6 min read ctfs

How to Write Good CTF Walkthroughs

If you have solved a CTF challenge, first of all, congrats!

While you’re probably tired from problem solving (and a bit of sleep deprivation), it can be immensely helpful to yourself and others to document your solution.

Maybe you’re documenting your CTF progress in order to demonstrate your self-taught learning and get a job. Maybe you hope your write-ups will benefit others, perhaps in a school infosec club.

Or maybe you’re writing to strengthen your own understanding of a concept–we’ve all heard that one of the best ways to learn is to teach others. This is true whether you’re teaching in person, or writing a blog post to explain what you’ve learned.

This post will be about how to make the most of your writing efforts, and create helpful CTF walkthroughs (in written form, although videos are great too!)

Note: All of the following steps assume that you have permission to do a write-up, as is common after one-time CTF events. This is because the assumption is that the challenges will not be reused in the future.

If you are interested in doing write-ups for long-term, always-available CTFs, it’s best to check for permission before uploading your solution. Since these platforms are always reusing the same challenges, having solutions available can contribute to cheating (if a platform is used for interviews or competitions).

One such example is Hack the Box, which requests that people only document non-active boxes (such as retired boxes).

Taking Notes

  ✅ DO: take notes and screenshots as you go

  🚫 DON’T: depend on your memory after the CTF and/or your bash history

First things first, you’ll greatly benefit yourself if you take notes during the course of the CTF. What do I mean by notes? This could include:

  • Copy/pasting attempted payloads into a Markdown document
  • Handwritten notes, if you prefer taking notes on paper
  • Copies of downloaded files, traffic captures, etc.
  • Screenshots of challenge prompts, error messages, debugging views, console output, CTF administrator hints etc.
  • Chat logs with your CTF teammates

All of this will be useful later, especially if the CTF administrators don’t keep the challenges up after the fact. If I had to give one hint here, it would be to take LOTS of screenshots.

I find Markdown files the easiest to take notes in, as I often use Markdown for the eventual blog post.

Piecing Together Your Solution

  ✅ DO: do a bit of planning before you start writing

  🚫 DON’T: word dump, get burned out, and then jump to the solution.

As you can imagine, the CTF write-up starts with the challenge prompt and ends with the working solution.

But what about all the stuff in between?

You don’t have to outline your solution beforehand (this isn’t writing class) but it can make the rest of the process smoother, and also help you identify what information you’re missing, and more importantly, where gaps in your understanding might be.

Here’s a basic outline you can use for your CTF walkthrough:

  1. Initial information: briefly mention the CTF name and context, say what challenge the walkthrough is for, what category it’s in (Web, Pwn, etc.), and share the challenge prompt as text or a screenshot, if it’s useful.
  2. Enumeration: when you first open up the challenge, what does it look like? Share a screenshot of the website, or a screenshot of console output, and/or describe in your own words what your first impressions were. If you run a scan or do other enumeration, include it here.
  3. Rabbit Holes: what paths did you take that didn’t work out? Describe them, maybe link to a reference page, and if you can, explain what made you realize this was the wrong path.
    Misery loves company, but don’t go overboard here. Not mentioning this section at all might make you look like a genius (or very lucky). Talking about it too much sounds like complaining. But talking about it juuust enough to save other people–and yourself–trouble in the future? That's the way to go.
  4. Getting to the solution: once you’re on the right path, you probably still hit some obstacles or had mini-problems to solve. Document these one step at a time, and maybe use sub-headings to break things up.
  5. The actual solution: At this point you’ve probably covered quite a bit of territory. Summarize the walkthrough thus far, and then share a working solution to get the flag. I might include a screenshot to prove that I found the flag but don’t always include the flag string itself, especially if the challenge is going to be reused.

Of course, this outline is better suited to more involved CTF challenges (rather than a simple one-and-done attack).

How Much to Write

  ✅ DO: lean heavily on screenshots, and save your writing efforts for abstract concepts.

  🚫 DON’T: leave a wall of text.

Once you’ve got the outline, start filling things in. Pictures are worth a thousand words, and you don’t have to write a novel (although of course, you can if you want to).

Writing up a CTF challenge can be a big undertaking. If you don’t think you’re a great writer, or if you’re slow at typing, it can be a daunting task.

My recommendation is to lean heavily on screenshots. You might need a brief sentence or two to explain the screenshot (“Once we tried the updated payload, here’s what the error message said:”), but you can save your heavy duty writing to explain your realizations, technical concepts, or things that aren’t explained well in photos.

This makes write-ups easier to complete, and it’s also easier for other people to process. Walls of text are difficult to read.

If you someone who loves to writes, try to break things up with headings, smaller paragraphs, and occasional photos and screenshots.

Challenge Solution

DO: include working code (where applicable) and enough steps to be repeatable, and then test it out again.

🚫 DON’T: leave out crucial steps or jump to the solution

Just about everyone in tech has experienced this phenomenon, summed up in an xkcd comic:

Wisdom of the Ancients

What’s even worse is when the person comments and says “never mind, I figured it out”. While it seems unusual that you’d see this in a CTF walkthrough (whose purpose is to explain the answer!), post-CTF fatigue, poor note-taking, or just writing fatigue can cause people to leave out crucial steps.

If at all possible (i.e. if the CTF administrators leave a challenge up after the event ends), run through all the steps again to make sure they’re all there, and to make sure that your final payload works (no copy/paste errors).

I would include the working final code or payload, especially if it includes helpful information for future challenges. One example might be a custom script that could be reused for future challenges in a similar category.

References

  ✅ DO: give credit and link to other helpful resources

  🚫 DON’T: exclude helpful links or take all the credit for yourself if others helped

If you’re writing up a challenge walkthrough where the challenge builds on other foundational ideas, you don’t have to explain the idea from first rights. You definitely can if you want to (especially if you think the other write-ups are difficult to understand and you can do better!) but you don’t have to.

If you did reference a blog post that helped you, link it in your write-up and thank the author for the resource. Likewise, give credit to your teammates if they helped you solve the challenge, even if you don’t call them out by name.

Sharing Your Write-up

  ✅ DO: Share with CTF participants in designated solutions channels and/or on CTFTime.org

  🚫 DON’T: Put off your write-up and never share!

Last but not least, you need to publish what you wrote. In my opinion, CTF write-ups are better complete than perfect, so don’t stress too much over editing, formatting, etc. Although you should do a sweep through for identifying information or anything you don’t want to share with the world.

You can publish the write-up on your own blog if you have one, a Github repo or Github pages, or you can share on CTFTime. Or some combination of the above.

Conclusion

The last step is to keep going… if you are regularly CTFing, and taking notes, you’ll make a lot of progress, and future challenges will be easier for you. I frequently refer back to my own notes.

One more thing you can do to supercharge your CTF efforts is to read other people’s write-ups. This is true whether or not you were able to solve the challenge yourself. If you didn’t solve it, you’ll of course be interested in what the answer was. But even if you did solve it, you’ll learn something from other people’s approaches.

Happy CTFing!