Welcome on W3Challs

Welcome Pwnerz!

Our community offers you security challenges to learn and practice hacking.
Our goal is to provide fun and unique challenges running in a real world environment, with no guessing and no simulation!

Our challenges address several subsets of hacking, mostly oriented on the offensive. A multitude of technologies and architectures are waiting for you. Show us your mad skillz and pop some shells (or calcs)!

What's the goal?

To solve a challenge you have to find a flag, which is a secret that you can only read after exploiting a vulnerability. Flags may be stored in files, in a database, etc. They are usually surrounded by a W3C{flag here} tag so you can hardly miss them!

Capture The Flag!
Exploit vulnerabilities to find and leak the secret flag to solve challenges.

Where do I start?

Levels are progressive and will (hopefully) meet the expectations from both beginners and experienced hackers and CTF players. Note that this is a challenge site, not a tutorial! We won't hold your hand, but if you made your research and got really stuck along the way, we'll gladly help!

You can ask for help:

  • On the help forums, if your question doesn't spoil the solution
  • On the IRC channel in private
  • In a private message to another member, directly on the site


The challenges remain online forever, so please refrain from publishing solutions on the Internet! We have special afterwards forums where you can discuss solutions with other solvers.

No Denial of Service on our infrastructure, please.



No account yet? Register.
Last challenges
Last forum posts