Brown Badge

users completed icon
29 Completed
video icon
37 Videos
book icon
26 Exercises

PentesterLab's Brown badge focuses on exploiting various web application vulnerabilities, including JWE, signing oracles, PHP unserialize, Spring Actuators, Prototype Pollution, SQL injection, Unicode, malicious Zip files, and remote command execution in multiple frameworks and platforms.

Exercises

Easy
brown badge icon
Signing Oracle
  • This exercise covers how a signing oracle can be used to bypass authorization in place
  • 2 videos
  • Completed by 823 students
  • Takes < 1 Hr. on average

 

Easy
brown badge icon
JS Prototype Pollution
  • This exercise covers how to exploit Prototype Pollution against a JavaScript application
  • 1 video
  • Completed by 906 students
  • Takes < 1 Hr. on average

 

Easy
brown badge icon
CVE-2021-41773
  • This challenge covers how to read arbitrary files by leveraging CVE-2021-41773
  • 1 video
  • Completed by 539 students
  • Takes < 1 Hr. on average
  • Apache
  • CWE-23

 

Medium
brown badge icon
JSON Web Encryption
  • This exercise covers how you can create your own JWE if you have access to the public key used by the server
  • 2 videos
  • Completed by 524 students
  • Takes < 1 Hr. on average

 

Medium
brown badge icon
GCM Nonce Reuse
  • This challenge covers the impact of nonce reuse on GCM
  • 2 videos
  • Completed by 167 students
  • Takes 1-2 Hrs. on average
  • Ruby

 

Medium
brown badge icon
Apache Pluto RCE
  • This exercise covers how to gain code execution on Apache Pluto 3.0.0 due to a flaw in the authorization logic
  • 1 video
  • Completed by 536 students
  • Takes < 1 Hr. on average
  • CWE-200

 

Medium
brown badge icon
CVE-2021-40438
  • This challenge covers how to trigger a Server-Side Request Forgery by leveraging CVE-2021-40438
  • 1 video
  • Completed by 329 students
  • Takes < 1 Hr. on average
  • Apache
  • CWE-918

 

Medium
brown badge icon
Unicode and Uppercase
  • This exercise covers how you can use unicode to gain access to an admin account.
  • 2 videos
  • Completed by 657 students
  • Takes < 1 Hr. on average

 

Medium
brown badge icon
Unicode and Downcase
  • This exercise covers how you can use unicode to gain access to an admin account.
  • 2 videos
  • Completed by 587 students
  • Takes < 1 Hr. on average

 

Medium
brown badge icon
Zip symlink
  • This exercise covers how you can create a malicious Zip file and use it to gain access to sensitive files.
  • 1 video
  • Completed by 575 students
  • Takes < 1 Hr. on average

 

Medium
brown badge icon
Express Local File Read
  • This exercise covers how an insecure call to render can be used to gain local files read with Express
  • 1 video
  • Completed by 400 students
  • Takes < 1 Hr. on average

 

Medium
brown badge icon
CVE-2020-14343: PyYAML unsafe loader
  • This exercise covers how you can gain code execution when an application use a vulnerable version of PyYAML and relies on load()
  • 1 video
  • Completed by 310 students
  • Takes < 1 Hr. on average
  • CWE-20

 

Medium
brown badge icon
CVE-2022-21449
  • This exercise covers the exploitation of CVE-2022-21449 against a Java Application relying on JWT
  • 4 videos
  • Completed by 163 students
  • Takes < 1 Hr. on average
  • Java
  • jwt

 

Medium
brown badge icon
CVE-2021-41773 II
  • This challenge covers how to gain code execution by leveraging CVE-2021-41773
  • 1 video
  • Completed by 199 students
  • Takes 1-2 Hrs. on average
  • Apache

 

Medium
brown badge icon
CVE-2020-7115: Aruba Clearpass RCE
  • This exercise covers a remote command execution issue on Aruba Clearpass RCE
  • 1 video
  • Completed by 214 students
  • Takes < 1 Hr. on average
  • CWE-306

 

Medium
brown badge icon
CGI and Signature
  • This exercise covers the exploitation of a vulnerable CGI.
  • 2 videos
  • Completed by 222 students
  • Takes < 1 Hr. on average

 

Medium
brown badge icon
EDDSA vulnerability in Monocypher
  • This exercise covers the exploitation of a vulnerability impacting Monocypher.
  • 1 video
  • Completed by 177 students
  • Takes 1-2 Hrs. on average
  • Crypto

 

Medium
brown badge icon
Unicode and NFKC
  • This exercise covers how to leverage unicode to exploit a directory traversal
  • 1 video
  • Completed by 304 students
  • Takes < 1 Hr. on average

 

Medium
brown badge icon
From SQL injection to Shell III: PostgreSQL Edition
  • This exercise covers how to gain access to an administration interface using a SQL injection, and how to get command execution using Ghostscript
  • 2 videos
  • Completed by 246 students
  • Takes 2-4 Hrs. on average
  • Ruby-on-Rails
  • SQL Injection
  • CWE-89

 

Medium
brown badge icon
Spring Actuators
  • This exercise covers how you can gain code execution using Spring Actuators when Spring Cloud is used.
  • 1 video
  • Completed by 289 students
  • Takes 1-2 Hrs. on average

 

Medium
brown badge icon
PHP phar://
  • This exercise covers how the PHP phar:// handler can be used to gain code execution using PHP unserialize.
  • 1 video
  • Completed by 350 students
  • Takes < 1 Hr. on average

 

Hard
brown badge icon
RCE via argument injection
  • This exercise covers a remote command execution vulnerability via argument injection
  • Completed by 53 students
  • Takes 2-4 Hrs. on average

 

Hard
brown badge icon
Ox Remote Code Execution
  • This exercise covers how you can gain code execution when an application is using Ox to deserialize data and is running on Ruby 2.3
  • 1 video
  • Completed by 81 students
  • Takes 2-4 Hrs. on average
  • Ruby

 

Hard
brown badge icon
JWT Algorithm Confusion with RSA Public Key Recovery
  • This exercise covers the exploitation of algorithm confusion when no public key is available
  • 3 videos
  • Completed by 193 students
  • Takes < 1 Hr. on average
  • PHP
  • jwt
  • cwe-310

 

Hard
brown badge icon
CVE-2020-8163: Rails local name RCE
  • This exercise details the exploitation of CVE-2020-8163 to gain code execution
  • 2 videos
  • Completed by 220 students
  • Takes 1-2 Hrs. on average
  • CWE-94

 

Hard
brown badge icon
Ox Remote Code Execution II
  • This exercise covers how you can gain code execution when an application is using Ox to deserialize data and is running on Ruby 2.7
  • Completed by 33 students
  • Takes 2-4 Hrs. on average
  • Ruby