Times is a work conceptualized by Victoria Hertel as part of Bad Clocks: Alley through a Pinhole involving 12 bells that sound when the audience walked around them. The work was finalized and built over the course of 2 weeks, so please excuse the rough edges should you spot any

SecQuiz I have enabled most of the security mechanisms. I guess my binary is secure. Note: the flag is stored in flag.txt Running checksec, we see we have all security mitigations enabled: ➜ bin-secquiz checksec secquiz [*] '/home/justin/cl2/bin-secquiz/secquiz' Arch: amd64-64-little RELRO: Full RELRO Stack: Canary

Web Secure Storage Check out our secure storage solutions for all your secure storing needs! featuring our new secure enclave™️ where secrets are stored securely™️ https://securestorage.rars.win/ https://secureenclave.rars.win/ The author writeup can be found here. The challenge is explained in far greater detail there, while

Pwn Space University of Interior Design Storytelling is the root of interior design. Author: zeyu2001 We're given shell access to a machine, logged in as guest. We start poking around and notice a few interesting things: We see that python3.7 has the suid bit set. Given the

Web online_compiler Compile & run your code with the 3k online compiler. Our online compiler supports multiple programming languages like Php, Python,... We're given source code of a web app - interesting snippets: @app.route('/save',methods = ['POST']) @cross_origin() def save(): c_

Quick writeups for the challenges I wrote: Web Touch Of The Paranoid We're happy to announce that we now support multi-factor authentication. Our login portal is now bulletproof and unhackable! Our first user mentioned something about Google Authenticator... PS: No bruteforce is needed, you will be throttled if

Mobile Login It's time for a simple, relaxing challenge. Can you find the correct credentials? Decompile the apk with jadx: public class LoginDataSource { private String m_password = "7470CB2F2412053D0A3CEC3D07CAE4A4"; ... public String getJavaPassword() { try { return AESTools.decrypt(this.m_password); } catch (Exception e) { e.printStackTrace(); return ""

Binary Exploitation Beta reporting system The developer working for COViD that we arrested refused to talk, but we found a program that he was working on his laptop. His notes have led us to the server where the beta is currently being hosted. It is likely that there are bugs

Stage 1 We're given an encrypted zip file and told that the password is a hex string. Generating a wordlist and feeding it to fcrackzip solves this. import itertools with open("hex_wordlist.txt", "w") as f: for c in itertools.product("0123456789abcdef&

OnlyFreights Check out my OnlyFans OnlyFreights! A website to classify all the freight ships. NOTE: There is a secret cargo stored at /flag.txt, but you need to convince the /guard executable to hand it to you! Relevant source code provided: app.put('/api/directory*', (req, res) =>

The Viet Cong is transmitting a secret message. They built a password checker so that only a selected few can view the secret message. We've recovered the binary, we need you to find out what they're trying to say. Official writeup can be found here. undefined8

Writeups for the LSCVM-related challenges