Malicious Macro
Find the flag (pwned{...}
) [Macro] Note: Microsoft Defender likely flags this as malware...
Posted on 2023-03-03 17:07:16.574667
Solved 0 times | 15 Points | under obfs
Find the flag (pwned{...}
) [Macro] Note: Microsoft Defender likely flags this as malware...
Posted on 2023-03-03 17:07:16.574667
Solved 0 times | 15 Points | under obfs
Can you de-obfuscate the string in the files? [com.supercell.titan.C2943z1] [com.supercell.titan.GameApp] [These are from Maddie Stone's Android App Reversing Course]
Posted on 2023-03-03 17:07:16.574667
Solved 3 times | 10 Points | under obfs
Posted on 2023-03-03 17:07:16.574667
Solved 3 times | 10 Points | under obfs
Can you decompile my script for me, I accidently deleted the source code! [Compiled version]
Posted on 2023-03-03 17:07:16.574667
Solved 1 time | 10 Points | under obfs
Get the flag from this horrendous script.
Posted on 2023-02-24 17:27:12.127166
Solved 2 times | 15 Points | under angr-and-tracing
[This program] seems to tell you if you've guessed the flag correctly, try figuring out how to make it tell you the flag!
Posted on 2023-02-24 17:27:12.127166
Solved 2 times | 10 Points | under angr-and-tracing
They're getting better now, ltrace won't work on [this one], we'll have to use strace instead.
Posted on 2023-02-24 17:27:12.127166
Solved 3 times | 10 Points | under angr-and-tracing
Another [program that manages passwords], try to expose it using ltrace.
Posted on 2023-02-24 17:27:12.127166
Solved 3 times | 10 Points | under angr-and-tracing
We've found [this program], we have no idea what it does but we do know that if the correct password is typed in you'll know the flag. For reference the example angr code is:
Posted on 2023-02-10 17:29:44.797490
Solved 0 times | 15 Points | under buffer-overflows
Connect to the luhack-bof lab and visit [http://100.67.194.235/] Solve the back_to_the_libc challenge
Posted on 2023-02-10 17:29:09.297936
Solved 0 times | 10 Points | under buffer-overflows
Connect to the luhack-bof lab and visit [http://100.67.194.235/] Solve the shellcode_me challenge
Posted on 2023-02-10 17:28:34.324766
Solved 0 times | 5 Points | under buffer-overflows
Connect to the luhack-bof lab and visit [http://100.67.194.235/] Solve the ez challenge
Posted on 2023-02-10 17:27:36.570436
Solved 2 times | 5 Points | under buffer-overflows
Connect to the luhack-bof lab and visit [http://100.67.194.235/] Solve the login_server challenge
Posted on 2023-01-27 17:25:37.279393
Solved 3 times | 10 Points | under steg
[File]
Posted on 2023-01-27 17:25:37.279393
Solved 5 times | 10 Points | under steg
[File]
Posted on 2023-01-27 17:25:37.279393
Solved 6 times | 10 Points | under steg
Lorem ipsum dolor sit amet occaecat laborum culpa minim, qUis occaecat esse nulla. irure velit aliquip cillum deserunt enim nostrud lorem officia esse aliqua cupidatat laborum voluptate eu amet ea eu incididunt. ullamco repreHenderit ex lorem consequat quis cillum enim officia enim est Aliquip ad nostrud laborum dolor ex anim amet enim mollit nisi. et Commodo tempor dolor et ad proident elit aute elit temporK. exercitation culpa ut esse et aliqua ea qui magna. id do eu reprehenderit tempor...
Posted on 2023-01-27 17:25:37.279393
Solved 0 times | 10 Points | under steg
[File]
Posted on 2023-01-27 17:25:37.279393
Solved 5 times | 10 Points | under steg
Compare the meerkats [Meerkat 1] [Meerkat 2]
Posted on 2023-01-27 17:25:37.279393
Solved 5 times | 10 Points | under steg
[File]
Posted on 2023-01-27 17:25:37.279393
Solved 2 times | 10 Points | under steg
[Files]
Posted on 2023-01-27 17:25:37.279393
Solved 8 times | 10 Points | under steg
??? [File]
Posted on 2023-01-20 16:53:11.355857
Solved 3 times | 10 Points | under reversing
This one also needs some reversing, can you figure out what it's doing to the password? [get it here] Also, a note about stack strings: compilers like to load strings into memory by splitting the string into chunks of 8 bytes, and loading each chunk as a 64 bit integer. Radare2/Cutter will attempt to show you the content of these strings as an annotation, but sometimes you need to use your intuition. ...
Posted on 2023-01-20 16:53:11.355857
Solved 2 times | 5 Points | under reversing
No cracking this time, take a look and see what this program is doing: [get it here]
Posted on 2023-01-20 16:53:11.355857
Solved 4 times | 10 Points | under reversing
A bit more difficult this time (I think), might be a bit more complicated than flipping a jump: [get the program here]
Posted on 2023-01-20 16:53:11.355857
Solved 5 times | 5 Points | under reversing
Crack this program and the flag will be yours: [get it here]
Posted on 2023-01-20 16:53:11.355857
Solved 7 times | 5 Points | under reversing
This one needs a lot of brainpower: [get the program]
Posted on 2022-12-09 17:03:50.467256
Solved 3 times | 15 Points | under hardware
Sometimes you can just dump the firmware
Posted on 2022-12-09 17:03:50.467256
Solved 0 times | 10 Points | under hardware
Take a deeper look into neopixels :)
Posted on 2022-12-09 17:03:50.467256
Solved 3 times | 10 Points | under hardware
Check for usb serial devices :)
Posted on 2022-12-09 17:03:50.467256
Solved 0 times | 5 Points | under hardware
Try tracing the logs (You'll have to find the serial port pin :))
Posted on 2022-12-09 17:03:50.467256
Solved 6 times | 5 Points | under hardware
Dot Dot Dash
Posted on 2022-12-07 14:30:20.806034
Solved 0 times | 10 Points | under member-made
Join kingdom-construction-0
in the LUHack discord and navigate to [http://100.116.180.215/] This challenge was created by: Modded_Technic#0616
Posted on 2022-12-02 17:07:19.072683
Solved 0 times | 10 Points | under radio
What is the ASK signal saying? This signal starts with a sequence of 16 high/low bits before the first character, make sure you align things.
Posted on 2022-12-02 17:06:30.266564
Solved 0 times | 10 Points | under radio
What is the FSK signal saying? This signal starts with a sequence of 16 high/low bits before the first character, make sure you align things.
Posted on 2022-12-02 17:04:39.024599
Solved 5 times | 5 Points | under radio
What is our pirate radio station broadcasting? (all lowercase)
Posted on 2022-12-02 17:02:59.450422
Solved 5 times | 5 Points | under radio
Look very closely
Posted on 2022-11-18 17:13:09.252826
Solved 0 times | 15 Points | under privesc
Read the flag of the root6 account
Posted on 2022-11-18 17:13:09.252826
Solved 3 times | 5 Points | under privesc
Break into the root3 account
Posted on 2022-11-18 17:13:09.252826
Solved 0 times | 10 Points | under privesc
Escalate to the root2 account
Posted on 2022-11-18 17:13:09.252826
Solved 3 times | 5 Points | under privesc
Escalate to the root5 account
Posted on 2022-11-18 17:13:09.252826
Solved 0 times | 10 Points | under privesc
Escalate to the root4 account
Posted on 2022-11-18 17:13:09.252826
Solved 4 times | 5 Points | under privesc
Escalate to the root1 account
Posted on 2022-11-18 17:13:09.252826
Solved 9 times | 5 Points | under privesc
Escalate to the root0 account
Posted on 2022-11-11 16:54:46.670583
Solved 13 times | 5 Points | under crypto
We've received the following transmissions and their encrypted couterparts: plain text According to all known laws of aviation: there is no way a bee should be able to fly. cipher plain text Once upon a time there was a lovely princess. But she had an enchantment upon her of a fearful sort which could only be broken by love's first kiss. cipher
Posted on 2022-11-11 16:54:46.670583
Solved 13 times | 5 Points | under crypto
Posted on 2022-11-11 16:54:46.670583
Solved 14 times | 5 Points | under crypto
TFVIYWNre2Jhc2U2NF9pc19lbmNyeXB0aW9uP30=
Posted on 2022-11-11 16:54:46.670583
Solved 13 times | 5 Points | under crypto
4c554861636b7b636f6d706c6574656c795f68696464656e5f66726f6d5f73696768747d
Posted on 2022-11-11 16:54:46.670583
Solved 3 times | 5 Points | under crypto
Decrypt the file to find the flag [locked.zip] A dictionary might come in handy...
Posted on 2022-11-11 16:54:46.670583
Solved 2 times | 10 Points | under crypto
Decode the message to find the flag
Posted on 2022-11-11 16:54:46.670583
Solved 14 times | 5 Points | under crypto
Decode the message to find the flag You will need to put your answer in the LUHACK{...}
format Made by pink#3872
Posted on 2022-11-11 16:54:46.670583
Solved 15 times | 5 Points | under crypto
Decode the message to find the flag Made by pink#3872
Posted on 2022-11-11 16:54:46.670583
Solved 17 times | 5 Points | under crypto
Decode the message to find the flag Made by pink#3872
Posted on 2022-11-04 16:48:53.681198
Solved 0 times | 5 Points | under web
Kerry is naive and clicks on every link you send her, try using a csrf vulnerability to steal her money. Box: luhack-web-0
Port: 8083 Url: [http://100.127.159.170:8083]
Posted on 2022-11-04 16:48:53.681198
Solved 3 times | 5 Points | under web
Try exploiting the ssti to run arbitrary code and get the flag. Box: luhack-web-0
Port: 8084 Url: [http://100.127.159.170:8084]
Posted on 2022-11-04 16:48:53.681198
Solved 0 times | 5 Points | under web
Try exploiting the sqli to dump the users table. (sqlmap may be useful) Box: luhack-web-0
Port: 8085 Url: [http://100.127.159.170:8085]
Posted on 2022-11-04 16:48:53.681198
Solved 0 times | 5 Points | under web
Any way to get me access to this new album from my favourite band? (This one is a little tougher!) Box: luhack-web-0
Port: 8082 Url: [http://100.127.159.170:8082]
Posted on 2022-11-04 16:48:53.681198
Solved 0 times | 5 Points | under web
My steam wallet is running low. I've tried all the logins we found previously. This might require something new? Box: luhack-web-0
Port: 8082 Url: [http://100.127.159.170:8082]
Posted on 2022-11-04 16:48:53.681198
Solved 0 times | 5 Points | under web
I want free access to movies. Box: luhack-web-0
Port: 8082 Url: [http://100.127.159.170:8082]
Posted on 2022-11-04 16:48:53.681198
Solved 0 times | 5 Points | under web
More passwords to find! Box: luhack-web-0
Port: 8082 Url: [http://100.127.159.170:8082]
Posted on 2022-11-04 16:48:53.681198
Solved 3 times | 5 Points | under web
You've found the login page for the site. Can you get access? Box: luhack-web-0
Port: 8082 Url: [http://100.127.159.170:8082]
Posted on 2022-11-04 16:48:53.681198
Solved 4 times | 5 Points | under web
This is a basic pin brute force. You've been given access to this page with a 4 digit pin. Can you build a script to crack it? Box: luhack-web-0
Port: 8082 Url: [http://100.127.159.170:8082]
Posted on 2022-11-04 16:48:53.681198
Solved 11 times | 5 Points | under web
You're not admin, are you? Box: luhack-web-0
Port: 8081 Url: [http://100.127.159.170:8081]
Posted on 2022-11-04 16:48:53.681198
Solved 0 times | 5 Points | under web
Can you login to an account? (Try doing #4 first) Box: luhack-web-0
Port: 8081 Url: [http://100.127.159.170:8081]
Posted on 2022-11-04 16:48:53.681198
Solved 0 times | 5 Points | under web
(broken, sorry. Try web-sqli instead) Can you inject the login page? Box: luhack-web-0
Port: 8081 Url: [http://100.127.159.170:8081]
Posted on 2022-11-04 16:48:53.681198
Solved 4 times | 5 Points | under web
Hack the Network Test page. Box: luhack-web-0
Port: 8081 Url: [http://100.127.159.170:8081]
Posted on 2022-11-04 16:48:53.681198
Solved 4 times | 5 Points | under web
Another easy one, just look and pretend you're a robot 👀 Box: luhack-web-0
Port: 8081 Url: [http://100.127.159.170:8081]
Posted on 2022-11-04 16:48:53.681198
Solved 13 times | 5 Points | under web
This is an easy one, just look around... Box: luhack-web-0
Port: 8081 Url: [http://100.127.159.170:8081]
Posted on 2022-10-28 15:52:14.775818
Solved 5 times | 5 Points | under infra
Pwn windows box with EternalBlue (Flag is on the desktop of the LUHack user) Boxes: win-infra-<0..n>
If this doesn't work, try one of the other win-blue machines. EternalBlue likes to trigger BSODs.
Posted on 2022-10-28 15:52:14.775818
Solved 5 times | 5 Points | under infra
Pwn vsftpd Box: luhack-infra-0
Posted on 2022-10-28 15:52:14.775818
Solved 2 times | 5 Points | under infra
Pwn Unrealircd Box: luhack-infra-0
(If you use a bind shell, use port 10001)
Posted on 2022-10-28 15:52:14.775818
Solved 4 times | 5 Points | under infra
Pwn redis (Make sure you use a bind shell on port 10000
) Box: luhack-infra-0
(cmd/unix/bind_netcat
is a good payload btw)
Posted on 2022-10-21 16:27:34.923747
Solved 7 times | 5 Points | under enum
Find the subdomain of luhack.me Answer format: <subdomain>.luhack.me
Posted on 2022-10-21 16:27:34.923747
Solved 7 times | 5 Points | under enum
Find a weird user on the SMTP server. They're not one of these: (hint: /usr/share/wordlists/metasploit/unix_users.txt
is a good wordlist) Box: luhack-enum-0
Posted on 2022-10-21 16:27:34.923747
Solved 20 times | 5 Points | under enum
Throw dirb
at it. Box: luhack-enum-0
Posted on 2022-10-21 16:27:34.923747
Solved 17 times | 5 Points | under enum
I hope you're not a robot? Box: luhack-enum-0
Posted on 2022-10-21 16:27:34.923747
Solved 11 times | 5 Points | under enum
Somewhere in a SMB share... Box: win-enum-0
Posted on 2022-10-21 16:27:34.923747
Solved 7 times | 5 Points | under enum
The second flag from the FTP server. (you might want to come back to this later) Box: luhack-enum-0
Posted on 2022-10-21 16:27:34.923747
Solved 19 times | 5 Points | under enum
Our ftp server isn't as secure as we hoped. Box: luhack-enum-0
Posted on 2022-09-25 20:57:19.391833
Solved 6 times | 10 Points | under session1
Find the hidden flag on the DNS server! Box: luhack-recon-0
Hint: How can we read all records of a DNS server?
Posted on 2022-09-25 20:57:19.391833
Solved 6 times | 5 Points | under session1
What is the content of the txt.luhack.local record? Box: luhack-recon-0
Posted on 2022-09-25 20:57:19.391833
Solved 6 times | 5 Points | under session1
What is the IP address of test.luhack.local ? Hint: use dig or nslookup Box: luhack-recon-0
Posted on 2022-09-25 20:57:19.391833
Solved 8 times | 5 Points | under session1
What protocol normally runs over port 53?
Posted on 2022-09-25 20:57:19.391833
Solved 11 times | 5 Points | under session1
How many TCP ports can possibly exist on a system?
Posted on 2022-09-25 20:57:19.391833
Solved 12 times | 5 Points | under session1
Is port 993 open? (yes/ no) Box: luhack-recon-0
Posted on 2022-09-25 20:57:19.391833
Solved 12 times | 5 Points | under session1
Is port 999 open? (yes/ no) Box: luhack-recon-0
Posted on 2022-09-25 20:57:19.391833
Solved 10 times | 5 Points | under session1
What is the SSH fingerprint of the server? Box: luhack-recon-0
Format: SHA256:...
Posted on 2022-09-25 20:57:19.391833
Solved 10 times | 5 Points | under session1
What IMAP software is running? Box: luhack-recon-0
Posted on 2022-09-25 20:57:19.391833
Solved 10 times | 5 Points | under session1
What is the SMTP banner? Box: luhack-recon-0
Posted on 2022-09-25 20:57:19.391833
Solved 15 times | 5 Points | under session1
What is the banner of port 42069? Box: luhack-recon-0
Posted on 2022-09-25 20:57:19.391833
Solved 13 times | 5 Points | under session1
What is the Organizational Unit (OU) of the certificate server on port 443? Box: luhack-recon-0
Posted on 2022-09-25 20:57:19.391833
Solved 22 times | 5 Points | under session1
What is the hostname (Common Name) of the certificate served on port 443? Box: luhack-recon-0
Posted on 2022-09-25 20:57:19.391833
Solved 29 times | 5 Points | under session1
What version of FTP software is running? Box: luhack-recon-0
Format: SoftwareName x.y.z
Posted on 2022-09-25 20:57:19.391833
Solved 29 times | 5 Points | under session1
What web server software is running? Box: luhack-recon-0
Format: SoftwareName httpd x.y.z
Posted on 2022-09-25 20:57:19.391833
Solved 32 times | 5 Points | under session1
What version of BIND is running? Format: x.y.x
Box: luhack-recon-0
Posted on 2022-02-09 16:58:15.592104
Solved 0 times | 10 Points | under wireshark
I think Van Gogh stopped by 🎨. Let's look at his masterpiece in the [art gallery] The word LUHACK
in the flag is uppercase when you submit
Posted on 2022-02-09 16:58:15.592104
Solved 0 times | 10 Points | under wireshark
Find the flag that has been hidden in a DNS exchange in one of the pcaps!
Posted on 2022-02-09 16:58:15.592104
Solved 0 times | 10 Points | under wireshark
What is the SSH version of the server? [PCAP]
Posted on 2022-02-09 16:58:15.592104
Solved 0 times | 25 Points | under wireshark
Get the flag [🧐]
Posted on 2022-02-09 16:58:15.592104
Solved 0 times | 15 Points | under wireshark
[Can you hear the flag (uppercase)???]
Posted on 2022-02-09 16:58:15.592104
Solved 2 times | 10 Points | under wireshark
What is the passwords? 🤔 [here]?
Posted on 2022-02-09 16:58:15.592104
Solved 2 times | 10 Points | under wireshark
What is the URL that is in the DNS TXT response in [here]?
Posted on 2022-02-09 16:58:15.592104
Solved 4 times | 15 Points | under wireshark
Decrypt [this traffic] using [ssl.log], what is the path the user is GETing?
Posted on 2022-02-09 16:58:15.592104
Solved 0 times | 15 Points | under wireshark
Using the [JA3 plugin for Wireshark], what is the User-Agent of the host making the connection in [here]? (JA3 of TLS Client Hello)
Posted on 2021-02-10 17:36:22.638099
Solved 0 times | 10 Points | under buffer-overflows
Solve this: [https://cdn.discordapp.com/attachments/763411669648408606/809114712717262928/bad]
Posted on 2020-09-26 08:47:06.742482
Solved 0 times | 30 Points | under hard
Here's a linux program compiled by another program I wrote, it should be fairly unintuitive to reverse engineer so good luck! [https://cdn.discordapp.com/attachments/631618075254325257/759334352886169640/a.out] Since I'm nice, here's the source code: [https://gist.github.com/simmsb/28c165087b301fcce234c1533861421e] And here's the source code of the compiler: [https://github.com/simmsb/some-scheme-compiler]