Home


Welcome on W3Challs,

W3Challs is a penetration testing training platform, which offers various computer challenges, in categories related to security: Hacking, Cracking, Wargame, Forensic, Cryptography, Steganography and Programming.

The purpose of this site is to offer realistic challenges, without simulation, and without guessing!

We give you an opportunity to test your skills against our challenges, and even to try to hack the site itself.
Nevertheless, bruteforcing (of challenges, authentication...) or any Denial of Service are forbidden!
You have to be registered to access challenges.

Good visit!



Last news

Last news :

Steganomoar (awe, the 21/10/2014 at 00h33)Comments (0)
The whole steganography category has been moved to /dev/null, to go along with the opinion of the majority (myself in particular, I won't deny it :P), who hasn't found it interesting on W3Challs for quite a while (it doesn't mean the challs were bad though). This also includes the Shape Shifting cracking challenge, which was also tagged #stegano.

I understand that this may be annoying for some of you, however if you like these challenges, they are indeed still present, just not on the front line!
If the authors wish to move their challenges to other websites, no problem on my end.

Moreover, for a completely different reasons, the JSexec wargame challenge also moved to /dev/null, because of the following reasons:
- it has been down for around 2 years now
- the spidermonkey version doesn't exist on Debian anymore (and isn't maintained)
- the API is completely changed
- newer gcc versions have different behaviors, which makes the vuln as it is unexploitable
- different stack/heap layouts
- the wargame architecture has changed, and x86 over amd64 doesn't exactly work as native x86...
- the fact that I was the one responsible to fix it although I didn't solve it -__-
- etc, etc... and perhaps because awe is a fapper ;) < real reason?

It's not impossible that this one would rise from the dead, although I'd prefer to invest this time into creating a new one that would be more up-to-date... hardened esoteric maybe?

Haters gonna hate, fapperz gonna fap. Life goes on.

\o

Introducing Hardened and Shellcoding wargames (awe, the 30/09/2014 at 23h10)Comments (0)
It's been a while with no new challenge... 5 months!
To catch up, I'm glad to announce 5 new challenges!!

2 new wargame branches are emerging:
  • hardened: challenges with (at least) ASLR, NX and SSP, on an x64 VM with grsec and PaX. Finally time to ROP on w3challs! (although, tinypwn was already on this VM and hardened, but it stays in the esoteric branch) ;
  • shellcoding: fucked up challenges that will force you to write your own shellcodes to get yourself out of the most unlikely situations. Prepare your assembly manuals! The inception challenge was thus moved to that branch.
shambles, a crackme by acez
littlefinger, a hardened wargame by awe
ezxml, a hardened wargame by S3cur3D
bubbleshell, a shellcoding wargame by awe
lost, a shellcoding wargame by awe

That should keep the best of you busy for a week... more new levels soon!

New esoteric wargame (awe, the 28/04/2014 at 23h04)Comments (0)
yo dawgz,

I herd u like wargames, so here's another one :)

tinypwn, by Simo36

This time we're back to userland, but don't miss the segmap level from the same author in the kernelpanic branch!

Thanks simo!

Remote kernel exploit: break the great firewall (awe, the 08/03/2014 at 01h07)Comments (0)
Hey dawgz,

I'm glad to announce the latest challenge in the kernelpanic series of wargames on W3Challs:

jinshanling, by acez (ARM, what else?)

Thanks acez!

For those of you that don't do kernel exploitation, give it a try! But next time we will try to publish in other categories, soon enough hopefully ;)

Welcome to ARMenia (awe, the 19/11/2013 at 02h00)Comments (0)
A new kernelpanic is available in the wargame category: ervis, by acez.
Gogogo ARM kernel pwnerz! Check out the other ARM kernelpanic challenge too: ranchar!

Thanks acez!