CHALLENGES
-
Start
100 pts
Solved 4917 times. sces60107Just a start.
nc chall.pwnable.tw 10000
Don't know how to start?
Advanced exploitation with GDB-GEF: GEF 101 - Solving pwnable.tw/start by @_hugsy -
orw
100 pts
Solved 3572 times. sces60107Read the flag from
/home/orw/flag.Only
openreadwritesyscall are allowed to use.nc chall.pwnable.tw 10001 -
CVE-2018-1160
100 pts
Solved 60 times. c2w2m2There is an old version Netatalk with some vulnerabilities, such as CVE-2018-1160.
Can you develop a 1-day exploit for this challenge? :p
nc chall.pwnable.tw 10002 -
-
-
-
-
-
applestore
200 pts
Solved 820 times. jinmo123tomcr00se rooted the galaxy S5, but we need you to jailbreak the iPhone8!
nc chall.pwnable.tw 10104 -
-
-
-
-
Starbound
250 pts
Solved 413 times. nneonneoLet's play starbound together!
multi-player features are disabled.
nc chall.pwnable.tw 10202 -
Spirited Away
300 pts
Solved 521 times. nneonneoThanks for watching Spirited Away !
Please leave some comments to help us improve our next movie !
nc chall.pwnable.tw 10204 -
-
CVE-2018-10387
250 pts
Solved 62 times. NextLineSingled-threaded TFTP Server Open Source Freeware Windows/Unix for PXEBOOT, firmware load, support tsize, blksize, timeout, server port ranges, block number rollover for large files, and remote code execution.
nc chall.pwnable.tw 10206 -
Bounty Program α
300 pts
Solved 32 times. NextLineOnly PPP got a bounty in HITCON CTF final 2019. :p
flag:
/home/bounty_program/flagnc chall.pwnable.tw 10208 -
-
-
BookWriter
350 pts
Solved 386 times. CharoI fixed some bug of memo from bkp CTF 2017 and modified some control flow, but it's still pwnable.
Can you pwn it again?
nc chall.pwnable.tw 10304 -
-
-
-
-
-
-
WannaHeap
400 pts
Solved 94 times. CharoDo you like heap challege?
This challenge is running on Ubuntu 17.04
nc chall.pwnable.tw 10305 -
-
HITCON FTP
400 pts
Solved 14 times. perniciousNobody find all vulnerabilities in HITCON CTF final 2019. :'(
flag:/home/hitcon_ftp/flagnc chall.pwnable.tw 10309 -
Stupid Robot
400 pts
Solved 11 times. RiatreCreate your own robot and capture the flag!
Note:
/tmpwill be cleaned up every 5 minutes.nc chall.pwnable.tw 10311 -
-
Ghost Party
450 pts
Solved 147 times. xellosWelcome to ghost island and enjoy the ghost party.
nc chall.pwnable.tw 10401 -
-
unexploitable
500 pts
Solved 370 times. xellosThe original challenge is on pwnable.kr and it is solvable.
This time we fix the vulnerability and now we promise that the service is unexploitable.
nc chall.pwnable.tw 10403 -
BabyAllocator
500 pts
Solved 51 times. xellosDo you like memory allocator?
Love, Service , Responsibility, Discipline !
nc chall.pwnable.tw 10404 -
OmegaGo
500 pts
Solved 62 times. xellosWant to fight with AlphaGo?
Beat OmegaGo first.
Note: The game rule has been simplified to make life easier.
nc chall.pwnable.tw 10405 -
Food Store
500 pts
Solved 33 times. l4w.ioWelcome to my food store!
This challenge is running on Ubuntu 17.04
nc chall.pwnable.tw 10406 -
Bounty Program β
500 pts
Solved 22 times. perniciousSome team and me patched some bug in
bounty program alpha, but it's still pwnable :(Can you pwn it again?
flag:
/home/bounty_program/flagnc chall.pwnable.tw 10410 -
-
Bash Revenge
500 pts
Solved 20 times. mrbaconguyThere is an old version bash with some vulnerabilities, such as CVE-2016-9401.
Can you develop a 1-day exploit for this challenge? :pnc chall.pwnable.tw 10407 -
-
-
criticalheap
200 pts
Solved 193 times. xellosThere are some secrets . Try to capture
/home/critical_heap++/flag.We recommend you to use the provided docker environment to develop your exploit:
nc chall.pwnable.tw 10500 -
criticalheap++
600 pts
Solved 71 times. lucasIt's very crazy! Don't do it!!
You need to get a shell !!
We recommend you to use the provided docker environment to develop your exploit:
nc chall.pwnable.tw 10500 -
Digimon
600 pts
Solved 13 times. xellosWelcome to the world of digimon!
Try to catch as many as possible! :P
nc chall.pwnable.tw 10501
2021-05-18 02:38:04
tsar
Start
2021-05-18 02:36:46
ccccc
Start
2021-05-17 22:29:26
noopnoop
BabyAllocator
2021-05-17 20:27:02
Imperi
Start
2021-05-17 16:40:34
0n3m4ns4rmy
Bounty Program α
2021-05-17 14:23:44
acerinctf
calc
2021-05-17 08:03:21
boodamdang
3x17
2021-05-16 17:14:49
codacker
seethefile
2021-05-16 16:15:14
teppi
hacknote
2021-05-16 14:43:43
ker
Heap Paradise
2021-05-16 12:31:41
oldboiz31
seethefile
2021-05-16 10:59:31
lanleft
Death Note
2021-05-16 07:33:07
MattG
Silver Bullet
2021-05-16 02:05:00
XingerBurger
3x17
2021-05-15 20:10:45
0xSha0白
Tcache Tear
2021-05-15 12:42:51
fruit
dubblesort
2021-05-15 12:40:29
fruit
3x17
2021-05-15 11:41:19
parrot
MnO2
2021-05-15 09:25:34
blingbling
dubblesort
2021-05-15 08:25:38
twleo
Tcache Tear