Just a start.

nc chall.pwnable.tw 10000

start

Read the flag from /home/orw/flag.

Only open read write syscall are allowed to use.

nc chall.pwnable.tw 10001

orw

There is an old version Netatalk with some vulnerabilities, such as CVE-2018-1160.

Can you develop a 1-day exploit for this challenge? :p

nc chall.pwnable.tw 10002

netatalk.tgz

Have you ever use Microsoft calculator?

nc chall.pwnable.tw 10100

calc

3 x 17 = ?

nc chall.pwnable.tw 10105

3x17

Sort the memory!

nc chall.pwnable.tw 10101

dubblesort

A good Hacker should always take good notes!

nc chall.pwnable.tw 10102

hacknote

Please kill the werewolf with silver bullet!

nc chall.pwnable.tw 10103

silver_bullet

tomcr00se rooted the galaxy S5, but we need you to jailbreak the iPhone8!

nc chall.pwnable.tw 10104

applestore

I want to realloc my life :)

nc chall.pwnable.tw 10106

re-alloc

Make tcache great again !

nc chall.pwnable.tw 10207

tcache_tear

Can you see anything?

Get a shell for me.

nc chall.pwnable.tw 10200

seethefile

Write the shellcode on your Death Note.

nc chall.pwnable.tw 10201

death_note

Let's play starbound together!

multi-player features are disabled.

nc chall.pwnable.tw 10202

starbound

Thanks for watching Spirited Away !

Please leave some comments to help us improve our next movie !

nc chall.pwnable.tw 10204

spirited_away

Can you find the password in the stack?

nc chall.pwnable.tw 10205

babystack

Singled-threaded TFTP Server Open Source Freeware Windows/Unix for PXEBOOT, firmware load, support tsize, blksize, timeout, server port ranges, block number rollover for large files, and remote code execution.

nc chall.pwnable.tw 10206

opentftpd

Only PPP got a bounty in HITCON CTF final 2019. :p

flag: /home/bounty_program/flag

nc chall.pwnable.tw 10208

bounty_program_alpha.tar.gz

Find the flag in the garden.

nc chall.pwnable.tw 10203

secretgarden

The last 23 days, write down your shellcode.

nc chall.pwnable.tw 10300

alive_note

I fixed some bug of memo from bkp CTF 2017 and modified some control flow, but it's still pwnable.

Can you pwn it again?

nc chall.pwnable.tw 10304

bookwriter

What does "CAOV" stands for ?

nc chall.pwnable.tw 10306

caov
caov.cpp

Let's go to heap paradise

nc chall.pwnable.tw 10308

heap_paradise

Realloc the world!

nc chall.pwnable.tw 10310

re-alloc_revenge

Give me some compound. No more than 31337 mole.

nc chall.pwnable.tw 10301

mno2

Find the secret in my heart!

nc chall.pwnable.tw 10302

secret_of_my_heart

Can you get a shell for me?

Just kidding, it's unexploitable.

nc chall.pwnable.tw 10303

kidding

Do you like heap challege?

This challenge is running on Ubuntu 17.04

nc chall.pwnable.tw 10305

wannaheap

Everything is printable

nc chall.pwnable.tw 10307

printable

Nobody find all vulnerabilities in HITCON CTF final 2019. :'(
flag: /home/hitcon_ftp/flag

nc chall.pwnable.tw 10309

hitcon_ftp

Create your own robot and capture the flag!

Note: /tmp will be cleaned up every 5 minutes.

nc chall.pwnable.tw 10311

robot.jar

Break out the prison.

nc chall.pwnable.tw 10400

breakout
prisoner

Welcome to ghost island and enjoy the ghost party.

nc chall.pwnable.tw 10401

ghostparty
ghostparty.cpp

Do you know how to Defeat ASLR?

nc chall.pwnable.tw 10402

deaslr

The original challenge is on pwnable.kr and it is solvable.

This time we fix the vulnerability and now we promise that the service is unexploitable.

nc chall.pwnable.tw 10403

unexploitable

Do you like memory allocator?

Love, Service , Responsibility, Discipline !

nc chall.pwnable.tw 10404

babyallocator

Want to fight with AlphaGo?

Beat OmegaGo first.

Note: The game rule has been simplified to make life easier.

nc chall.pwnable.tw 10405

omegago

Welcome to my food store!

This challenge is running on Ubuntu 17.04

nc chall.pwnable.tw 10406

food_store

Some team and me patched some bug in bounty program alpha, but it's still pwnable :(

Can you pwn it again?

flag: /home/bounty_program/flag

nc chall.pwnable.tw 10410

bounty_program_beta.tar.gz

You have the shell, and then?

nc chall.pwnable.tw 10108

bash.tgz

There is an old version bash with some vulnerabilities, such as CVE-2016-9401.
Can you develop a 1-day exploit for this challenge? :p

nc chall.pwnable.tw 10407

bash_revenge.tgz

Seccomp is good

nc chall.pwnable.tw 10408

seccomp-tools.tgz

The Programmer, the Slime and the Stupid Boss

nc chall.pwnable.tw 10409

stupid
stupid.cpp

There are some secrets . Try to capture /home/critical_heap++/flag.

We recommend you to use the provided docker environment to develop your exploit:

nc chall.pwnable.tw 10500

critical_heap.tar.gz

It's very crazy! Don't do it!!

You need to get a shell !!

We recommend you to use the provided docker environment to develop your exploit:

nc chall.pwnable.tw 10500

critical_heap.tar.gz

Welcome to the world of digimon!

Try to catch as many as possible! :P

nc chall.pwnable.tw 10501

digimon.tar.gz