Generalities
What is this website?
: This website is an archive of challenges from our Capture The Flag (CTF) competitions. Anyone can replay them, whether they have an account or not.
Participants who log in with an account (e.g., GitHub, Discord, or GitLab) can access additional features such as progress tracking, submitting solutions, and bookmarking challenges and writeups.
What is the Luxembourg CyberSecurity Challenge?
: The Luxembourg CyberSecurity Challenge (LCSC) is an annual cybersecurity competition organized to promote cybersecurity skills through practical and technical challenges. The event is jeopardy-style, featuring categories like cryptography, web exploitation, reverse engineering, forensics, and more. For more details, visit lcsc.lu.
Why does this website look like hackropole.fr?
: This website is built using the same Hackropole Hugo theme, originally developed for the France Cybersecurity Challenge (FCSC).
The theme is open source under the MIT license, and weve adapted it for our own challenge archive.
What happens if I find an error or a vulnerability on the platform?
: If you identify a bug or vulnerability in a challenge or on the platform, please report it responsibly to the organizing team via info[at]letzpwn.lu.
Challenges
Im a beginner, where should I start?
: Each year, we include beginner-friendly challenges to help newcomers get started.
These are tagged with intro and can be found by visiting the Challenges section and filtering by difficulty or tags.
How do I solve a challenge?
: Each challenge has a detailed description and often includes downloadable files (e.g., scripts, text files, captures, binaries).
Some challenges also provide a docker-compose.yml file, allowing you to run the challenge locally with Docker. Youll need Docker installed for these.
How is the difficulty of challenges estimated?
: Challenges are classified into four difficulty levels:
- intro â for beginners
- â easy
- ââ medium
- âââ hard
The difficulty is initially estimated by the authors and may be adjusted based on player feedback.
Can I use automated brute-force tools?
: Tools like dirbuster, sqlmap, nmap, or hydra are discouraged â they rarely help and are generally off-track for these challenges.
Categories
What are the challenges in the “Cryptoâ category?
: These involve cryptography â analyzing or breaking ciphers, understanding algorithms, or exploiting implementation flaws.
If youre new, start with challenges tagged intro.
What are the challenges in the “Forensicsâ category?
: These focus on digital investigation â analyzing disk images, memory dumps, network captures, or log files to find evidence of compromise.
What are the challenges in the “Hardwareâ category?
: These explore low-level security: side-channel attacks, hardware analysis, or radio signal investigations.
What are the challenges in the “Miscâ category?
: “Miscâ (miscellaneous) challenges cover a wide variety of topics â programming, algorithmic puzzles, system administration, etc.
What are the challenges in the “Pwnâ category?
: These involve exploiting vulnerabilities in binary executables, typically on Linux.
The goal is to achieve code execution or extract flags by exploiting memory corruption or logic flaws.
What are the challenges in the “Reverseâ category?
: Reverse engineering challenges require analyzing compiled programs to understand how they work and how to extract hidden information.
What are the challenges in the “Webâ category?
: Web challenges involve finding and exploiting vulnerabilities in web applications â such as SQL injection, XSS, file disclosure, or privilege escalation.
Write-ups
How can I read the write-ups?
: You can view write-ups for challenges youve solved. Once you enter a valid flag, a list of available write-ups appears on the challenges page.
What do the write-ups contain?
: Write-ups detail the steps used to solve challenges, often with explanations, scripts, and screenshots.
Who writes the write-ups?
: Most write-ups are submitted by the player community. Occasionally, the LetzPwn team or challenge authors may also publish official ones.
How can I submit a write-up?
: After solving a challenge, log in to your account (GitHub, GitLab, or Discord) and submit the flag along with a link to your write-up â preferably a GitHub Gist or GitLab Snippet in Markdown format.
How are the write-ups verified?
: All submissions are manually reviewed by moderators to ensure quality, accuracy, and originality before being published.
How can I increase the chances of my write-up being accepted?
: Write-ups are evaluated based on:
- Clarity and educational value
- Writing quality and structure
- Original or creative approaches
- Completeness and reproducibility (include full scripts or commands)
- Non-duplication of existing content
Docker Installation
How do I install Docker on Windows, macOS, or Linux?
: Follow the official Docker documentation for your operating system.
You can verify your setup by running the challenge intro Welcome Docker.
How do I launch a challenge with Docker?
: Download the docker-compose.yml file from the challenge page and run:
docker compose up
Then follow the on-screen instructions to access the service locally.
Some challenges wont run on my Linux distribution â what can I do?
: Certain distributions (like Fedora) enable SELinux by default, which can interfere with Docker containers. Do not disable SELinux; instead, configure a custom policy to allow the challenge to run safely.
Contribute to the Archive
How is this website generated?
: The site content (challenges and write-ups) is written in Markdown and built with the Hugo static site generator using the Hackropole Hugo theme.
- Where can I find the source code?
The Hugo theme used here is available under the MIT license at github.com/ANSSI-FR/hackropole-hugo
You did not find your answer?
: For any further question missing from this page that you might have, please contact us.