Flaghammer: A tool for King of the Hill CTFs

go

(Full Snack Developer) #1

Hi all!

A friend was entering a CTF he suspected was “king of the hill” style, which would require him to set and maintain control over a flag file, so he requested some techniques or ideas from me. I gave him a couple of other ideas, but this tool was the one of the products of that discussion.

It’s small, it’s simple, and it’s fast. It watches a file you give it, writes the file if it doesn’t already exist, and enters a loop checking the contents of the file every round. If the contents have changed (compares bytes), it rewrites the file. Quickly.

I told him to compile it and stick it somewhere in the $PATH with the name that wouldn’t look suspicious and probably wouldn’t be used during the event (htop maybe?) so that someone running ps aux wouldn’t get tipped off so easily.

Let me know what you think in the comments.


(oaktree) #2

Infecting a running process would make it extra sneaky.


(Full Snack Developer) #3

This place is so awesome. I was like, “hey, let’s google how to do that” and the VERY FIRST LINK was an 0x00sec tutorial. You guys rock.

Edit (by oaktree):