Login
Register
Introduction 00 (next)
Course
Videos
Scoring
Introduction Badge
Introduction Badge (next)
Badges
Introduction
0 / 4
Unix
0 / 35
Essential
0 / 60
PCAP badge
0 / 35
HTTP
0 / 43
White
0 / 6
Serialize
0 / 5
Yellow
0 / 7
Blue
0 / 11
Green
0 / 16
Orange
0 / 15
Intercept
0 / 5
Authentication / Authorization
0 / 21
Android
0 / 8
Capture-The-Flag
0 / 6
Brown
0 / 26
Recon
0 / 27
API
0 / 19
Media
0 / 18
Code Review
0 / 107
Java Serialize
0 / 12
Java Code Review
0 / 53
Login
Register
Green Badge
369
Completed
31
Videos
16
Exercises
Exercises
Easy
PENTESTERLAB
GraphQL Introspection
This exercise covers how to use introspection to get access to additional information in GraphQL.
1 video
Completed by 1993 students
Takes < 1 Hr. on average
GraphQL/Node/Angular
Easy
PENTESTERLAB
Ruby 2.x Universal RCE Deserialization Gadget Chain
This exercise covers how to get code execution by using a Ruby Universal Gadget when an attacker controls the data passed to Marshal.load()
1 video
Completed by 1225 students
Takes < 1 Hr. on average
Ruby/Sinatra
Easy
PENTESTERLAB
GraphQL: SQL Injection
This exercise covers how to use introspection and a SQL injection to get access to additional information in GraphQL.
1 video
Completed by 1203 students
Takes 1-2 Hrs. on average
GraphQL/Node/Angular/SQLite3
Medium
PENTESTERLAB
CVE-2019-5420
This exercise details the exploitation of CVE-2019-5420 to forge a session as another user
2 videos
Completed by 748 students
Takes 2-4 Hrs. on average
Ruby-on-Rails
CWE-330
Hard
PENTESTERLAB
From SQL injection to Shell III
This exercise covers how to gain access to an administration interface using SQL injection followed by how to get command execution using ImageTragick
1 video
Completed by 958 students
Takes 1-2 Hrs. on average
Ruby-on-Rails
SQL Injection
CWE-89
Hard
PENTESTERLAB
Length Extension Attack
This exercise covers how to use a length extension attack to exploit a directory traversal vulnerability
1 video
Completed by 623 students
Takes 1-2 Hrs. on average
Ruby
Hard
PENTESTERLAB
Gogs RCE
This exercise covers how to get code execution against the Git self hosted tool: Gogs.
3 videos
Completed by 570 students
Takes 1-2 Hrs. on average
Golang
CWE-384
Hard
PENTESTERLAB
Gogs RCE II
This exercise covers how to get code execution against the Git self hosted tool: Gogs.
2 videos
Completed by 506 students
Takes < 1 Hr. on average
Golang
CWE-94
Hard
PENTESTERLAB
JWT VIII
This exercise covers how to use the jku header to bypass an authentication based on JWT.
3 videos
Completed by 817 students
Takes 1-2 Hrs. on average
Ruby/Sinatra
jwt
cwe-310
Hard
PENTESTERLAB
JWT IX
This exercise covers how to use the jku header to bypass an authentication based on JWT.
2 videos
Completed by 756 students
Takes < 1 Hr. on average
Ruby/Sinatra
jwt
cwe-310
Hard
PENTESTERLAB
JWT XII
This exercise covers how to use the x5u header to bypass an authentication based on JWT.
2 videos
Completed by 572 students
Takes 1-2 Hrs. on average
Ruby/Sinatra
jwt
cwe-310
Hard
PENTESTERLAB
cve-2019-5420 II
This exercise details the exploitation of CVE-2019-5420 to gain code execution
2 videos
Completed by 467 students
Takes 1-2 Hrs. on average
Hard
PENTESTERLAB
CVE-2019-5418
This exercise details the exploitation of CVE-2019-5418 to get code execution
3 videos
Completed by 415 students
Takes 1-2 Hrs. on average
CWE-22
Hard
PENTESTERLAB
IDOR to Shell
This exercise covers how to get code execution by chaining vulnerabilities in a Ruby-on-Rails application
2 videos
Completed by 892 students
Takes 1-2 Hrs. on average
Ruby-on-Rails
CWE-639
Hard
PENTESTERLAB
JWT X
This exercise covers how to use the jku header to bypass an authentication based on JWT.
2 videos
Completed by 652 students
Takes < 1 Hr. on average
Ruby/Sinatra
jwt
cwe-310
Hard
PENTESTERLAB
JWT XI
This exercise covers how to use the jku header to bypass an authentication based on JWT.
3 videos
Completed by 570 students
Takes 1-2 Hrs. on average
Ruby/Sinatra
jwt
cwe-310