The harry_potter pwnable is a network service that does not appear to do a whole lot:
$ nc 18.104.22.168 666 If you guess the password, I will give you a reward!
Running the binary in strace shows what is going on:
Vuln500 is a basic format string vulnerability, which is made slightly more interesting by the fact that no functions are called after the printf() call. Dtors are also not called and ASLR is enabled.