CTF challenges require a wide range of tools, and many categories involve challenges that are typically created for a Linux environment. While some challenges can be solved by installing tools directly onto your non-Linux host, some challenges and tools will only run on Linux. We have created this guide to walk you through setting up a Linux environment that you can use for CTF.
This takes the form of 3 different options:
Depending on whether you have a Windows or Mac machines, your options differ. MacOS has the same roots as Linux, so most tooling will work on it natively without a need for a virtual machine.
This may be your first time using the Linux operating system. Many things are very similar to Windows & MacOS - there's files, programs, web browsing. Most things are pretty much the same, just implemented in a different way. What is new is the command-line terminal. Instead of using graphical applications, many Linux programs (and the security tools we will use) will run in a text-based terminal interface, which can take a little getting used to. We have a "Linux tips" section at the bottom of this document to get you started!
If you encounter any issues or something isn't clear, please let us know. Thanks!
For Windows, there are two options if you want to access a Linux environment locally. We recommend WSL, as it is easier to setup and the performance is significantly better.
For the vast majority of challenges, you don't need a separate, isolated (and generally speaking, slow) virtual machine (VM). Instead, you can use Windows Subsystem for Linux - wsl! This is an alternate to a traditional VM that gives you the full Linux command line experience integrated with Windows. Nowadays, it supports most graphical applications, and has increased performance over traditional VM's (boots in seconds, less latency on mouse movements and typing).
WSL is also a great environment in which to do your programming assignments! Instead of ssh'ing into flip or OS2 servers (which sometimes have downtime), you can use Linux on your host computer!
Additionally, WSL is integrated with your filesystem, so you can access your Windows files from within your Linux instance. This means it is not to be treated as a sandbox to run malicious software, so keep that in mind!
You can also create a virtual machine running Linux, although we only recommend this if you will be playing around with malware. A virtual machine can be treated as a sandbox, a machine within your machine, where you can run and observe software.
Virtual machine setup guide here: virtual machineThe programs that we will run and reverse engineer run on Intel's architecture - x86. Note that when virtualizing, the virtual machine must have the same architecture as the host machine. This is why this option is only available to Windows - which are predominantly Intel architecture - and won't work on newer Apple Silicon Macs. Although you can setup a virtual machine on these Macs, they won't be able to run the programs that were made to run on x86-based machines.
If you are looking for our CTF tool installation script: osusec.gitlab.io/ctfleague/setup
The script will install and update various tools. primarily using the apt package manager. It does not delete anything. Additionally, it can be run multiple times in case it's stopped halfway through. You can use the following one-liner to use the installer:
curl -L osusec.gitlab.io/ctfleague/setup | bash
MacOS is Unix based, meaning it has roots in the same family of operating systems as Linux. For you, that means two things:
This means that a lot of Linux tooling used in CTF will exist on MacOS.
However, Apple recently changed the underlying hardware of their Macs - they used to use Intel chips, and now they use Apple Silicon. This had the major repercussion of changing the binary architecture that Macs run - from Intel's x86 to the Arm architecture. This is an issue most relevant to Mac, as most Windows machines are still x86. This is an implementation detail that you don't need to worry about until you start getting into binary exploitation and reverse engineering in CTF.
In binary exploitation and reverse engineering, you will most commonly (>99% of cases) encounter x86 binaries - programs that were compiled for Intel's architecture. Apple Silicon does not understand this architecture, and cannot run these programs. To run and debug these binaries, you will need an x86 machine.
We have tested using Mac hypervisors such as UTM to emulate x86 on Arm and we found that the performance is prohibitively slow.
To solve this problem, we have set up an remote x86-based Linux server that you can connect to! It comes installed with all of our tooling - just connect and hack away!
Nowadays, using a remote computer to do this sort of work is very common. Because you will be spending time in the terminal when using Linux, whether you are doing it on your own machine or remotely often doesn't make a big difference. Additionally, there is an awesome VSCode feature which allows you to edit files on the server as if they were on your own computer, as well as drag-and-drop files between them.
This may be your first time using Linux - welcome! Awesomeness awaits. In the Linux world, a lot of time is spent in the command-line terminal. There are a bunch of new things to learn, and we also recommend Googling the basics and exploring on your own.
The command-line is used to run commands. In an Ubuntu virtual machine, use the key combination Ctrl+Alt+T to open the terminal. Now, as you type letters on your keyboard, they appear in the terminal.
Generally speaking, commands take the following form: command argument1 argument2 ... argumentN. The first word is always the name of the command, which specifies the file or script that is run. All subsequent words (broken up by spaces) are options that you pass to the program. Press enter to run the command.
Much like a graphical file explorer, the command-line shell has a concept of files and folders. Run the command ls to view the files in your current directory. This is analogous to looking at all the contents of a folder in a File Explorer. By default, the terminal always opens to your home directory - this is where most of your files will go. You can type pwd to print the path to your current directory.
You can move between folders using the cd command. cd FOLDER will move you to the directory you specified by name - this is like double clicking a folder. You can run cd .. (two dots) to move you back up one level of the filesystem tree.
Here is a (extremely) brief overview of some basics to get you started:
To copy text that you have selected in the terminal, use ctrl+shift+c (hold the shift key in addition to ctrl-c). Pasting also requires holding shift. This is because ctrl+c (without the shift) will (by default) cause the current program being run to quit.
ls - will list all the files and directories (folders) in your current directorycd FOLDER - will change your current directory to the named directory. cd .. will move you back up one level of the filesystem tree.pwd - will print the current directory you are in./binary - where binary is the name of a file in the current directory, this will execute it (if its executable). You'll use this to run the programs that a CTF challenge might provide.chmod +x ./binary - this will make a file executable - by default, when you download a file, it cannot be executed (for security) unless you run this command to set the executable bitwget URL - this will download the file from the server at the URL, is an easy way to download a file listed as part of a challenge (like wget chal.ctf-league.osusec.org/FILE_NAME_HERE)The shell has autocomplete - if you type the first couple letters of a command, then press the tab key, it will either autocomplete the command (if its unambiguous), otherwise if you spam the key a couple times it will show possible recommendations.
There are dozens of other common commands - if you ever forget one, Google it (or ask ChatGPT)!
Here are two videos that might help introduce you to Linux (you can skip the first couple minutes)!
VSCode is installed in the VM and works within WSL - to open it, you can type the code . command in the terminal. Note the . (dot) - this will open VSCode in the current directory. You can also specify the name of a file or directory, like code sol.py, or code name_of_file_or_directory.