Your budget request for the new company personnel index has been declined. Instead, the intern has received a very small bonus in exchange for a homemade solution.

Show them their stinginess could cost them.

The chall maker forgot to remove a debug account... Here is the revenge challenge without this backdoor!

We're given a Python server that looks like this:

import os

Explore the world of debian/debian-based packages.

https://packages.challs.pwnoh.io

We're given a Python server that looks like this:

import sqlite3
import json
from flask import Flask, request, render_template_string

wow i'm in jail??? i'm speechless...

nc speechless.challs.infobahnc.tf 1337

We're given a Python server that looks like this:

#!/usr/bin/python3

allowed = "ab.=-/"

Have you ever played bala...precipice???

nc precipice.challs.m0lecon.it 14615

We're given a lengthy Python interface that looks like this:

#!/usr/bin/env python3

from numpy import float32

Keeping track of all these files makes me so dizzy I feel like I'm floating in space.

Instancer url: https://upload-upload-and-away.chal.uiuc.tf/

Flag format: uiuctf{[a-z_]+}

We're given a TypeScript server that looks like this:

You think you know programming? You think you know languages? heh... as if 🙄

Come back to me when you can write a program that runs in the 3 deadly P's: Perl, Python, and (P)Javascript

Connect with nc -q 2 -N 52.8.15.62 8001

Flag is located at ./flag.txt

Our PHP devs are working on this employee management portal. We have a mock build of the website and you are to pentest the platform for weaknesses. Your goal is to get more privileges and command execution on the server.

We're given a PHP server that looks like this:

<?php
spl_autoload_register(function ($name){
    if (preg_match('/Controller$/', $name))
    {
        $name = "controllers/${name}";

I've developed a little application to help me with my pentest missions, with lots of useful payloads! I even let users add new payloads, but since I was in a rush I didn't have time to test the security of my application, could you take care of it ?

We're given an express server that looks like this:

const express = require('express');
const path = require('path');
const fs = require('fs');
const { spawn } = require('child_process');
const puppeteer = require('puppeteer');

Paint by Numbers? Or perhaps, compute by pixels?

We're given an image that looks like this:

Based on the challenge name, this is a program written in the esolang Piet. Then, we can import the program into an online Piet IDE and try running it:

You have been hired to contribute to a very suspicious project. Follow the link below to get onboard.

https://challs.polygl0ts.ch:8123

We're given access to an organization that looks like this:

Besides the random projects, of note are two repositories: