Green Badge

users completed icon
446 Completed
video icon
31 Videos
book icon
16 Exercises

PentesterLab's Green badge teaches the exploitation of various vulnerabilities in web applications, including Ruby-on-Rails CVEs, SQL injections, GraphQL introspection, JWT, and Git self-hosted tools, to gain code execution and unauthorized access.

Exercises

Easy
green badge icon
GraphQL Introspection
  • This exercise covers how to use introspection to get access to additional information in GraphQL.
  • 1 video
  • Completed by 2278 students
  • Takes < 1 Hr. on average
  • GraphQL/Node/Angular

 

Medium
green badge icon
Ruby 2.x Universal RCE Deserialization Gadget Chain
  • This exercise covers how to get code execution by using a Ruby Universal Gadget when an attacker controls the data passed to Marshal.load()
  • 1 video
  • Completed by 1378 students
  • Takes < 1 Hr. on average
  • Ruby/Sinatra

 

Medium
green badge icon
GraphQL: SQL Injection
  • This exercise covers how to use introspection and a SQL injection to get access to additional information in GraphQL.
  • 1 video
  • Completed by 1418 students
  • Takes 1-2 Hrs. on average
  • GraphQL/Node/Angular/SQLite3

 

Medium
green badge icon
CVE-2019-5420
  • This exercise details the exploitation of CVE-2019-5420 to forge a session as another user
  • 2 videos
  • Completed by 885 students
  • Takes 2-4 Hrs. on average
  • Ruby-on-Rails
  • CWE-330

 

Hard
green badge icon
From SQL injection to Shell III
  • This exercise covers how to gain access to an administration interface using SQL injection followed by how to get command execution using ImageTragick
  • 1 video
  • Completed by 1104 students
  • Takes 1-2 Hrs. on average
  • Ruby-on-Rails
  • SQL Injection
  • CWE-89

 

Hard
green badge icon
Length Extension Attack
  • This exercise covers how to use a length extension attack to exploit a directory traversal vulnerability
  • 1 video
  • Completed by 738 students
  • Takes 1-2 Hrs. on average
  • Ruby

 

Hard
green badge icon
Gogs RCE
  • This exercise covers how to get code execution against the Git self hosted tool: Gogs.
  • 3 videos
  • Completed by 660 students
  • Takes 1-2 Hrs. on average
  • Golang
  • CWE-384

 

Hard
green badge icon
Gogs RCE II
  • This exercise covers how to get code execution against the Git self hosted tool: Gogs.
  • 2 videos
  • Completed by 593 students
  • Takes < 1 Hr. on average
  • Golang
  • CWE-94

 

Hard
green badge icon
JWT VIII
  • This exercise covers how to use the jku header to bypass an authentication based on JWT.
  • 3 videos
  • Completed by 956 students
  • Takes 1-2 Hrs. on average
  • Ruby/Sinatra
  • jwt
  • cwe-310

 

Hard
green badge icon
JWT IX
  • This exercise covers how to use the jku header to bypass an authentication based on JWT.
  • 2 videos
  • Completed by 885 students
  • Takes < 1 Hr. on average
  • Ruby/Sinatra
  • jwt
  • cwe-310

 

Hard
green badge icon
JWT XII
  • This exercise covers how to use the x5u header to bypass an authentication based on JWT.
  • 2 videos
  • Completed by 676 students
  • Takes 1-2 Hrs. on average
  • Ruby/Sinatra
  • jwt
  • cwe-310

 

Hard
green badge icon
cve-2019-5420 II
  • This exercise details the exploitation of CVE-2019-5420 to gain code execution
  • 2 videos
  • Completed by 556 students
  • Takes 1-2 Hrs. on average

 

Hard
green badge icon
CVE-2019-5418
  • This exercise details the exploitation of CVE-2019-5418 to get code execution
  • 3 videos
  • Completed by 499 students
  • Takes 1-2 Hrs. on average
  • CWE-22

 

Hard
green badge icon
IDOR to Shell
  • This exercise covers how to get code execution by chaining vulnerabilities in a Ruby-on-Rails application
  • 2 videos
  • Completed by 1037 students
  • Takes 1-2 Hrs. on average
  • Ruby-on-Rails
  • CWE-639

 

Hard
green badge icon
JWT X
  • This exercise covers how to use the jku header to bypass an authentication based on JWT.
  • 2 videos
  • Completed by 762 students
  • Takes < 1 Hr. on average
  • Ruby/Sinatra
  • jwt
  • cwe-310

 

Hard
green badge icon
JWT XI
  • This exercise covers how to use the jku header to bypass an authentication based on JWT.
  • 3 videos
  • Completed by 672 students
  • Takes 1-2 Hrs. on average
  • Ruby/Sinatra
  • jwt
  • cwe-310