Capture The Flag is a security wargame with 6 challenges, embedded on an ultra-light Linux Live CD (Tiny Core Linux). This can help you to practice the process of identifying and exploiting common security problems.

How To Run Capture The Flag

First, download the latest Capture The Flag ISO image (download link is at the end of this article).

Then burn the ISO image on a CD and boot your computer from it. Or you can just use a virtualization software like the VirtualBox.

I recommend you to use a virtualization software, because it is more convenient.


Here is how to setup Capture The Flag using VirtualBox:

1. Download and install VirtualBox on your computer.

2. Run the VirtualBox application. You will see a window as shown below.


3. Click on "New".


4. Enter a name for the Virtual Machine, and select type "Linux", and then select version "Linux 2.6/3.x/4.x (32 bit)". Then click "Next".


5. Select the amount of memory (RAM) for the Virtual Machine (The recommended memory size is 512 MB; minimum is 256MB). Then click "Next".


6. Now, make sure that you have selected the "Create a virtual hard disk now" option, and then click on "Create".


7. Select "VDI (VirtualBox Disk Image)", then click on the "Next" button.


8. Select the "Dynamically allocated" option, and then click "Next".


9. Now type the name of the new virtual hard disk file into the box or click on the folder icon to select a different folder to create the file in. Then select the size of the virtual hard disk. Then click on the "Create" button.

Congratulations, you have successfully created a virtual machine.


10. Now, select the Virtual Machine,  and then click on "Start".


11. Click on the folder icon and then select the "Capture The Flag" ISO image. Then click on the "Start" button.


12. Press the "Enter" key to start the system, or type fr, jp or hu and "Enter" to use French, Japanese or Hungarian keymap, respectively.

After the system has started, you will see the instructions to pass the first challenge:


If you need, you can install additional software in the running system, it's totally OK and not cheating. Switch to the tc user with the su - tc command, and use the tce program -- TinyCore's package manager. It's easy, just follow the instructions.

The goal is to advance through the levels one by one, discovering the password to the next level at each step, until you reach "The Flag" (and celebrate):


Note: If you want to get root access in the live system, you can either do su - tc to become the admin user, or boot the system with the mc superuser boot option. This is no secret, and you won't learn anything this way.

That's all. I hope you enjoy the challenges. Happy hacking!