Green Badge

432 Completed
31 Videos
16 Exercises

PentesterLab's Green badge teaches the exploitation of various vulnerabilities in web applications, including Ruby-on-Rails CVEs, SQL injections, GraphQL introspection, JWT, and Git self-hosted tools, to gain code execution and unauthorized access.

Exercises

Easy
GraphQL Introspection
  • This exercise covers how to use introspection to get access to additional information in GraphQL.
  • 1 video
  • Completed by 2229 students
  • Takes < 1 Hr. on average
  • GraphQL/Node/Angular

 

Medium
Ruby 2.x Universal RCE Deserialization Gadget Chain
  • This exercise covers how to get code execution by using a Ruby Universal Gadget when an attacker controls the data passed to Marshal.load()
  • 1 video
  • Completed by 1352 students
  • Takes < 1 Hr. on average
  • Ruby/Sinatra

 

Medium
GraphQL: SQL Injection
  • This exercise covers how to use introspection and a SQL injection to get access to additional information in GraphQL.
  • 1 video
  • Completed by 1377 students
  • Takes 1-2 Hrs. on average
  • GraphQL/Node/Angular/SQLite3

 

Medium
CVE-2019-5420
  • This exercise details the exploitation of CVE-2019-5420 to forge a session as another user
  • 2 videos
  • Completed by 866 students
  • Takes 2-4 Hrs. on average
  • Ruby-on-Rails
  • CWE-330

 

Hard
From SQL injection to Shell III
  • This exercise covers how to gain access to an administration interface using SQL injection followed by how to get command execution using ImageTragick
  • 1 video
  • Completed by 1085 students
  • Takes 1-2 Hrs. on average
  • Ruby-on-Rails
  • SQL Injection
  • CWE-89

 

Hard
Length Extension Attack
  • This exercise covers how to use a length extension attack to exploit a directory traversal vulnerability
  • 1 video
  • Completed by 718 students
  • Takes 1-2 Hrs. on average
  • Ruby

 

Hard
Gogs RCE
  • This exercise covers how to get code execution against the Git self hosted tool: Gogs.
  • 3 videos
  • Completed by 646 students
  • Takes 1-2 Hrs. on average
  • Golang
  • CWE-384

 

Hard
Gogs RCE II
  • This exercise covers how to get code execution against the Git self hosted tool: Gogs.
  • 2 videos
  • Completed by 580 students
  • Takes < 1 Hr. on average
  • Golang
  • CWE-94

 

Hard
JWT VIII
  • This exercise covers how to use the jku header to bypass an authentication based on JWT.
  • 3 videos
  • Completed by 932 students
  • Takes 1-2 Hrs. on average
  • Ruby/Sinatra
  • jwt
  • cwe-310

 

Hard
JWT IX
  • This exercise covers how to use the jku header to bypass an authentication based on JWT.
  • 2 videos
  • Completed by 864 students
  • Takes < 1 Hr. on average
  • Ruby/Sinatra
  • jwt
  • cwe-310

 

Hard
JWT XII
  • This exercise covers how to use the x5u header to bypass an authentication based on JWT.
  • 2 videos
  • Completed by 659 students
  • Takes 1-2 Hrs. on average
  • Ruby/Sinatra
  • jwt
  • cwe-310

 

Hard
cve-2019-5420 II
  • This exercise details the exploitation of CVE-2019-5420 to gain code execution
  • 2 videos
  • Completed by 544 students
  • Takes 1-2 Hrs. on average

 

Hard
CVE-2019-5418
  • This exercise details the exploitation of CVE-2019-5418 to get code execution
  • 3 videos
  • Completed by 486 students
  • Takes 1-2 Hrs. on average
  • CWE-22

 

Hard
IDOR to Shell
  • This exercise covers how to get code execution by chaining vulnerabilities in a Ruby-on-Rails application
  • 2 videos
  • Completed by 1007 students
  • Takes 1-2 Hrs. on average
  • Ruby-on-Rails
  • CWE-639

 

Hard
JWT X
  • This exercise covers how to use the jku header to bypass an authentication based on JWT.
  • 2 videos
  • Completed by 742 students
  • Takes < 1 Hr. on average
  • Ruby/Sinatra
  • jwt
  • cwe-310

 

Hard
JWT XI
  • This exercise covers how to use the jku header to bypass an authentication based on JWT.
  • 3 videos
  • Completed by 656 students
  • Takes 1-2 Hrs. on average
  • Ruby/Sinatra
  • jwt
  • cwe-310