hack.lu CTF 2014 write-up: Hidden In Plain Sight

Posted on So, 2014-10-26 in ctf • Tagged with ctf, hacklu, javascript, node.js

OK I have to confess I solved this challenge by pure luck. The setting was that there is a service that allows you to register and the upload files. The uploaded files can be shared by creating a link, which contains a HMAC over the user and the filename. If …


Continue reading

hack.lu CTF 2014 write-up: Objection

Posted on So, 2014-10-26 in ctf • Tagged with ctf, hacklu, coco, node.js, CoffeeScript, JavaScript

So we got the source for something that looked like CoffeeScript, but had really strange string literals. After some investigation I found out, that this was in fact coco source code. Coco in turn is a fork of CoffeeScript. Both compile to JavaScript. The service allows you to login with …


Continue reading