Kerry is naive and clicks on every link you send her, try using a csrf vulnerability to steal her money. Box: luhack-web-0 Port: 8083 Url: [http://100.110.89.151:8083]

Try exploiting the ssti to run arbitrary code and get the flag. Box: luhack-web-0 Port: 8084 Url: [http://100.110.89.151:8084]

Try exploiting the sqli to dump the users table. (sqlmap may be useful) Box: luhack-web-0 Port: 8085 Url: [http://100.110.89.151:8085]

Any way to get me access to this new album from my favourite band? (This one is a little tougher!) Box: luhack-web-0 Port: 8082 Url: [http://100.110.89.151:8082]

My steam wallet is running low. I've tried all the logins we found previously. This might require something new? Box: luhack-web-0 Port: 8082 Url: [http://100.110.89.151:8082]

I want free access to movies. Box: luhack-web-0 Port: 8082 Url: [http://100.110.89.151:8082]

More passwords to find! Box: luhack-web-0 Port: 8082 Url: [http://100.110.89.151:8082]

You've found the login page for the site. Can you get access? Box: luhack-web-0 Port: 8082 Url: [http://100.127.159.170:8082]

This is a basic pin brute force. You've been given access to this page with a 4 digit pin. Can you build a script to crack it? Box: luhack-web-0 Port: 8082 Url: [http://100.127.159.170:8082]

You're not admin, are you? Box: luhack-web-0 Port: 8081 Url: [http://100.127.159.170:8081]

Can you login to an account? (Try doing #4 first) Box: luhack-web-0 Port: 8081 Url: [http://100.127.159.170:8081]

(broken, sorry. Try web-sqli instead) Can you inject the login page? Box: luhack-web-0 Port: 8081 Url: [http://100.127.159.170:8081]

Hack the Network Test page. Box: luhack-web-0 Port: 8081 Url: [http://100.127.159.170:8081]

Another easy one, just look and pretend you're a robot 👀 Box: luhack-web-0 Port: 8081 Url: [http://100.110.89.151:8081]

This is an easy one, just look around... Box: luhack-web-0 Port: 8081 Url: [http://100.110.89.151:8081]

Read the flag of the root6 account

Break into the root3 account

Escalate to the root2 account

Escalate to the root5 account

Escalate to the root4 account

Escalate to the root1 account

Escalate to the root0 account

We've received the following transmissions and their encrypted couterparts: plain text According to all known laws of aviation: there is no way a bee should be able to fly. cipher plain text Once upon a time there was a lovely princess. But she had an enchantment upon her of a fearful sort which could only be broken by love's first kiss. cipher

TFVIYWNre2Jhc2U2NF9pc19lbmNyeXB0aW9uP30=

4c554861636b7b636f6d706c6574656c795f68696464656e5f66726f6d5f73696768747d

Decrypt the file to find the flag [locked.zip] A dictionary might come in handy...

Decode the message to find the flag

Can you decrypt the traffic? I'll be nice and even give you the keys! (Hint: Use Wireshark) Traffic: [crypto9.pcapng] Keys: [ssl.log]

Try the other tasks first before attempting these more difficult challenges! This one is very hard. Made by pink#3872

You need to complete #1A first, make sure to read the prompt again [final.dat] Made by pink#3872

Try the other tasks first before attempting these more difficult challenges! Made by pink#3872

Decode the message to find the flag You will need to put your answer in the LUHACK{...} format Made by pink#3872

Decode the message to find the flag Made by pink#3872

Finding the flag might require some brute force... [hmmm.dat] Made by pink#3872

Decode the message to find the flag Made by pink#3872

Decode the message to find the flag Made by pink#3872

Decode the message to find the flag Made by pink#3872

Decode the message to find the flag Made by pink#3872

Decode the message to find the flag Made by pink#3872

Pwn windows box with EternalBlue (Flag is on the desktop of the LUHack user) Boxes: win-infra-<0..n> Make sure you use a bind shell, windows/x64/meterpreter/bind_tcp works well. If this doesn't work, try one of the other win-blue machines. EternalBlue likes to trigger BSODs.

Pwn vsftpd Box: luhack-infra-0 Note: The metasploit module for this doesn't try to run the exploit if it sees the shell port already open, you can use the msfconsole edit and reload commands to remove this check. You can also try exploiting this vulnerability manually :)

Pwn Unrealircd Box: luhack-infra-0 Note: Make sure you use a bind shell, and, use port 10001

Pwn redis (Make sure you use a bind shell on port 10000) Box: luhack-infra-0 (cmd/unix/bind_netcat is a good payload btw)

Find the subdomain of luhack.me Answer format: <subdomain>.luhack.me

Find a weird user on the SMTP server. They're not one of these: (hint: /usr/share/wordlists/metasploit/unix_users.txt is a good wordlist) Box: luhack-enum-0

Throw dirb at it. Box: luhack-enum-0

I hope you're not a robot? Box: luhack-enum-0

Somewhere in a SMB share... Box: win-enum-0

The second flag from the FTP server. (you might want to come back to this later) Box: luhack-enum-0

Our ftp server isn't as secure as we hoped. Box: luhack-enum-0

Find the hidden flag on the DNS server! Box: luhack-recon-0 Hint: How can we read all records of a DNS server?

What is the content of the txt.luhack.local record? Box: luhack-recon-0

What is the IP address of test.luhack.local ? Hint: use dig or nslookup Box: luhack-recon-0

What protocol normally runs over port 53?

How many TCP ports can possibly exist on a system?

Is port 993 open? (yes/ no) Box: luhack-recon-0

Is port 999 open? (yes/ no) Box: luhack-recon-0

What is the SSH fingerprint of the server? Box: luhack-recon-0 Format: SHA256:...

What IMAP software is running? Box: luhack-recon-0

What is the SMTP banner? Box: luhack-recon-0

What is the banner of port 42069? Box: luhack-recon-0

What is the Organizational Unit (OU) of the certificate server on port 443? Box: luhack-recon-0

What is the hostname (Common Name) of the certificate served on port 443? Box: luhack-recon-0

What version of FTP software is running? Box: luhack-recon-0 Format: SoftwareName x.y.z

What web server software is running? Box: luhack-recon-0 Format: SoftwareName httpd x.y.z

What version of BIND is running? Format: x.y.x Box: luhack-recon-0

Ben lost his token again!

Hidden inside this pcap is a flag: [https://cdn.discordapp.com/attachments/631618075254325257/759113595841151017/completedChallenge.pcapng]

Nothing to see here ...

We received the following file. Can you help us decode the hidden message? [Downloadable File to investigate]

To complete this challenge, you must find all 3 flags. Submit the flags in the format: flag1flag2flag3

drainage edict deadbolt cranky crucial dragnet kickoff guidance highchair fracture chatter chatter jawbone eyetooth freedom chairlift gremlin flytrap eyetooth framework glucose choking freedom klaxon

ndjsdcilxcugxtcshlxiwhpaps When submitting the flag, enter it as LUHACK{plaintext}. Where plaintext is the plaintext of the above string.

🔎

Once you've solved Freshers Challenge #1, you'll be given the start of the next challenge. Once you get the flag for that, submit it using the bot!

Hmm I wonder Hint: [CyberChef]

Here's a linux program compiled by another program I wrote, it should be fairly unintuitive to reverse engineer so good luck! [https://cdn.discordapp.com/attachments/631618075254325257/759334352886169640/a.out] Since I'm nice, here's the source code: [https://gist.github.com/simmsb/28c165087b301fcce234c1533861421e] And here's the source code of the compiler: [https://github.com/simmsb/some-scheme-compiler]