Skip To Content

Pwnable

Exploit your way to the secret flag

View all Challenges Join our Hall of Fame

Play the game

Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth.

The objective of this challenge is to exploit a remote service and claim a secret flag. This challenge requires knowledge in reverse engineering, buffer overflows, memory disclosure vulnerabilities, bypassing Address Space Layout Randomization, and crafting exploit code to execute commands remotely.

Icon/Info

Once you have successfully obtained the flag, send your resume and flag to careers@praetorian.com

Through limited access to the server, we have obtained an old version of the exploitable binary, which may be downloaded below. It appears this old version was designed to be run locally, but generally mirrors functionality of the Internet connected version. Feel free to use whatever techniques come to mind to determine the purpose of the binary. Once you are confident in your ability to crash the binary in a controlled manner, connect to the live server at 
pwnable.praetorian.com:2888.

Download Binary

Icon/Info

IMPORTANT: For reasons unknown to you, the server only allows outbound connections on port 4444 and allows no inbound connections (except 2888). Keep this in mind while crafting your exploit. Additionally, you can obtain the flag by running /bin/flag pwnable@example.org with your email address as the first argument.

Will you be next? We’ll be watching. But feel free to reach out via Twitter @PraetorianLabs.

We don't support Internet Explorer

Please use Chrome, Safari, Firefox, or Edge to view this site.