White Badge

4943 Completed
15 Videos
6 Exercises

White Videos

White Exercises

Easy
CVE-2014-6271/Shellshock
  • This exercise covers the exploitation of a Bash vulnerability through a CGI.
  • 1 video
  • Completed by 8207 students
  • Takes < 1 Hr. on average
  • CGI/Apache/Bash
  • CWE-78

 

Easy
JSON Web Token
  • This exercise covers the exploitation of a signature weakness in a JWT library.
  • 2 videos
  • Completed by 9135 students
  • Takes < 1 Hr. on average
  • PHP/Apache/Mysql
  • jwt
  • CWE-345,CWE-347

 

Easy
From SQL Injection to Shell
  • This exercise explains how you can, from a SQL injection, gain access to the administration console, then in the administration console, how you can run commands on the system.
  • 1 video
  • Completed by 7506 students
  • Takes < 1 Hr. on average
  • PHP/Apache/Mysql
  • SQL Injection
  • CWE-89

 

Easy
CVE-2007-1860: mod_jk double-decoding
  • This exercise covers the exploitation of CVE-2007-1860. This vulnerability allows an attacker to gain access to inaccessible pages using crafted requests. This is a common trick that a lot of testers miss.
  • 4 videos
  • Completed by 5605 students
  • Takes 1-2 Hrs. on average
  • Tomcat/Apache
  • CWE-22

 

Easy
Pickle Code Execution
  • This exercise covers the exploitation of Python's pickle when used to deserialize untrusted data
  • 4 videos
  • Completed by 5873 students
  • Takes < 1 Hr. on average
  • Python

 

Medium
Electronic Code Book
  • This exercise explains how you can tamper with an encrypted cookies to access another user's account.
  • 2 videos
  • Completed by 5349 students
  • Takes 1-2 Hrs. on average
  • PHP/Apache
  • crypto