Ready to level up your ethical hacking and Bug Bounty skills?
YesWeHack's Dojo platform now supports the Ruby programming language – so you can now create your own Capture the Flag (CTF) challenges in Ruby code within a dedicated new sandbox environment! Read on to discover how to leverage the new feature and the bug-hunting benefits of mastering Ruby and its common security pitfalls. Let's dive in!
Outline
- What is Dojo?
- Why Ruby? A Bug Hunter’s Perspective
- Step-by-Step: Getting Started with a Ruby CTF
- Benefits for Bug Bounty Learners & Challenge Creators
- References
What is Dojo?
YesWeHack’s Dojo platform is a versatile CTF and learning platform aimed at Bug Bounty hunters and anyone else who wants to sharpen their hacking skills and get involved in the hacking community. It offers interactive learning modules with practical labs on common vulnerabilities, as well as monthly CTF challenges featuring realistic vulnerabilities that boost the bug-hunting skills of both experienced and inexperienced hackers, with swag and leaderboard points awarded to the overall winners.
You can also write your own code in a wide range of programming languages (even wider now!) in order to test attack techniques or create your own CTF challenges (which you can submit to YesWeHack for consideration as a potential monthly CTF challenge).
Find out more about how to use the recently-revamped Dojo here!
Why Ruby? A bug hunter’s perspective
At first glance, Ruby might not be the most obvious choice as a language for learning the latest hacking techniques. After all, it’s less prevalent in modern stacks than JavaScript or Python.
But from a hacker’s perspective, Ruby still offers advantages that make it worth knowing about. For instance, Ruby has a mature and battle-tested ecosystem, with a significant number of web applications still relying on it.
Ruby on Rails apps, in particular, have a long history of interesting security issues, from mass assignment and deserialization bugs to SSRF and command injection vulnerabilities. Knowing how Ruby handles data flows, templating and object instantiation gives you an edge when targeting these applications.
Step-by-step: How to create a Ruby CTF
Log in to your Dojo account, hover over CHALLENGES in the top-left corner, and click Create a new challenge.
Now inside the CREATE A CHALLENGE page, find the RUNNER field and select ‘Ruby’. Once you’re also happy with the TITLE, FLAG and ‘Setup Code’, you can click CREATE to create your challenge.
You then land on the main challenge page, where you can write your Ruby code, set up filters and test your code!
Start writing your code in the CODE tab at the bottom-centre of the page. Insert user input to your code within the INPUT panel on the left-hand side by setting the placeholder $output in your CODE tab.
Now you’re set to start testing out attacks or creating your very own CTF challenges!
Benefits for Bug Bounty learners & challenge creators
If you’re an experienced hacker, then you’ve probably faced web applications running on Ruby – and will surely do so again. Understanding Ruby and the most popular Ruby framework, Ruby on Rails (ROR), as well as the pitfalls that lead developers to inadvertently create vulnerabilities in Ruby code, will help you make the most of the hacking opportunities offered by this programming language.
Dojo’s new Ruby integration is a great way for ethical hackers and Bug Bounty hunters to achieve this in a risk-free but realistic way – whether by testing out attack methods, building custom CTF challenges or trying to solve challenges created by others.