Writeup for Confessions challenge of Hack.lu CTF 2020
Writeup for flagdroid challenge of Hack.lu CTF 2020
Flagdroid Description This app won’t let me in without a secret message. Can you do me a favor and find out what it is? Write-Up For this challenge we get an APK file. Fortunately APK files are fairly well reversible (as is most Java based bytecode). In this case we just used an online service to “decompile” the APK for us, but there are plenty of tools you can use to do this locally if you want.
Writeup for FluxCloud Serverless challenge of Hack.lu CTF 2020
FluxCloud Serverless Description To host stuff like our website, we developed our own cloud because we do not trust the big evil corporations! Of course we use cutting edge technologies, like serverless. Since we know what we are doing, it is totally unhackable. If you want to try, you can check out the demo and if you can access the secret, you will even get a reward :) Note: This version of the challenge contains a bypass that has been fixed in FluxCloud Serverless 2.
Writeup for FluxCloud Serverless 2.0 challenge of Hack.lu CTF 2020
FluxCloud Serverless 2.0 Description To host stuff like our website, we developed our own cloud because we do not trust the big evil corporations! Of course we use cutting edge technologies, like serverless. Since we know what we are doing, it is totally unhackable. If you want to try, you can check out the demo and if you can access the secret, you will even get a reward :) Note: This is the fixed version of FluxCloud Serverless.
Writeups for some challenges of Hack.lu CTF 2019
A few more writeups for the Nucular Power Plant, Time Machine, and COBOL OTP challenges from the 2019 Hack.lu CTF. https://git.insomnia247.nl/coolfire/hacklu-2019/blob/master/README.md
Writeup for the tokenvault 1 challenge of VincCTF CTF 2018
A writeup for nice little challenge from the 2018 VincCTF. A CTF full of crypto challenges. The TokenVault v1 writeup is a nice gentle introduction into exploiting cryptography bugs. https://git.insomnia247.nl/coolfire/VincCTF-2018/blob/master/TokenVault1.md#tokenvault-1
Writeup for the SANS Holiday Hack Challenge 2018
Question 1: What phrase is revealed when you answer all of the KringleCon Holiday Hack History questions? For hints on achieving this objective, please visit Bushy Evergreen and help him with the Essential Editor Skills Cranberry Pi terminal challenge. Just quit vi, using :q Hi, I’m Bushy Evergreen. I’m glad you’re here, I’m the target of a terrible trick. Wow, it seems so easy now that you’ve shown me how!
Writeup for the babyphp challenge of Hack.lu CTF 2018
Full writeup for the Babyphp challenge from the 2018 Hack.lu CTF. Lots of interesting PHP oddities to explore! https://git.insomnia247.nl/coolfire/hacklu-ctf-2018/blob/master/baby-php.md
Writeup for the PwCTF pre-qualifiers of 2018
Just a short writeup of the pre-qualifier rounds for this years PwCTF. https://git.insomnia247.nl/coolfire/PwCTF-prequals_2018
Archive of useful links
Just an archive of useful links Reverse engineering GDB plugin to classify exploitability of bugs GEF - GDB Enhanced Features Radare2 decompiler plugin Radare2 plugin to generate pseudo-C ROPping to Victory ROPping to Victory - Part 2, split ROPping to Victory - Part 3, callme maybe? N Ways to Unpack Mobile Malware (Android) Forensics Unpacking cramfs firmware file systems Crypto FeatherDuster - Automated cryptanalysis tool Hash Extender - Perform hash extension attacks HashPump - Perform hash extension attacks PadBuster - Script for Padding Oracle attacks RsaCtfTool - Perform various RSA attacks RSAtool - Calculate RSA keys by their exponents Xortool - XOR brute forcer Web SQLMAP Tamper Scripts for The Win Frameworks Pwntools Pwnypack