Writeup for Confessions challenge of Hack.lu CTF 2020
Confessions Description Someone confessed their dirtiest secret on this new website: https://confessions.flu.xxx Can you find out what it is?
Write-Up After some basic poking around and seeing what the website does we find that pretty much the whole thing is done by javascript calling a GraphQL backend. It seems the /graphql backend allows pretty much arbitrary queries, so let’s see what we can pull out of there.
Using an adapted query from https://github.
Writeup for flagdroid challenge of Hack.lu CTF 2020
Flagdroid Description This app won’t let me in without a secret message. Can you do me a favor and find out what it is?
Write-Up For this challenge we get an APK file. Fortunately APK files are fairly well reversible (as is most Java based bytecode). In this case we just used an online service to “decompile” the APK for us, but there are plenty of tools you can use to do this locally if you want.
Writeup for FluxCloud Serverless challenge of Hack.lu CTF 2020
FluxCloud Serverless Description To host stuff like our website, we developed our own cloud because we do not trust the big evil corporations! Of course we use cutting edge technologies, like serverless. Since we know what we are doing, it is totally unhackable. If you want to try, you can check out the demo and if you can access the secret, you will even get a reward :)
Note: This version of the challenge contains a bypass that has been fixed in FluxCloud Serverless 2.
Writeup for FluxCloud Serverless 2.0 challenge of Hack.lu CTF 2020
FluxCloud Serverless 2.0 Description To host stuff like our website, we developed our own cloud because we do not trust the big evil corporations! Of course we use cutting edge technologies, like serverless. Since we know what we are doing, it is totally unhackable. If you want to try, you can check out the demo and if you can access the secret, you will even get a reward :)
Note: This is the fixed version of FluxCloud Serverless.
A few more writeups for the Nucular Power Plant, Time Machine, and COBOL OTP challenges from the 2019 Hack.lu CTF.
https://git.insomnia247.nl/coolfire/hacklu-2019/blob/master/README.md
Writeup for the tokenvault 1 challenge of VincCTF CTF 2018
A writeup for nice little challenge from the 2018 VincCTF. A CTF full of crypto challenges. The TokenVault v1 writeup is a nice gentle introduction into exploiting cryptography bugs.
https://git.insomnia247.nl/coolfire/VincCTF-2018/blob/master/TokenVault1.md#tokenvault-1
Question 1: What phrase is revealed when you answer all of the KringleCon Holiday Hack History questions? For hints on achieving this objective, please visit Bushy Evergreen and help him with the Essential Editor Skills Cranberry Pi terminal challenge.
Just quit vi, using :q
Hi, I’m Bushy Evergreen.
I’m glad you’re here, I’m the target of a terrible trick.
Wow, it seems so easy now that you’ve shown me how!
Writeup for the babyphp challenge of Hack.lu CTF 2018
Full writeup for the Babyphp challenge from the 2018 Hack.lu CTF. Lots of interesting PHP oddities to explore!
https://git.insomnia247.nl/coolfire/hacklu-ctf-2018/blob/master/baby-php.md