I'm starting to find CTFs very repetitive. Anyone feeling the same?
#1
I've mainly dealt with tryhackme, picoCTF and hackthebox CTFs.

And they usually follow the following format:

1. Scan the box with nmap on all ports
2. Find OS and services running on those ports
3. If there is a webapp, most of the time, the solution lays on playing around with the local storage for a while (if you haven't found anything else with OWASP first of course)
4. If there isn't a webapp, there will be old services (outdated SMBs etc..) which you'll have to look into all of them in google to find an exploit. If you do, hooray, you've got a basic shell. If you don't, it's probably going to be password bruteforcing with the rockyou.txt passwordlist.
5. Once you have a basic shell, make it a stable shell with whatever method you find preferable.
6. Privilege escalation. Most commonly done with sudo -l and finding a suitable exploit with whatever permissions have been misset. If not, use LinPEAS and if still nothing, dig around for some info such as a private ssh key or a super coincidentally convenient .txt file containing the password for root.
7. Get the flag.

I'm pretty new to CTFs, only been doing them a year or so, but I find them awfully repetitive and most of the time boring. Idk if it's the sites I've been using but Im kinda burnt out. I really used to like them because I was learning new stuff but now it seems like a constant grind of google searches.

Please if you do have any suggestions leave them below. I don't want to abandon the beautiful world that I thought CTFs were.
Reply


Messages In This Thread
I'm starting to find CTFs very repetitive. Anyone feeling the same? - by GreenHorse - 07-14-2021, 05:00 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
  How did you find GreySec? Insider 24 49,526 11-23-2021, 07:03 PM
Last Post: Agonal
  does anyone have any study groups for web hacking that focus on web hacking? QMark 0 1,113 11-07-2021, 04:09 AM
Last Post: QMark
  Does anyone know about greymarket for 0_day exploit ? setekh 1 5,119 08-10-2021, 07:14 PM
Last Post: Vector
  announcement: I am starting impromptu speech!!! QMark 4 12,976 07-20-2021, 02:32 PM
Last Post: Vector