133713pwnies

Confessions Description Someone confessed their dirtiest secret on this new website: https://confessions.flu.xxx Can you find out what it is? Write-Up After some basic poking around and seeing what the website does we find that pretty much the whole thing is done by javascript calling a GraphQL backend. It seems the /graphql backend allows pretty much arbitrary queries, so let’s see what we can pull out of there. Using an adapted query from https://github.

Flagdroid Description This app won’t let me in without a secret message. Can you do me a favor and find out what it is? Write-Up For this challenge we get an APK file. Fortunately APK files are fairly well reversible (as is most Java based bytecode). In this case we just used an online service to “decompile” the APK for us, but there are plenty of tools you can use to do this locally if you want.

FluxCloud Serverless Description To host stuff like our website, we developed our own cloud because we do not trust the big evil corporations! Of course we use cutting edge technologies, like serverless. Since we know what we are doing, it is totally unhackable. If you want to try, you can check out the demo and if you can access the secret, you will even get a reward :) Note: This version of the challenge contains a bypass that has been fixed in FluxCloud Serverless 2.

FluxCloud Serverless 2.0 Description To host stuff like our website, we developed our own cloud because we do not trust the big evil corporations! Of course we use cutting edge technologies, like serverless. Since we know what we are doing, it is totally unhackable. If you want to try, you can check out the demo and if you can access the secret, you will even get a reward :) Note: This is the fixed version of FluxCloud Serverless.

A few more writeups for the Nucular Power Plant, Time Machine, and COBOL OTP challenges from the 2019 Hack.lu CTF. https://git.insomnia247.nl/coolfire/hacklu-2019/blob/master/README.md

A writeup for nice little challenge from the 2018 VincCTF. A CTF full of crypto challenges. The TokenVault v1 writeup is a nice gentle introduction into exploiting cryptography bugs. https://git.insomnia247.nl/coolfire/VincCTF-2018/blob/master/TokenVault1.md#tokenvault-1

Question 1: What phrase is revealed when you answer all of the KringleCon Holiday Hack History questions? For hints on achieving this objective, please visit Bushy Evergreen and help him with the Essential Editor Skills Cranberry Pi terminal challenge. Just quit vi, using :q Hi, I’m Bushy Evergreen. I’m glad you’re here, I’m the target of a terrible trick. Wow, it seems so easy now that you’ve shown me how!

Full writeup for the Babyphp challenge from the 2018 Hack.lu CTF. Lots of interesting PHP oddities to explore! https://git.insomnia247.nl/coolfire/hacklu-ctf-2018/blob/master/baby-php.md

Just a short writeup of the pre-qualifier rounds for this years PwCTF. https://git.insomnia247.nl/coolfire/PwCTF-prequals_2018

Just an archive of useful links Reverse engineering GDB plugin to classify exploitability of bugs GEF - GDB Enhanced Features Radare2 decompiler plugin Radare2 plugin to generate pseudo-C ROPping to Victory ROPping to Victory - Part 2, split ROPping to Victory - Part 3, callme maybe? N Ways to Unpack Mobile Malware (Android) Forensics Unpacking cramfs firmware file systems Crypto FeatherDuster - Automated cryptanalysis tool Hash Extender - Perform hash extension attacks HashPump - Perform hash extension attacks PadBuster - Script for Padding Oracle attacks RsaCtfTool - Perform various RSA attacks RSAtool - Calculate RSA keys by their exponents Xortool - XOR brute forcer Web SQLMAP Tamper Scripts for The Win Frameworks Pwntools Pwnypack