Malicious Macro

Find the flag (pwned{...}) [[]] Note: Microsoft Defender likely flags this as malware...

Android Malware

Can you de-obfuscate the string in the files? [[]] [[]] [These are from Maddie Stone's Android App Reversing Course]

Big brain, little brain

Half-baked Cobra

Can you decompile my script for me, I accidently deleted the source code! [Compiled version]

Snake Bite

Get the flag from this horrendous script.

#weekly-challenges 2/3/21

Check the #weekly-challenges channel on Discord


Solve this: []

Steg #8


Steg #7


Steg #6

Lorem ipsum dolor sit amet occaecat laborum culpa minim, qUis occaecat esse nulla. irure velit aliquip cillum deserunt enim nostrud lorem officia esse aliqua cupidatat laborum voluptate eu amet ea eu incididunt. ullamco repreHenderit ex lorem consequat quis cillum enim officia enim est Aliquip ad nostrud laborum dolor ex anim amet enim mollit nisi. et Commodo tempor dolor et ad proident elit aute elit temporK. exercitation culpa ut esse et aliqua ea qui magna. id do eu reprehenderit tempor...

Steg #5


Steg #4

Compare the meerkats [Meerkat 1] [Meerkat 2]

Steg #3


Steg #2


Steg #1

??? [File]

Wireshark #9

I think Van Gogh stopped by 🎨. Let's look at his masterpiece in the [art gallery] The word LUHACK in the flag is uppercase when you submit

Wireshark #8

Find the flag that has been hidden in a DNS exchange in one of the pcaps!

Wireshark #7

What is the SSH version of the server? [PCAP]

Wireshark #6

Get the flag [🧐]

Wireshark #5

[Can you hear the flag (uppercase)???]

Wireshark #4

What is the passwords? 🤔 [here]?

Wireshark #3

What is the URL that is in the DNS TXT response in [here]?

Wireshark #2

Decrypt [this traffic] using [ssl.log], what is the path the user is GETing?

Wireshark #1

Using the [JA3 plugin for Wireshark], and [], what is the User-Agent of the host making the connection in [here]? (JA3 of TLS Client Hello)

Scripting #3

Poke, for example: nc 6969 Be fast, some things aren't forever.

Scripting #2

dig @<VM IP> -t TXT start.luhack and then go to the domain that it returns in the answer. For example, if it returns "zebra.luhack", query the VM for a DNS TXT record for zebra.luhack. This can be done with the command line tool on Kali called dig with the format: dig @<VM IP> -t TXT <domain>

Scripting #1

Connect to port 8080 on the VM and do some quick maths to return the answer


Navigate to http://<vm address>/csrf. Kerry is naive and clicks on every link you send her, try using a csrf vulnerability to steal her money.


Navigate to http://<vm address>/ssti, try exploiting the ssti to run arbitrary code and get the flag.


Navigate to http://<vm address>/sqli, try exploiting the sqli to dump the users table. (sqlmap may be useful)

RE #5

This one also needs some reversing, can you figure out what it's doing to the password? [get it here] Also, a note about stack strings: compilers like to load strings into memory by splitting the string into chunks of 8 bytes, and loading each chunk as a 64 bit integer. Radare2/Cutter will attempt to show you the content of these strings as an annotation, but sometimes you need to use your intuition. ...

RE #4

No cracking this time, take a look and see what this program is doing: [get it here]

RE #3

A bit more difficult this time (I think), might be a bit more complicated than flipping a jump: [get the program here]

RE #2

Crack this program and the flag will be yours: [get it here]

RE #1

This one needs a lot of brainpower: [get the program]

Phishing #4

Oh dear, Tracey, in her old age, has forgotten to post the last flag to her Instagram. Silly Tracey! The only way of getting the last flag is to pry it from her yourself! Craft up a convincing phishing email/message, using information given to you by Tracey herself via her verbose social media presence, and get that last flag! These emails will be read out so please make sure you keep content relatively acceptable. Tracey was naughty in her youth, but she's getting on a bit now!

Phishing #3

With lockdown in full swing, Tracey has been doing a bit of online shopping to ward off the crippling boredom induced by months inside. Poor Tracey! Go and join her cheeky shop at []

Phishing #2

Tracey has recently had a Facebook memory from when she passed her driving test, to celebrate she has decided to share it with you all! Isn't Tracey lovely? Find Tracey's caring posts at []

Phishing #1

Tracey has been on holiday recently, isn't that lovely? See her holiday snaps at []

Privesc #8

Escalate to the root8 account

Privesc #7

Escalate to the root7 account

Privesc #6

Escalate to the root6 account

Privesc #5

Escalate to the root5 account

Privesc #4

Escalate to the root4 account

Privesc #3

Escalate to the root3 account

Privesc #2

Escalate to the root2 account

Privesc #1

Escalate to the root1 account

WEB-BOX #6 - Albums

Any way to get me access to this new album from my favourite band? (This one is a little tougher!)


My steam wallet is running low. I've tried all the logins we found previously. This might require something new?

WEB-BOX #4 - Ricflix

I want free access to movies.


More passwords to find!

WEB-BOX #2 - Login

You've found the login page for the site. Can you get access?

WEB-BOX #1 - Pin

This is a basic pin brute force. You've been given access to this page with a 4 digit pin. Can you build a script to crack it?

Web #7

You're not admin, are you?

Web #6

Can you login to an account? (Try doing #5 first)

Web #5

Can you inject the login page?

Web #4

Hack the Network Test page . The cat binary is in the same directory as where you are, to run is use ./cat, the flag is in a file called flag.txt.

Web #3

Another easy one, just look and pretend you're a robot 👀

Web #2

This is an easy one, just look around...

Web #1

Hack port 8089

Infra #4

Pwn windows box with EternalBlue (Flag is on the desktop of the LUHack user)

Infra #3

Pwn vsftpd

Infra #2

Pwn Unrealircd

Infra #1

Pwn redis

Infra Challenge #2

Pivot from [infra challenge 1] and get root

Infra Challenge #1

Take a look at the port: 4321

Crypto #12

We found this short string a while back, and can't seem to make any sense of it: gov4IlPH-4Y No decryption method we know of has been able to make any sense of it. All that we know is that it came from someone who likes to make YouTube videos. (When submitting, add in curly braces so the flag is in the format LUHACK{<stuff>}) Made by Willanator#3792

Crypto #11

Decrypt the file to find the flag [] A dictionary might come in handy...

Crypto #10

Decode the message to find the flag

Crypto #9

Can you decrypt the traffic? I'll be nice and even give you the keys! (Hint: Use Wireshark) Traffic: [crypto9.pcapng] Keys: [ssl.log]

Crypto Challenge #2

Try the other tasks first before attempting these more difficult challenges! This one is very hard. Made by pink#3872

Crypto Challenge #1B

You need to complete #1A first, make sure to read the prompt again [final.dat] Made by pink#3872

Crypto Challenge #1A

Try the other tasks first before attempting these more difficult challenges! Made by pink#3872

Crypto #8

Decode the message to find the flag You will need to put your answer in the LUHACK{...} format Made by pink#3872

Crypto #7

Decode the message to find the flag Made by pink#3872

Crypto #6

Finding the flag might require some brute force... [hmmm.dat] Made by pink#3872

Crypto #5

Decode the message to find the flag Made by pink#3872

Crypto #4

Decode the message to find the flag Made by pink#3872

Crypto #3

Decode the message to find the flag Made by pink#3872

Crypto #2

Decode the message to find the flag Made by pink#3872

Crypto #1

Decode the message to find the flag Made by pink#3872

Enum 14

What is the kernel version of the VM? (Answer is x.y.z-ab-w, where xyzab are numbers and w is a word)

Enum 13

What is the root directory of the FTP server? (Answer is in the form /x/y)

Enum 12

What is the root directory of the web server running on the machine? (Answer is in the form /x/y/z)

Enum 11

Enum 10

Find a valid SMTP username (except recon) (answer is the name in all lowercase)

Enum 9


Enum 8

I wonder if whoever made the box previously wrote a flag in the terminal 🤔

Enum 7

Clandestine File 👀

Enum 6

Environment 🔍

Enum 5

What is the subdomain of that has a certificate issued for it? Flag is <subdomain> (all lowercase)

Enum 4

DNS #2 The name of the zone the VM is responsible for is

Enum 3

DNS #1 The name of the zone the VM is responsible for is

Enum 2

FTP #2

Enum 1

FTP #1 Try to find the first flag on the FTP server

Recon #14

What protocol runs over port 53?

Recon #13

How many TCP ports can possibly exist on a system?

Recon #12

Is port 993 open? (yes/ no)

Recon #11

Is port 999 open? (yes/ no)

Recon #10

How many ports are open?

Recon #9

What is the SSH fingerprint of the user recon? (The answer is a random alphanumeric string)

Recon #8

What IMAP software is running?

Recon #7

What is the SMTP banner?

Recon #6

What is the banner of port 42069?

Recon #5

What is the Organizational Unit (OU) of the certificate server on port 443?

Recon #4

What is the hostname (Common Name) of the certificate served on port 443?

Recon #3

What version of FTP software is running? (SoftwareName x.y.z)

Recon #2

What web server software is running? (SoftwareName x.y.z)

Recon #1

What version of BIND is running? (answer is x.y.x)

Some dumb RE challenge

Here's a linux program compiled by another program I wrote, it should be fairly unintuitive to reverse engineer so good luck! [] Since I'm nice, here's the source code: [] And here's the source code of the compiler: []

Freshers challenge #9

Hidden inside this pcap is a flag: []

Freshers Challenge #8

Nothing to see here ...

Freshers Challenge #7

We received the following file. Can you help us decode the hidden message? [Downloadable File to investigate]

Freshers Challenge #6

To complete this challenge, you must find all 3 flags. Submit the flags in the format: flag1flag2flag3

Freshers Challenge #5

drainage edict deadbolt cranky crucial dragnet kickoff guidance highchair fracture chatter chatter jawbone eyetooth freedom chairlift gremlin flytrap eyetooth framework glucose choking freedom klaxon

Freshers Challenge #4

ndjsdcilxcugxtcshlxiwhpaps When submitting the flag, enter it as LUHACK{plaintext}. Where plaintext is the plaintext of the above string.

Freshers Challenge #3


Freshers Challenge #2

Once you've solved Freshers Challenge #1, you'll be given the start of the next challenge. Once you get the flag for that, submit it using the bot!

Freshers Challenge #1

Hmm I wonder