Posted on So, 2014-10-26 in ctf • Tagged with ctf, hacklu, javascript, node.js
OK I have to confess I solved this challenge by pure luck. The setting was that there is a service that allows you to register and the upload files. The uploaded files can be shared by creating a link, which contains a HMAC over the user and the filename. If …
Posted on So, 2014-10-26 in ctf • Tagged with ctf, hacklu, sql, php
This was a fun challenge :) The setting was that the royal bank of Fluxembourg was hacked by Killy the Bit and now they set up a page to reset the user passwords. Because Killy owes us a favor we received the source code for the password resetting page. So the …
Posted on So, 2014-10-26 in ctf • Tagged with ctf, hacklu, coco, node.js, CoffeeScript, JavaScript
So we got the source for something that looked like CoffeeScript, but had really strange string literals. After some investigation I found out, that this was in fact coco source code. Coco in turn is a fork of CoffeeScript. Both compile to JavaScript. The service allows you to login with …