Logo

Web

Confessions - Hack.lu 2020 Writeups

3 minute read Published:

Writeup for Confessions challenge of Hack.lu CTF 2020
Confessions Description Someone confessed their dirtiest secret on this new website: https://confessions.flu.xxx Can you find out what it is? Write-Up After some basic poking around and seeing what the website does we find that pretty much the whole thing is done by javascript calling a GraphQL backend. It seems the /graphql backend allows pretty much arbitrary queries, so let’s see what we can pull out of there. Using an adapted query from https://github.

FluxCloud Serverless - Hack.lu 2020 Writeups

2 minute read Published:

Writeup for FluxCloud Serverless challenge of Hack.lu CTF 2020
FluxCloud Serverless Description To host stuff like our website, we developed our own cloud because we do not trust the big evil corporations! Of course we use cutting edge technologies, like serverless. Since we know what we are doing, it is totally unhackable. If you want to try, you can check out the demo and if you can access the secret, you will even get a reward :) Note: This version of the challenge contains a bypass that has been fixed in FluxCloud Serverless 2.

FluxCloud Serverless 2.0 - Hack.lu 2020 Writeups

3 minute read Published:

Writeup for FluxCloud Serverless 2.0 challenge of Hack.lu CTF 2020
FluxCloud Serverless 2.0 Description To host stuff like our website, we developed our own cloud because we do not trust the big evil corporations! Of course we use cutting edge technologies, like serverless. Since we know what we are doing, it is totally unhackable. If you want to try, you can check out the demo and if you can access the secret, you will even get a reward :)