Brown Badge

14 Completed
33 Videos
26 Exercises
Easy image for Signing Oracle

Signing Oracle

  • This exercise covers how a signing oracle can be used to bypass authorization in place
  • 2 videos
  • Completed by 697 students
  • Takes Less than an hour on average

 

Easy image for JS Prototype Pollution

JS Prototype Pollution

  • This exercise covers how to exploit Prototype Pollution against a JavaScript application
  • 1 video
  • Completed by 751 students
  • Takes Less than an hour on average

 

Easy image for CVE-2021-41773

CVE-2021-41773

  • This challenge covers how to read arbitrary files by leveraging CVE-2021-41773
  • 1 video
  • Completed by 401 students
  • Takes Less than an hour on average
  • Apache
  • CWE-23

 

Easy image for JSON Web Encryption

JSON Web Encryption

  • This exercise covers how you can create your own JWE if you have access to the public key used by the se rver
  • 2 videos
  • Completed by 452 students
  • Takes Less than an hour on average

 

Easy image for Apache Pluto RCE

Apache Pluto RCE

  • This exercise covers how you can gain code execution in Apache Pluto 3.0.0 due to an issue in the authorisation logic
  • 1 video
  • Completed by 452 students
  • Takes Less than an hour on average
  • CWE-200

 

Easy image for Unicode and Uppercase

Unicode and Uppercase

  • This exercise covers how you can use unicode to gain access to an admin account.
  • 1 video
  • Completed by 558 students
  • Takes Less than an hour on average

 

Easy image for Unicode and Downcase

Unicode and Downcase

  • This exercise covers how you can use unicode to gain access to an admin account.
  • 1 video
  • Completed by 498 students
  • Takes Less than an hour on average

 

Easy image for Zip symlink

Zip symlink

  • This exercise covers how you can create a malicious Zip file and use it to gain access to sensitive files.
  • 1 video
  • Completed by 490 students
  • Takes Less than an hour on average

 

Easy image for CVE-2020-14343: PyYAML unsafe loader

CVE-2020-14343: PyYAML unsafe loader

  • This exercise covers how you can gain code execution when an application use a vulnerable version of PyYAML and relies on load()
  • 1 video
  • Completed by 244 students
  • Takes Less than an hour on average
  • CWE-20

 

Easy image for Express Local File Read

Express Local File Read

  • This exercise covers how an insecure to render can be used to gain local file read with Express
  • 1 video
  • Completed by 283 students
  • Takes Less than an hour on average

 

Easy image for CVE-2021-40438

CVE-2021-40438

  • This challenge covers how to trigger a Server-Side Request Forgery by leveraging CVE-2021-40438
  • 1 video
  • Completed by 238 students
  • Takes Less than an hour on average
  • Apache
  • CWE-918

 

Easy image for GCM Nonce Reuse

GCM Nonce Reuse

  • This challenge covers the impact of nonce reuse on GCM
  • 2 videos
  • Completed by 98 students
  • Takes Less than an hour on average
  • Ruby

 

Medium image for PHP phar://

PHP phar://

  • This exercise covers how the PHP phar:// handler can be used to gain code execution using PHP unserialize.
  • 1 video
  • Completed by 289 students
  • Takes Less than an hour on average

 

Medium image for Spring Actuators

Spring Actuators

  • This exercise covers how you can gain code execution using Spring Actuators when Spring Cloud is used.
  • 1 video
  • Completed by 238 students
  • Takes Between 1 and 2 hours on average

 

Medium image for From SQL injection to Shell III: PostgreSQL Edition

From SQL injection to Shell III: PostgreSQL Edition

  • This exercise covers how to gain access to an administration interface using SQL injection followed by how to get command execution using Ghostscript
  • 2 videos
  • Completed by 165 students
  • Takes Between 2 and 4 hours on average
  • Ruby-on-Rails
  • SQL Injection
  • CWE-89

 

Medium image for Unicode and NFKC

Unicode and NFKC

  • This exercise covers how can leverage unicode to get exploit a directory traversal
  • 1 video
  • Completed by 235 students
  • Takes Less than an hour on average

 

Medium image for EDDSA vulnerability in Monocypher

EDDSA vulnerability in Monocypher

  • This exercise covers the exploitation of a vulnerability impacting Monocypher.
  • 1 video
  • Completed by 115 students
  • Takes Between 1 and 2 hours on average
  • crypto

 

Medium image for CGI and Signature

CGI and Signature

  • This exercise covers the exploitation of a vulnerable CGI.
  • 1 video
  • Completed by 160 students
  • Takes Less than an hour on average

 

Medium image for CVE-2020-7115: Aruba Clearpass RCE

CVE-2020-7115: Aruba Clearpass RCE

  • This exercise covers a remote command execution issue on Aruba Clearpass RCE
  • 1 video
  • Completed by 153 students
  • Takes Less than an hour on average
  • CWE-306

 

Medium image for CVE-2021-41773 II

CVE-2021-41773 II

  • This challenge covers how to gain code execution by leveraging CVE-2021-41773
  • 1 video
  • Completed by 131 students
  • Takes Between 1 and 2 hours on average
  • Apache

 

Medium image for CVE-2022-21449

CVE-2022-21449

  • This exercise covers the exploitation of CVE-2022-21449 against a Java Application relying on JWT
  • 4 videos
  • Completed by 82 students
  • Takes Less than an hour on average
  • Java
  • jwt

 

Hard image for CVE-2020-8163: Rails local name RCE

CVE-2020-8163: Rails local name RCE

  • This exercise details the exploitation of CVE-2020-8163 to gain code execution
  • 2 videos
  • Completed by 184 students
  • Takes Between 1 and 2 hours on average
  • CWE-94

 

Hard image for RCE via argument injection

RCE via argument injection

  • This exercise covers a remote command execution vulnerability in which an attacker can only inject arguments
  • Completed by 31 students
  • Takes Between 2 and 4 hours on average

 

Hard image for Ox Remote Code Execution

Ox Remote Code Execution

  • This exercise covers how you can gain code execution when an application using Ox to deserialize data and run on Ruby 2.3
  • 1 video
  • Completed by 43 students
  • Takes Between 2 and 4 hours on average
  • Ruby

 

Hard image for JSON Web Token XIII

JSON Web Token XIII

  • This exercise covers the exploitation of algorithm confusion when no public key is available
  • 2 videos
  • Completed by 117 students
  • Takes Less than an hour on average
  • PHP
  • jwt
  • cwe-310

 

Hard image for Ox Remote Code Execution II

Ox Remote Code Execution II

  • This exercise covers how you can gain code execution when an application using Ox to deserialize data and run on Ruby 2.7
  • Completed by 19 students
  • Takes Between 2 and 4 hours on average
  • Ruby