Our vision is to bring together the world's expertise to solve challenging security problems.
Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth.
The objective of this challenge is to exploit some remote services and claim secret flags. This challenge requires you to develop and demonstrate your knowledge in reverse engineering and various binary exploitation techniques.
Once you have successfully obtained one flag from each category, send your resume, flags, and a brief writeup of your solutions to firstname.lastname@example.org.
Through limited access to the servers, we have obtained old versions of the exploitable binaries, which may be downloaded below. It appears these old versions were designed to be run locally, but they generally mirror the functionality of the programs running on the servers.
Feel free to use whatever techniques come to mind to reverse engineer and exploit the flaws in the binaries. Once you are confident in your ability to crash the binaries in a controlled manner, connect to the live servers at the links listed below. Beginners in the field of pwning may find it instructive to start with level 1 and complete the challenges in order.
Category 1: Warmup
Category 2: The Real Deal
IMPORTANT: For reasons unknown to you, the servers only allow inbound connections on the ports listed above, and they allow no outbound connections at all. Keep this in mind while crafting your exploit. Additionally, you can obtain the flag by running /bin/flag email@example.com with your email address as the first argument.