTY : PuTTY is a free and open source SSH and telnet client. It is used for remote access to another computer. Download Putty: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

SQLmap : SQLmap is a free and open source tool mainly used for detecting and exploiting SQL injection issues in the application. It has options for hacking the vulnerable database as well. SQLmap can be downloaded from http://sqlmap.org/

Metasploit Framework : Metasploit is a popular hacking and pentesting framework. It is developed by Rapid7 and used by every pentester and ethical hacker. It is used to execute exploit code against vulnerable target machine. Metasploit Download: http://www.metasploit.com/

Burp Suite : Burp Suite is an integrated platform for performing security testing of web applications. It has multiple tools integrate in it. Two main tools in free version are Spider and Intruder. Spider is used to crawl the pages of the application and Intruder is used to perform automated attacks on the web application. Burp Has professional version in which there is a additional tool present called Burp Scanner to scan the applications for the vulnerabilities. Download Burp Suite:

OWASP Zed Attack Proxy : OWASP zap is one of the OWASP project. It is a penetration testing tool for web applications having similar features of Burp Suite. It has automated scanner to discover the vulnerabilities in application. Additional feature include spider for Ajax based application. OWASP zap can be used as a intercepting proxy also. OWASP zap Download: http://portswigger.net/burp/

Nessus : Nessus is a Vulnerability, configuration, and compliance assessment tool. It has free and paid version. Free version is for personal use. It uses the plugins for scanning. Simply feed the IP address of the target machine and run the scan. There is an option to download the detailed report as well. Nessus can be downloaded from http://www.tenable.com/products/nessus

Nikto : Nikto is a open source Web server vulnerability scanner. It detects the outdated installation of software and configuration, potentially dangerous files/CGIs, etc. It has a feature of report creation as well. Nikto can be downloaded from http://www.cirt.net/nikto2

John the Ripper : It is a password cracking pen testing tool and commonly used to perform dictionary based brute force attack. John the Ripper can be downloaded from http://www.openwall.com/john/

Hydra : Another password cracker similar to John the Ripper. Hydra is a fast network logon cracker. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Hydra can be downloaded from https://www.thc.org/thc-hydra/

w3af : w3af is a Web Application Attack and Audit Framework.Some of its features include fast HTTP requests, integration of web and proxy servers into the code, injecting payloads into various kinds of HTTP requests, etc. It has a command-line interface and works on Linux, Apple Mac OS X, and Microsoft Windows. All versions are free of charge to download. w3af can be downloaded from http://www.wtcs.org/snmp4tpc/getif.htm

bettercap : A powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution for hacking WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks. It includes powerful network sniffer for credentials harvesting which can also be used as a network protocol fuzzer coupled with a very fast port scanner and an easy to use web user interface. bettercap can be downloaded from https://www.bettercap.org/

==========================================================

Happy Hacking!

::END OF LINE::