• Solves: 76
  • cfy running on 3313

  • Solves: 6
  • 1) Pwn cfy 2) nc 3314

  • Solves: 3
  • We proudly present you our totally awesome and hip data scanning service: Fyltr

    A demo is available at $ nc 1031

    You can conveniently write your filters in code and because they are compiled, it's also blazingly fast! And since Fyltr is written in Erlang, nobody will be able to own our servers, keeping your data secure.

  • Solves: 25
  • mynx running on 1234

  • Solves: 3
  • Enter the trilogy: pwn this phone. Please use only the qemu provided.

    Remote instance requires proof of work: nc 1024


    • mobile/mobile
    • root/root (local image only)

    Connect locally via telnet to localhost:10023 after qemu booted completely.

  • Solves: 1
  • Root the phone.

    Hint: Baseband processors do not have memory protections Note: You need to solve Nokia 1337 first.

  • Solves: 15
  • Test your x86_64 shellcode here but dont escape the sandbox please...

    nc 1234

  • Solves: 2
  • To play it, connect to our server via:

        socat -,raw,echo=0 TCP:

    Have fun!

  • Solves: 10
  • sarge running on 1234

  • Solves: 5
  • Say hello to

    Flag matches [0-9a-f]+

  • Solves: 53
  • We implemented aes in hardware and saved a lot of memory. Feel free to use our online aes encryption service to secure your data.

    nc 2786
  • Solves: 21
  • I have seen the admin logging in with these credentials:

    • admin
    • Sup3r&sEc\_/re_p@$$w()rd
    • 9ae684ca583214d33905000000000000fd635dded0bbb40e162da79fba55ae32

    somehow, i cannot login... btw. what does otp mean?

  • Solves: 72
  • In a world, where everybody and their mom rolls out their own crypto implemented PHP, Joe plays it safe with Standard Crypto.

  • Solves: 38
  • Ever imagined compiled stack based perl?

    It could look like this, but maybe this one is even worse, so we start with an easy one.

    Try to find the flag in this binary, but don't forget to run objdump -h bor_ey

  • Solves: 180
  • Let's play a game!

    nc 2000
  • Solves: 5
  • crackme

    Note: This is a last minute entry and we haven't broken this ourselves. Don't expect any support. You can probably spend lots of time on this and not get anywhere. The risk is yours, you have been warned.

  • Solves: 1
  • Merkel is under surveillance. Merkel will receive confidential SMS once in a minute or so. Maybe the NSA left something useful.

    Note: You need to solve Nokia 1337 first!

  • Solves: 5
  • bindshell running on

  • Solves: 14
  • we found this binary and captured some traffic...

  • Solves: 39
  • orbb running on

  • Solves: 6
  • Time to pwn back, look for the malware on the compromised host!

    You must solve Rick first to be able to solve this challenge.

  • Hints:
    • The goal is to retrieve credentials for C&C IRC channel from memory, do this by pwning the service on port 1337

    • Some people asked for the firewall rules on Roll:


      :INPUT DROP [56:3360]

      :FORWARD ACCEPT [0:0]

      :OUTPUT ACCEPT [997:167700]

      -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

      -A INPUT -p tcp -m tcp --dport 1234 -j ACCEPT

      -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

      -A INPUT -p tcp -m tcp --dport 80 -m limit --limit 1/sec --limit-burst 1 -j ACCEPT

      -A INPUT -p udp -j ACCEPT

      -A INPUT -p icmp -j ACCEPT


    • Debug build with more or less useful output available at the location of the old binary

  • Solves: 1
  • We scratched this file from a harddrive that fell from a Gnu. It may contain a secret... FILE

  • Solves: 2
  • This is the circuit of a safe lock. Get the key to open it!

    It's neither about webtronics nor ngspice. Disregard bugs in both.

    If you want to write spice code directly, use something like this cat test.cir | curl --data-binary '@-'

  • Hints:
    • when you handbuild your SPICE code: keep in mind that the first line is special and should be a comment, otherwise it is ignored.

    • The web interface does fully work with Chrome. Use Firefox.

  • Solves: 226
  • 5CHAN? never heard of this image board, but they have exactly what we need, the picture we're looking for is not for public, so can you get it?

  • Solves: 24
  • It's some devilish community public portal, we're pretty sure there's something else out there, a private portal maby, we'd like to know the secret behind it

  • Solves: 11
  • These guys have ripped off our designs and using them in their web pages builder, we'd Haxx them, dont worry we'll give you decent points for it