DCG 201 Online CTF — JerseyCTF II — April 9th-10th

Welcome to the JerseyCTF II!

For over three years we have been planing running our own Wargames and CTF to help people develop their hacking skills. While progress is still being made (we plan to launch our own in Fall 2022), DCG 201 will also occasionally enter into various online CTF Tournaments to test our skills and to get a sample on how one is set up so we have a blueprint in creating our own.

On Saturday, April 9th, 12:00 NOON EST to Sunday, October 10th, 12:00 NOON EST, we invite all DCG 201 Members, Attendees and Fans to help us hack the wonderfully named JerseyCTF II!

Website: https://www.jerseyctf.site/

CTF Time: https://ctftime.org/event/1590

Discord (For Talks): https://discord.com/invite/2HmTZt5k

Meet-Up: https://www.meetup.com/DEFCON201/events/285157585/

Anyone can enter by joining our group and entering our DISCORD Chat! Once in chat, select the #CTF channel and follow the instructions. This is how you will obtain the DC201 Team Username and Password Log-In. You are then ready to hack away! (Alternatively, we will message all Meet-Up Attendees the day & start time of the event!)

DEFCON 201 Discord Link: https://discord.gg/PGgPNEF

CLIENT INTERFACES

Clear Net: https://discordapp.com/channels/@me

Windows: https://discordapp.com/api/download?platform=win

macOS: https://discordapp.com/api/download?platform=osx

Linux: https://snapcraft.io/discord

iOS: https://itunes.apple.com/us/app/discord-chat-for-games/id985746746

Android: https://play.google.com/store/apps/details?id=com.discord (We recommend using Auroa Store)

Join The DEFCON 201 CTF Time Group: https://ctftime.org/team/40304

JerseyCTF is a beginner-friendly Capture the Flag competition that aims to inspire interest in cybersecurity.

Hosted by the NJIT ACM organization and NJIT SCI program, it is geared towards students, beginners, and professionals alike.

JerseyCTF provides participants with jeopardy-style questions in categories including cryptography, forensics, binary exploitation/reversing, open-source intelligence, and web exploitation.

JerseyCTF features a track parallel to the CTF competition, consisting of presentations and panels with renowned speakers from industry and government.

FAQ:

Who can sign up to compete?

Students, beginners, and professionals are all welcome to compete as long as they are over the age of 18.

What do I need to compete?

All you need is an Internet-connected device in order to compete. It is completely optional if you want to use ethical hacking/penetration testing Linux distributions like Kali or Parrot OS, but these may help you since there are many pre-installed tools. These distributions are open-source and can be deployed in VMware, VirtualBox, or any other virtualization software.

Will there be prizes?

Yes! There are 2 leaderboard divisions: Student and Open. Prizes will be awarded in both divisions for top scoring teams and participants residing in the United States will receive a complimentary JerseyCTF t-shirt.

How big is JerseyCTF?

JerseyCTF had over 600 registrations in 2021, the first year of the competition. We are looking forward to welcoming more registrants and participants in 2022!

Do I have to pay to compete in JerseyCTF?

Nope, there’s no fee to sign up or to attend!

Do I have to register as a team?

No! You’re welcome to register with your friends and compete with a team of up to 4 people, but you can also register by yourself or find a team in the Discord server.

You guys haven’t answered my question!

Feel free to email us any additional questions and concerns at jerseyctf@njit.edu

Recommended OS Platforms:

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing that incorporates more than 300 penetration testing and security auditing pre-installed. Kali Linux is distributed in 32-bit and 64-bit images for use on hosts based on the x86 instruction set and as an image for the ARM architecture for use on the Asus Chromebook Flip C100P, BeagleBone Black, HP Chromebook, CubieBoard 2, CuBox, CuBox-i, Raspberry Pi, EfikaMX, Odroid U2, Odroid XU, Odroid XU3, Samsung Chromebook, Utilite Pro, Galaxy Note 10.1, and SS808. It also has versions for Virtual Machines, AWS Cloud, Containers and more.

Kali Linux is also available on Windows 10, on top of Windows Subsystem for Linux (WSL). The official Kali distribution for Windows can be downloaded from the Microsoft Store:

For select Android Phones, you can run a derivative called Kali NetHunter. It includes a dedicated NetHunter App with a full Kali Linux toolset providing a touch screen optimized GUI for common attack categories, a custom kernel that supports 802.11 wireless injection with Software Defined Radio support and preconfigured connect back VPN services:

Parrot OS is a GNU/Linux distribution based on Debian’s testing branch (Bullseye) and a Linux 5.4 kernel with a focus on security, privacy, and development. It provides a suite of penetration testing tools to be used for attack mitigation, security research, forensics, and vulnerability assessment. The OS is certified to run on devices which have a minimum of 256MB of RAM and it is suitable for both 32-bit (i386) and 64-bit (amd64) processor architectures. In addition, the project is available for ARMv7 (armhf) architectures available for Raspberry Pi devices. The desktop environments are MATE and KDE.

You have two options for Fedora. First is Fedora Security Lab which provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies in universities and other organizations. It comes with the clean and fast Xfce Desktop Environment and a customized menu that provides all the instruments needed to follow a proper test path for security testing or to rescue a broken system.

Network Security Toolkit (NST) is a bootable live CD based on the Fedora distribution. The toolkit was designed to provide easy access to best-of-breed open source network security applications and should run on most x86 platforms. The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of open source network security tools.

Pentoo, based on Gentoo Linux, is a Live CD and Live USB designed for penetration testing and security assessment. Pentoo is provided both as 32 and 64 bit installable live CD. Pentoo is also available as an overlay for an existing Gentoo installation. It features packet injection patched wifi drivers, GPGPU cracking software, and lots of tools for penetration testing and security assessment. The Pentoo kernel includes grsecurity and PAX hardening and extra patches — with binaries compiled from a hardened toolchain with the latest nightly versions of some tools available. Tools are installed with versioned ebuilds and open-ended ebuilds, making it possible to pull in the latest subversions and still have installs tracked by package management.

BlackArch is an open-source distro and penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools, created specially for penetration testers and security researchers. The repository contains more than 2400 tools that can be installed individually or in groups. BlackArch Linux is compatible with existing Arch Linux installs.

PentestBox is an Open Source, Pre-Configured Portable Penetration Testing Environment for the Windows Operating System. It provides all the security tools as a software package and lets you run them natively on Windows. This effectively eliminates the requirement of virtual machines or dualboot environments on windows. All the dependencies required by tools are inside PentestBox, so you can even run PentestBox on freshly installed windows without any hassle. PentestBox is entirely portable, so now you can carry your own Penetration Testing Environment on a USB stick. It supports both 32-bit and 64-bit systems.

Apple iMac machines run a POSIX compliant UNIX variant, and the hardware is essentially the same as what you would find in a high-end PC. This means that most hacking tools run on the Mac operating system. A properly set up Apple machine can do quite a bit of heavy lifting.

SecBSD is a security pen-testing system for BSD users. SecBSD is an UNIX-like operating system focused on computer security OpenBSD-based. A BSD environment for security researchers, pen-testers, bug hunters & cybersecurity experts.

Recommended Tools:

  1. NMAP : Nmap is a free tool for network discovery and security auditing. It can be used for host discover, open ports, running services, OS details, etc. Nmap send specially crafted packet and analyzes the response. Download NMAP
  2. Wireshark : Wireshark is a free open source network protocol and packet analyzer. It allows us to monitor the entire network traffic by putting network interface into promiscuous mode. Download Wireshark
  3. PuTTY : PuTTY is a free and open source SSH and telnet client. It is used for remote access to another computer. Download Putty
  4. SQLmap : SQLmap is a free and open source tool mainly used for detecting and exploiting SQL injection issues in the application. It has options for hacking the vulnerable database as well. SQLmap can be downloaded from http://sqlmap.org/
  5. Metasploit Framework : Metasploit is a popular hacking and pentesting framework. It is developed by Rapid7 and used by every pentester and ethical hacker. It is used to execute exploit code against vulnerable target machine. Metasploit Download
  6. Burp Suite : Burp Suite is an integrated platform for performing security testing of web applications. It has multiple tools integrate in it. Two main tools in free version are Spider and Intruder. Spider is used to crawl the pages of the application and Intruder is used to perform automated attacks on the web application. Burp Has professional version in which there is a additional tool present called Burp Scanner to scan the applications for the vulnerabilities. Download Burp Suite
  7. OWASP Zed Attack Proxy : OWASP zap is one of the OWASP project. It is a penetration testing tool for web applications having similar features of Burp Suite. It has automated scanner to discover the vulnerabilities in application. Additional feature include spider for Ajax based application. OWASP zap can be used as a intercepting proxy also. OWASP zap Download
  8. Nessus : Nessus is a Vulnerability, configuration, and compliance assessment tool. It has free and paid version. Free version is for personal use. It uses the plugins for scanning. Simply feed the IP address of the target machine and run the scan. There is an option to download the detailed report as well. Nessus can be downloaded from http://www.tenable.com/products/nessus
  9. Nikto : Nikto is a open source Web server vulnerability scanner. It detects the outdated installation of software and configuration, potentially dangerous files/CGIs, etc. It has a feature of report creation as well. Nikto can be downloaded from http://www.cirt.net/nikto2
  10. John the Ripper : It is a password cracking pen testing tool and commonly used to perform dictionary based brute force attack. John the Ripper can be downloaded from http://www.openwall.com/john/
  11. Hydra : Another password cracker similar to John the Ripper. Hydra is a fast network logon cracker. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Hydra can be downloaded from https://www.thc.org/thc-hydra/
  12. w3af : w3af is a Web Application Attack and Audit Framework.Some of its features include fast HTTP requests, integration of web and proxy servers into the code, injecting payloads into various kinds of HTTP requests, etc. It has a command-line interface and works on Linux, Apple Mac OS X, and Microsoft Windows. All versions are free of charge to download. w3af can be downloaded from http://www.wtcs.org/snmp4tpc/getif.htm
  13. bettercap: A powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution for hacking WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks. It includes powerful network sniffer for credentials harvesting which can also be used as a network protocol fuzzer coupled with a very fast port scanner and an easy to use web user interface. bettercap can be downloaded from https://www.bettercap.org/

Top 125 Network Security Tools

Happy Hacking!

::END OF LINE::

--

--

--

North East New Jersey DEFCON Group Chapter. Dirty Jersey Represent! We meet at Sub Culture once a month to hack on technology projects! www.defcon201.org

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

The right to our identity

bountyblokbp on WAX — JULY 2021 UPDATE

Top 3 best home security and surveillance cameras in 2022 — techipii

Can a Secure Wi-Fi Network Protect Smart Home Devices From Getting Hacked?

NFT risks?

Biometric Identity Management System — Granting Right Access to Right People

Dina: 1.0 Vulnhub Walkthrough

Polo File Manager v18.8 BETA

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
DCG 201

DCG 201

North East New Jersey DEFCON Group Chapter. Dirty Jersey Represent! We meet at Sub Culture once a month to hack on technology projects! www.defcon201.org

Rusty Walkthrough — PWNX

Cybersecurity Cockpit — A Pilot View

Blue Walkthrough — THM

Hacker101 CTF: Micro-CMS v1