Sniff the password

They're getting better now, ltrace won't work on [this one], we'll have to use strace instead.

Leak the password

Another [program that manages passwords], try to expose it using ltrace.

Guess the password

We've found [this program], we have no idea what it does but we do know that if the correct password is typed in you'll know the flag. For reference the example angr code is:

Malicious Macro

Find the flag (pwned{...}) [[https://cdn.discordapp.com/attachments/631618075254325257/816412496310960188/macro.vbs]] Note: Microsoft Defender likely flags this as malware...

Android Malware

Can you de-obfuscate the string in the files? [[https://cdn.discordapp.com/attachments/631618075254325257/816408536808030268/com.supercell.titan.C2943z1.java]] [[https://cdn.discordapp.com/attachments/631618075254325257/816408563370033162/com.supercell.titan.GameApp.java]] [These are from Maddie Stone's Android App Reversing Course]

Big brain, little brain

Half-baked Cobra

Can you decompile my script for me, I accidently deleted the source code! [Compiled version]

Snake Bite

Get the flag from this horrendous script.

Phishing #4

Oh dear, Tracey, in her old age, has forgotten to post the last flag to her Instagram. Silly Tracey! The only way of getting the last flag is to pry it from her yourself! Craft up a convincing phishing email/message, using information given to you by Tracey herself via her verbose social media presence, and get that last flag! These emails will be read out so please make sure you keep content relatively acceptable. Tracey was naughty in her youth, but she's getting on a bit now!

Phishing #3

With lockdown in full swing, Tracey has been doing a bit of online shopping to ward off the crippling boredom induced by months inside. Poor Tracey! Go and join her cheeky shop at [https://www.instagram.com/bigtraceyx/]

Phishing #2

Tracey has recently had a Facebook memory from when she passed her driving test, to celebrate she has decided to share it with you all! Isn't Tracey lovely? Find Tracey's caring posts at [https://www.instagram.com/bigtraceyx/]

Phishing #1

Tracey has been on holiday recently, isn't that lovely? See her holiday snaps at [https://www.instagram.com/bigtraceyx/]

Steg #8

[File]

Steg #7

[File]

Steg #6

Lorem ipsum dolor sit amet occaecat laborum culpa minim, qUis occaecat esse nulla. irure velit aliquip cillum deserunt enim nostrud lorem officia esse aliqua cupidatat laborum voluptate eu amet ea eu incididunt. ullamco repreHenderit ex lorem consequat quis cillum enim officia enim est Aliquip ad nostrud laborum dolor ex anim amet enim mollit nisi. et Commodo tempor dolor et ad proident elit aute elit temporK. exercitation culpa ut esse et aliqua ea qui magna. id do eu reprehenderit tempor...

Steg #5

[File]

Steg #4

Compare the meerkats [Meerkat 1] [Meerkat 2]

Steg #3

[File]

Steg #2

[Files]

Steg #1

??? [File]

Privesc #8

Escalate to the root8 account

Privesc #7

Escalate to the root7 account

Privesc #6

Escalate to the root6 account

Privesc #5

Escalate to the root5 account

Privesc #4

Escalate to the root4 account

Privesc #3

Escalate to the root3 account

Privesc #2

Escalate to the root2 account

Privesc #1

Escalate to the root1 account

Wireshark #9

I think Van Gogh stopped by 🎨. Let's look at his masterpiece in the [art gallery] The word LUHACK in the flag is uppercase when you submit

Wireshark #8

Find the flag that has been hidden in a DNS exchange in one of the pcaps!

Wireshark #7

What is the SSH version of the server? [PCAP]

Wireshark #6

Get the flag [🧐]

Wireshark #5

[Can you hear the flag (uppercase)???]

Wireshark #4

What is the passwords? 🤔 [here]?

Wireshark #3

What is the URL that is in the DNS TXT response in [here]?

Wireshark #2

Decrypt [this traffic] using [ssl.log], what is the path the user is GETing?

Wireshark #1

Using the [JA3 plugin for Wireshark], and [ja3er.com], what is the User-Agent of the host making the connection in [here]? (JA3 of TLS Client Hello)

RE #5

This one also needs some reversing, can you figure out what it's doing to the password? [get it here] Also, a note about stack strings: compilers like to load strings into memory by splitting the string into chunks of 8 bytes, and loading each chunk as a 64 bit integer. Radare2/Cutter will attempt to show you the content of these strings as an annotation, but sometimes you need to use your intuition. ...

RE #4

No cracking this time, take a look and see what this program is doing: [get it here]

RE #3

A bit more difficult this time (I think), might be a bit more complicated than flipping a jump: [get the program here]

RE #2

Crack this program and the flag will be yours: [get it here]

RE #1

This one needs a lot of brainpower: [get the program]

Crypto #11

Decrypt the file to find the flag [locked.zip] A dictionary might come in handy...

Crypto #10

Decode the message to find the flag

Crypto #9

Can you decrypt the traffic? I'll be nice and even give you the keys! (Hint: Use Wireshark) Traffic: [crypto9.pcapng] Keys: [ssl.log]

Crypto Challenge #2

Try the other tasks first before attempting these more difficult challenges! This one is very hard. Made by pink#3872

Crypto Challenge #1B

You need to complete #1A first, make sure to read the prompt again [final.dat] Made by pink#3872

Crypto Challenge #1A

Try the other tasks first before attempting these more difficult challenges! Made by pink#3872

Crypto #8

Decode the message to find the flag You will need to put your answer in the LUHACK{...} format Made by pink#3872

Crypto #7

Decode the message to find the flag Made by pink#3872

Crypto #6

Finding the flag might require some brute force... [hmmm.dat] Made by pink#3872

Crypto #5

Decode the message to find the flag Made by pink#3872

Crypto #4

Decode the message to find the flag Made by pink#3872

Crypto #3

Decode the message to find the flag Made by pink#3872

Crypto #2

Decode the message to find the flag Made by pink#3872

Crypto #1

Decode the message to find the flag Made by pink#3872

WEB CSRF

Navigate to [http://10.10.10.28/csrf]. Kerry is naive and clicks on every link you send her, try using a csrf vulnerability to steal her money.

WEB SSTI

Navigate to [http://10.10.10.28/ssti], try exploiting the ssti to run arbitrary code and get the flag.

WEB SQLI

Navigate to [http://10.10.10.28/sqli], try exploiting the sqli to dump the users table. (sqlmap may be useful)

WEB-BOX #6 - Albums

Any way to get me access to this new album from my favourite band? (This one is a little tougher!)

WEB-BOX #5 - CSGO SKINS

My steam wallet is running low. I've tried all the logins we found previously. This might require something new?

WEB-BOX #4 - Ricflix

I want free access to movies.

WEB-BOX #3 - FBS

More passwords to find!

WEB-BOX #2 - Login

You've found the login page for the site. Can you get access?

WEB-BOX #1 - Pin

This is a basic pin brute force. You've been given access to this page with a 4 digit pin. Can you build a script to crack it?

Web #6

You're not admin, are you?

Web #5

Can you login to an account? (Try doing #4 first)

Web #4

Can you inject the login page?

Web #3

Hack the Network Test page . There's a cat binary is in the same directory as where you are, to run it use ./cat, the flag is in a file called flag.txt :)

Web #2

Another easy one, just look and pretend you're a robot 👀

Web #1

This is an easy one, just look around...

Infra #4

Pwn windows box with EternalBlue (Flag is on the desktop of the LUHack user) 10.10.10.15

Infra #3

Pwn vsftpd, on 10.10.10.23

Infra #2

Pwn Unrealircd, on 10.10.10.23

Infra #1

Pwn redis, on 10.10.10.23

Infra Challenge #2

Pivot from [infra challenge 1] and get root 10.10.10.27 Give John a call. (Cracking tools will be covered in the crypto session)

Infra Challenge #1

Take a look at the port: 4321 on 10.10.10.27

Enum #12

What is the kernel version of the VM? (Answer is x.y.z-ab-w, where xyzab are numbers and w is a word) (Inside LUHack WiFi)

Enum #11

What is the root directory of the FTP server? (Answer is in the form /x/y) (Inside LUHack WiFi)

Enum #10

What is the root directory of the web server running on the machine? (Answer is in the form /x/y/z) (Inside LUHack WiFi)

Enum #9

[Click title to read more] (Inside LUHack WiFi)

Enum #8

Find a valid SMTP username (except enum) (answer is the name in all lowercase) (Inside LUHack WiFi)

Enum #7

🤖 (Inside LUHack WiFi)

Enum #6

I wonder if whoever made the box previously wrote a flag in the terminal 🤔 (Inside LUHack WiFi)

Enum #5

Clandestine File 👀 (Inside LUHack WiFi)

Enum #4

Scan your Environment for clues 🔍 (Inside LUHack WiFi)

Enum #3

What is the subdomain of luhack.me that has a certificate issued for it? Flag is <subdomain>.luhack.me (all lowercase) (On the internet, outside of LUHack WiFi)

Enum #2

FTP #2 (Inside LUHack WiFi)

Enum #1

FTP #1 Try to find the first flag on the FTP server (Inside LUHack WiFi)

Recon #17

Find the hidden flag on the DNS server! Hint: How can we read all records of a DNS server?

Recon #16

What is the content of the txt.luhack.local record?

Recon #15

What is the IP address of test.luhack.local ? Hint: use dig or nslookup

Recon #14

What protocol runs over port 53?

Recon #13

How many TCP ports can possibly exist on a system?

Recon #12

Is port 993 open? (yes/ no)

Recon #11

Is port 999 open? (yes/ no)

Recon #10

How many ports are open?

Recon #9

What is the SSH fingerprint of the user recon? (The answer is a random alphanumeric string)

Recon #8

What IMAP software is running?

Recon #7

What is the SMTP banner?

Recon #6

What is the banner of port 42069?

Recon #5

What is the Organizational Unit (OU) of the certificate server on port 443?

Recon #4

What is the hostname (Common Name) of the certificate served on port 443?

Recon #3

What version of FTP software is running? (SoftwareName x.y.z)

Recon #2

What web server software is running? (SoftwareName x.y.z)

Recon #1

What version of BIND is running? (answer is x.y.x)

Freshers challenge #9

Hidden inside this pcap is a flag: [https://cdn.discordapp.com/attachments/631618075254325257/759113595841151017/completedChallenge.pcapng]

Freshers Challenge #8

Nothing to see here ...

Freshers Challenge #7

We received the following file. Can you help us decode the hidden message? [Downloadable File to investigate]

Freshers Challenge #6

To complete this challenge, you must find all 3 flags. Submit the flags in the format: flag1flag2flag3

Freshers Challenge #5

drainage edict deadbolt cranky crucial dragnet kickoff guidance highchair fracture chatter chatter jawbone eyetooth freedom chairlift gremlin flytrap eyetooth framework glucose choking freedom klaxon

Freshers Challenge #4

ndjsdcilxcugxtcshlxiwhpaps When submitting the flag, enter it as LUHACK{plaintext}. Where plaintext is the plaintext of the above string.

Freshers Challenge #3

🔎

Freshers Challenge #2

Once you've solved Freshers Challenge #1, you'll be given the start of the next challenge. Once you get the flag for that, submit it using the bot!

Freshers Challenge #1

Hmm I wonder

BOF BAD

Solve this: [https://cdn.discordapp.com/attachments/763411669648408606/809114712717262928/bad]

Some dumb RE challenge

Here's a linux program compiled by another program I wrote, it should be fairly unintuitive to reverse engineer so good luck! [https://cdn.discordapp.com/attachments/631618075254325257/759334352886169640/a.out] Since I'm nice, here's the source code: [https://gist.github.com/simmsb/28c165087b301fcce234c1533861421e] And here's the source code of the compiler: [https://github.com/simmsb/some-scheme-compiler]