LurK Squad Presents
An intentionally broken city where hackers train, creeps get exposed, and scripts meet streetlights.
Each zone is a slice of the same broken city. Pick a target, read the briefing, and learn what happens when “we’ll patch it later” becomes permanent.
Where uptime mattered more than updates.
Market Street Bank still runs on a web stack old enough to remember dial-up. Patches got postponed, audits got ignored, and somehow it’s still accepting logins like nothing’s wrong.
In this zone, you’ll roam an outdated banking portal, study how small shortcuts pile up into big holes, and learn why “we’ll patch it next quarter” is the most expensive sentence in security.
View mission briefing →Free Wi-Fi, paid consequences.
The Broad & 0day is a neon dive where the drinks are weak, but the Wi-Fi is wide open. Guests connect, staff connect, random strangers connect—and nobody remembers who set up the router.
Here you’ll explore the dangers of public networks, sloppy segmentation, and devices that quietly volunteer more information than anyone realizes.
View mission briefing →Check in with ID, check out with your data missing.
Motel 1337 runs a “custom” booking system written by someone’s cousin a decade ago and never touched again. Passwords live too close to plain text, and every exposed endpoint tells a story.
This zone walks you through weak authentication, broken access controls, and the kind of technical debt that turns into front-page incidents.
View mission briefing →Democracy powered by outdated plugins.
The official PWNadelphia city website looks respectable from the outside. Inside, it’s duct tape: abandoned plugins, risky themes, and a content management system glued together with hope.
You’ll see how small misconfigurations in public-facing sites become footholds, and how a neglected CMS can quietly become the soft underbelly of an entire city.
View mission briefing →Pwnadelphia is a fictional city built to be vulnerable on purpose. Think: a Wild West version of Philly where every bar, bank, and back alley is a lesson in bad security choices.
The goal isn't crime. The goal is education: learn to find bugs, exploit them in a safe sandbox, and understand how to fix them in the real world.
Build the perfect sandwich order before the city talks trash.
← Back to PWNadelphiaA customer steps up to the stand and rattles off a hoagie order. Your job: pick the right ingredients. Too many extras or missing the important stuff, and Poe's not impressed.
Name:
Description:
Notes:
Tap ingredients to add or remove them from the sandwich.
Hint: some orders don’t want certain ingredients at all. Read the notes.
Market Street Bank still runs on a web stack old enough to remember dial-up. Tickets got postponed, audits got ignored, and the same brittle login page has been online for years.
The Broad & 0day is a neon dive where the Wi-Fi password has been written on the wall for years. Guests, staff, and randos all share the same network, and no one remembers who set it up.
Motel 1337 runs a “custom” booking system a cousin built a decade ago and then abandoned. Passwords live too close to plain text, and every endpoint feels like a confession.
The official PWNadelphia site looks respectable on the surface. Underneath, it’s stacked with abandoned plugins, risky themes, and years of “we’ll clean this up later.”
Eventually, Pwnadelphia will plug into your custom LurK Terminal so you can poke endpoints and collect flags from your own ops console.
cpt-syntax@lurk-squad:~$ connect pwnadelphia
[+] Establishing link to city grid...
[+] Syncing vulnerable endpoints...
[+] Ready.
cpt-syntax@lurk-squad:~$ # Hack the city, not the planet.
Pwnadelphia is inspired by real stories: living with intruders, bad mechanics, fake “operators,” and creeps who crumble when someone actually knows what a brake caliper piston is.
This city exists so people like that lose power. Knowledge is the weapon, and this is where you sharpen it.