Challenges

Clear
All 96 Web 10 Pwn 7 Crypto 7 Forensics 7 Rev 6 Misc 7 OSINT 6 network 7 Mobile 10 Cloud 10 web3 10 Linux 9
Pwn Easy

Buffer Overflow Basic

A classic stack buffer overflow. Overflow the 64-byte buffer to redirect execution to the win() function.

150 pts
4 solves 🩸
Pwn Easy

Stack Overflow - ret2win

A simple buffer overflow challenge. The binary has a win() function that prints the flag, but it's never called. Can you overflow the buffer and redirect execution? Compile: gcc -o stack_overflow stack_overflow.c -fno-stack-protector -no-pie -m32

100 pts
7 solves 🩸
Pwn Medium

Format String

A format string vulnerability. The global 'flag' array is stored in the binary. Leak it from the stack.

300 pts
4 solves 🩸
Pwn Medium

Format String Exploit

This program has a format string vulnerability. Use it to leak the flag from memory. The flag is stored in a global variable. Compile: gcc -o format_string format_string.c -fno-stack-protector -no-pie -m32

250 pts
7 solves 🩸
Pwn Hard

Heap Overflow

Heap overflow into a function pointer. Overflow heap chunk 1 (freed then reallocated) into chunk 2's function pointer to call print_admin().

450 pts
4 solves 🩸
Pwn Hard

ret2libc

Buffer overflow with ASLR disabled. Use ret2libc technique to call system('/bin/sh') and cat the flag.

400 pts
4 solves 🩸
Pwn Insane

ROP Chain

NX enabled, no shellcode. Build a ROP chain using gadgets to call execve('/bin/sh') and read the flag file.

500 pts
4 solves 🩸