Callboy Description Have you ever called a Callboy? No!? Then you should definitely try it. To make it a pleasant experience for you, we have recorded a call with our Callboy to help you get started, so that there is no embarrassing silence between you.
PS: do not forget the to wrap flag{} around the secret
Write-Up For this challenge we get a network packet capture. The challenge name and description strongly hint at some VoIP call being in the traffic.
Writeup for Confessions challenge of Hack.lu CTF 2020
Confessions Description Someone confessed their dirtiest secret on this new website: https://confessions.flu.xxx Can you find out what it is?
Write-Up After some basic poking around and seeing what the website does we find that pretty much the whole thing is done by javascript calling a GraphQL backend. It seems the /graphql backend allows pretty much arbitrary queries, so let’s see what we can pull out of there.
Using an adapted query from https://github.
Writeup for flagdroid challenge of Hack.lu CTF 2020
Flagdroid Description This app won’t let me in without a secret message. Can you do me a favor and find out what it is?
Write-Up For this challenge we get an APK file. Fortunately APK files are fairly well reversible (as is most Java based bytecode). In this case we just used an online service to “decompile” the APK for us, but there are plenty of tools you can use to do this locally if you want.
Writeup for FluxCloud Serverless challenge of Hack.lu CTF 2020
FluxCloud Serverless Description To host stuff like our website, we developed our own cloud because we do not trust the big evil corporations! Of course we use cutting edge technologies, like serverless. Since we know what we are doing, it is totally unhackable. If you want to try, you can check out the demo and if you can access the secret, you will even get a reward :)
Note: This version of the challenge contains a bypass that has been fixed in FluxCloud Serverless 2.
Writeup for FluxCloud Serverless 2.0 challenge of Hack.lu CTF 2020
FluxCloud Serverless 2.0 Description To host stuff like our website, we developed our own cloud because we do not trust the big evil corporations! Of course we use cutting edge technologies, like serverless. Since we know what we are doing, it is totally unhackable. If you want to try, you can check out the demo and if you can access the secret, you will even get a reward :)
Note: This is the fixed version of FluxCloud Serverless.
A few more writeups for the Nucular Power Plant, Time Machine, and COBOL OTP challenges from the 2019 Hack.lu CTF.
https://git.insomnia247.nl/coolfire/hacklu-2019/blob/master/README.md
Writeup for the babyphp challenge of Hack.lu CTF 2018
Full writeup for the Babyphp challenge from the 2018 Hack.lu CTF. Lots of interesting PHP oddities to explore!
https://git.insomnia247.nl/coolfire/hacklu-ctf-2018/blob/master/baby-php.md