hack.lu CTF 2014 write-up: Hidden In Plain Sight

Posted on So, 2014-10-26 in ctf • Tagged with ctf, hacklu, javascript, node.js

OK I have to confess I solved this challenge by pure luck. The setting was that there is a service that allows you to register and the upload files. The uploaded files can be shared by creating a link, which contains a HMAC over the user and the filename. If …


Continue reading

hack.lu CTF 2014 write-up: Killy The Bit

Posted on So, 2014-10-26 in ctf • Tagged with ctf, hacklu, sql, php

This was a fun challenge :) The setting was that the royal bank of Fluxembourg was hacked by Killy the Bit and now they set up a page to reset the user passwords. Because Killy owes us a favor we received the source code for the password resetting page. So the …


Continue reading

hack.lu CTF 2014 write-up: Objection

Posted on So, 2014-10-26 in ctf • Tagged with ctf, hacklu, coco, node.js, CoffeeScript, JavaScript

So we got the source for something that looked like CoffeeScript, but had really strange string literals. After some investigation I found out, that this was in fact coco source code. Coco in turn is a fork of CoffeeScript. Both compile to JavaScript. The service allows you to login with …


Continue reading