WE WILL HELP YOU GET TO THE NEXT LEVEL!

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This exercise is one of our challenges to help you learn Java Serialisation exploitation

This exercise is one of our challenges to help you learn Java Serialisation exploitation

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This exercise covers the exploitation of a SSRF in PySAML2

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This exercise covers the exploitation of algorithm confusion when no public key is available with a ECDSA key

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This exercise covers the exploitation of CVE-2021-21239 (PySAML2)

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This challenge covers the review of a CVE in a Java codebase and its patch

This exercise covers the creation of a malicious IDP to forge assertion

This exercise covers the automation of the exploitation of a vulnerability in the DOMPDF library

This exercise covers the exploitation of a Signature Wrapping Issue in passport-saml (CVE-2022-39299)

This exercise covers the exploitation of a Java application using XSL

This exercise covers the exploitation of a vulnerability in the DOMPDF library

This exercise covers the exploitation of a PHP application using XSL

This exercise covers a way to manipulate a shopping cart to lower the total amount

This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files

This exercise covers the exploitation of a PHP application using XSL

This exercise covers a simple payments bypass.

This exercise covers the exploitation of CVE-2022-39224

This exercise covers the exploitation of a PHP application using XSL

This exercise covers the exploitation of a vulnerability in the DOMPDF library

This exercise covers the exploitation of a vulnerability in the DOMPDF library

This exercise covers how to abuse a shopping cart allowing users to apply a voucher.

This exercise covers the exploitation of a PHP application using XSL

This exercise covers how to abuse a shopping cart allowing users to apply a voucher..

This exercise covers the exploitation of a PHP application using XSL

This exercise covers a simple payments bypass.

This exercise is one of our challenges to help you learn how to review real source code

This challenge covers the review of a CVE and its patch

This challenge covers the review of a CVE and its patch

This challenge covers the review of a CVE and its patch

This challenge covers the review of a snippet of code written in Python

This challenge covers the review of a snippet of code written in Java

This challenge covers the review of a snippet of code written in Java

This challenge covers the review of a snippet of code written in Java

This exercise covers a simple payments bypass.

This challenge covers the impact of nonce reuse on GCM

This challenge covers the review of a CVE and its patch

This challenge covers the review of a snippet of code written in Java

This challenge covers the review of a snippet of code written in Java

This challenge covers the review of a snippet of code written in Java

This exercise covers a simple payments bypass.

This challenge covers a vulnerable snippet in a real Java application

This challenge covers the review of a snippet of code written in Python

This challenge covers the review of a snippet of code written in Python

This challenge covers the review of a snippet of code written in Python

This challenge covers how to exploit an IDOR when Mongo IDs are used

This challenge covers the review of a CVE and its patch

This challenge covers the review of a CVE and its patch

This challenge covers the review of a snippet of code written in Python

This challenge covers the review of a snippet of code written in Golang

This challenge covers the review of a snippet of code written in Java

This exercise covers the exploitation of CVE-2022-21449 against a Java Application relying on JWT

This exercise covers how you can get arbitrary file read using CVE-2021-33564 against Refinery CMS

This challenge covers a vulnerable snippet in a real Python application

This challenge covers the review of a snippet of code written in PHP

This challenge covers the review of a snippet of code written in PHP

This challenge covers the review of a snippet of code written in PHP

This challenge covers the review of a snippet of code written in Python

This challenge covers the review of a snippet of code written in Python

This challenge covers the review of a snippet of code written in Python

This challenge covers the review of a CVE and its patch

This challenge covers how to gain code execution by leveraging a JDBC connection string with PostgreSQL

This challenge covers the review of a snippet of code written in Java

This challenge covers the review of a snippet of code written in Java

This exercise covers how you can gain code execution when an application using Ox to deserialize data and run on Ruby 2.7

This challenge covers the review of a CVE and its patch

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers the review of a CVE and its patch

This challenge covers how to gain code execution by leveraging an H2 database in a Java application

This challenge covers the review of a snippet of code written in TypeScript

This challenge covers the review of a snippet of code written in TypeScript

This challenge covers the review of a snippet of code written in TypeScript

This challenge covers the review of a snippet of code written in TypeScript

This challenge covers the review of a snippet of code written in TypeScript

This challenge covers the review of a snippet of code written in TypeScript

This challenge covers the review of a CVE and its patch

This exercise is one of our challenges to help you learn Java Serialisation exploitation

This challenge covers the latest RCE in Log4j

This challenge covers the review of a CVE and its patch

This exercise covers how one can inspect HTTP responses to identify information leaks.

This exercise is one of our challenges to help you learn Java Serialisation exploitation

This challenge covers the review of a CVE and its patch

This challenge covers the review of a snippet of code written in Golang

This challenge covers the review of a snippet of code written in TypeScript

This challenge covers the review of a snippet of code written in TypeScript

This challenge covers the review of a snippet of code written in TypeScript

This exercise covers how one can inspect JavaScript code to identify information leak.

This challenge covers how to trigger a Server-Side Request Forgery by leveraging CVE-2021-40438

This challenge covers how to read arbitrary files by leveraging CVE-2021-41773

This challenge covers how to gain code execution by leveraging CVE-2021-41773

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers the review of a CVE and its patch

This challenge covers the review of a CVE and its patch

This challenge covers the review of a snippet of code written in PHP

This challenge covers the review of a snippet of code written in PHP

This challenge covers the review of a snippet of code written in PHP

This exercise covers how one can inspect JavaScript code to identify unused endpoints.

This challenge covers the review of a CVE and its patch

This challenge covers the review of a snippet of code written in PHP

This challenge covers the review of a snippet of code written in PHP

This challenge covers the review of a snippet of code written in PHP

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This exercise covers how one can inspect JavaScript code to identify unused endpoints.

This exercise covers how one can inspect JavaScript code to identify unused endpoints.

This challenge covers the review of a snippet of code written in Golang

This challenge covers the review of a snippet of code written in Golang

This challenge covers the review of a snippet of code written in Golang

This challenge covers the review of a snippet of code written in Golang

This challenge covers the review of a snippet of code written in Golang

This challenge covers the review of a snippet of code written in Golang

This challenge covers the review of a snippet of code written in Golang

This challenge covers the review of a snippet of code written in Golang

This challenge covers the review of a snippet of code written in Golang

This challenge covers the review of a snippet of code written in Golang

This challenge covers the review of a snippet of code written in JavaScript

This challenge covers the review of a snippet of code written in JavaScript

This challenge covers the review of a snippet of code written in JavaScript

This challenge covers the review of a snippet of code written in JavaScript

This challenge covers the review of a snippet of code written in JavaScript

This challenge covers the review of a snippet of code written in JavaScript

This challenge covers the review of a snippet of code written in JavaScript

This challenge covers the review of a snippet of code written in Python

This challenge covers the review of a snippet of code written in Ruby

This challenge covers the review of a snippet of code written in Ruby

This challenge covers the review of a snippet of code written in Ruby

This challenge covers the review of a snippet of code written in Ruby

This challenge covers the review of a snippet of code written in Ruby

This challenge covers the review of a snippet of code written in Ruby

This challenge covers the review of a snippet of code written in Ruby

This challenge covers the review of a snippet of code written in Ruby

This challenge covers the review of a snippet of code written in Ruby

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers the review of a CVE and its patch

This exercise covers how you can gain code execution when an application using Ox to deserialize data and run on Ruby 2.3

This challenge covers the review of a CVE and its patch

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers the review of a CVE and its patch

This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files

This exercise covers how you can read abitrary files when an application use ffmpeg to render videos from a video you provide

This exercise is the API version of an exercise you already solved in another badge. You should use it to get more confident with discovering vulnerabilities without any hint on what to look for.

This challenge covers the review of a CVE and its patch

This exercise covers the exploitation of a XSS in the Authorization server

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This exercise is the API version of an exercise you already solved in another badge. You should use it to get more confident with discovering vulnerabilities without any hint on what to look for.

This exercise covers how an insecure to render can be used to gain local file read with Express

This exercise covers the exploitation of a XSS in the Authorization server

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This challenge covers how to send specific HTTP requests

This exercise is the API version of an exercise you already solved in the Essential Badge. You should use it to get more confident with discovering vulnerabilities without any hint on what to look for.

This exercise covers the exploitation of algorithm confusion when no public key is available

This exercise covers the exploitation of a comment injection vulnerability in SAML

In this challenge, you need to look for a file named key.txt in the place used to serve the assets for the main website

In this challenge, you need to look for a file named key2.txt in the place used to serve the assets for the main website

In this challenge, you need to look for a key in the JavaScript used by the website

This exercise covers how you can read abitrary files when an application use ffmpeg to render videos from a video you provide

This exercise covers how one can use Signature Wrapping to become arbitrary users.

This exercise covers a remote command execution vulnerability in which an attacker can only inject arguments

This exercise is one of our challenges to help you learn how to review real source code

This exercise covers how one can use Signature Wrapping to become arbitrary users.

In this challenge, you need to look at the branches in repo3

In this challenge, you need to look at the information in the branches for repo4

In this challenge, you need to look in repo9 for deleted files

In this challenge, you need to look for sensitive information in commit messages

This exercise covers how one can pass the SAMLResponse from one Service Provider to another Service Provider.

This exercise covers the exploitation of a vulnerable CGI.

In this challenge, you need to look at the name of the developer used in the repository test1

In this challenge, you need to look at the public repository of the developers in the organisation

In this challenge, you need to look at the email addresses used for commits in the repository repo7

This exercise is one of our challenges to help you learn how to review real source code

This exercise is one of our challenges to help you learn how to review real source code

This exercise covers how you can gain code execution when an application use a vulnerable version of PyYAML and relies on load()

This exercise covers the exploitation of a state fixation in the OAuth2 Client

This exercise is one of our challenges to help you learn how to review real source code

This exercise covers a remote command execution issue on Aruba Clearpass RCE

This exercise is one of our challenges to help you learn how to review real source code

This exercise covers the exploitation of predictable state in the OAuth2 Client

In this challenge, you need to find the TXT record linked to key.z.hackycorp.com

In this challenge, you need to find a TXT record by doing a zone transfer on z.hackycorp.com

In this challenge, you need to find a TXT record by doing a zone transfer on the internal zone "int"

In this challenge, you need to find the version of Bind used

This exercise covers the exploitation of a vulnerability impacting Monocypher.

This exercise is one of our challenges to help you learn how to review real source code

This exercise covers the exploitation of predictable state in the OAuth2 Client

This exercise is one of our challenges to help you learn how to review real source code

This exercise covers how can leverage unicode to get exploit a directory traversal

This exercise covers the exploitation of a service provider (SP) that doesn't check the certificate provided in the SAMLResponse

This exercise covers default vhost

This exercise covers default TLS vhost

This exercise covers aliases in TLS certificates

This exercise details the exploitation of CVE-2020-8163 to gain code execution

This exercise covers the exploitation of a known key in SAML

This exercise is one of our challenges to help you learn how to review real source code

This exercise covers common interesting directories

This exercise covers simple directory bruteforcing

This exercise covers 404 error pages

This exercise covers the exploitation of a Cross-Site Scripting in the OAuth2 Client Server

This exercise covers how you can create a malicious Zip file and use it to gain access to sensitive files.

This exercise is one of our challenges to help you learn how to review real source code

This exercise covers the exploitation of a comment injection vulnerability in SAML

This exercise covers how you can use unicode to gain access to an admin account.

This exercise is one of our challenges to help you learn how to review real source code

This exercise is one of our challenges to help you learn Java Serialisation exploitation

This exercise covers how you can use unicode to gain access to an admin account.

This exercise is one of our challenges to help you learn how to review real source code

This exercise covers how one can use Cross-Site Leak to recover sensitive information

This exercise covers how to gain access to an administration interface using SQL injection followed by how to get command execution using Ghostscript

This exercise covers the exploitation of a CSRF in the OAuth2 Client

This exercise covers how one can use Cross-Site-Scripting Include to leak information.

This exercise covers the exploitation of a CSRF in the OAuth2 Client

This exercise is one of our challenges to help you learn how to review real source code

This exercise is one of our challenges to help you learn how to review real source code

This exercise covers how to exploit Prototype Pollution against a JavaScript application

This exercise covers the exploitation of a CSRF in the Authorization server

This exercise is one of our challenges to help you learn how to review real source code

This exercise covers how you can read arbitrary files when an application generates pdf from a link you provide

This exercise covers the exploitation of the HTTP HEAD issue impacting Github in 2019

This exercise covers how one can use SVG to trigger a Cross-Site-Scripting.

This exercise covers how you can gain code execution in Apache Pluto 3.0.0 due to an issue in the authorisation logic

This exercise details the exploitation of a Cross-Site Request Forgery when JSON is used

This exercise details the exploitation of a Cross-Site Request Forgery to gain access to sensitive data

This exercise is one of our challenges to help you learn how to review real source code

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the origin and X-Frame-Options is used

This exercise covers how you can gain code execution using Spring Actuators when Spring Cloud is used.

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to trigger a Cross-Site Scripting

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the origin

This exercise covers how the PHP phar:// handler can be used to gain code execution using PHP unserialize.

This exercise covers how a signing oracle can be used to bypass authorization in place

This exercise covers how to use a length extension attack to exploit a directory traversal vulnerability

This exercise covers how you can create your own JWE if you have access to the public key used by the se rver

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information

This exercise details the exploitation of CVE-2019-5418 to get code execution

This exercise covers Cross-Site WebSocket Hijacking and how it can be used to gain access to sensitive information

This exercise covers how to use the x5u header to bypass an authentication based on JWT.

This exercise covers Cross-Origin Resource Sharing and how it can be used to get access to sensitive data.

This exercise covers how to use the jku header to bypass an authentication based on JWT.

This exercise details the exploitation of CVE-2019-5420 to gain code execution

This exercise covers the exploitation of an OpenRedirect in the OAuth2 Client

This exercise details the exploitation of CVE-2019-5420 to forge a session as another user

This exercise covers how to use the jku header to bypass an authentication based on JWT.

This exercise covers how to use introspection and a SQL injection to get access to additional information in GraphQL.

This exercise covers the exploitation of an OpenRedirect in the Authorization Server

This exercise covers how to use the jku header to bypass an authentication based on JWT.

This exercise covers how to get code execution against the Git self hosted tool: Gogs.

This exercise covers how to use the jku header to bypass an authentication based on JWT.

This exercise covers the exploitation of a signature stripping vulnerability in SAML

This exercise covers how to use introspection to get access to additional information in GraphQL.

This exercise covers how to get code execution against the Git self hosted tool: Gogs.

This exercise will guide through the process of reversing simple obfuscated Android code

This exercise will guide through the process of reversing simple obfuscated Android code

This exercise will guide through the process of reversing simple obfuscated Android code

This exercise covers how to get code execution by using a Ruby Universal Gadget when an attacker controls the data passed to Marshal.load()

This exercise covers how one can bypass the authentication of an SSH server based on libssh to gain a shell on the impacted system

This exercise will guide through the process of reversing simple Android code

This exercise will guide through the process of extracting simple information from an APK

This exercise covers how to gain access to an administration interface using SQL injection followed by how to get command execution using ImageTragick

This exercise will guide through the process of extracting data from a simple database used by an Android app

This exercise covers how to get code execution by chaining vulnerabilities in a Ruby-on-Rails application

This exercise will guide through the process of extracting simple information from an APK

This exercise details the exploitation of a XSS in a simple web application that uses Content Security Policy

This exercise details the exploitation of a vulnerability in Git Sub module that can be used to get command execution

This exercise details how to retrieve information from an exposed .git directory on a web server. This time, the directly listing is disabled

This exercise details how to retrieve information from an exposed .git directory on a web server

This exercise covers the exploitation of a website using JWT for session without verifying the signature

This exercise covers the exploitation of HTTPoxy against an old version of Golang

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise covers the exploitation of an application using CBC-MAC when an attacker has control over the IV

This exercise covers the exploitation of an injection in the kid element of a JWT. This injection can be used to bypass the signature mechanism

This exercise covers a remote command execution in Golang's go get command.

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise is one of our challenges to help you learn more about Unix/Linux

This exercise covers the exploitation of a trivial secret used to sign JWT tokens.

This exercise details the exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT

This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP

This exercise covers the exploitation of signature of non-fixed size messages with CBC-MAC

This exercise covers the exploitation of an issue in the usage of JWT token

This exercise is one of our challenges on Code Execution

This exercise is one of our challenges on Server-Side Template Injection

This exercise is one of our challenges on vulnerabilities related to MongoDB

This exercise is one of our challenges on Authorisation issues

This exercise is one of our challenges on Code Execution

This exercise is one of our challenges on Authorisation issues

This exercise is one of our challenges on Authorisation issues

This exercise is one of our challenges on Command Execution

This exercise is one of our challenges on Server-Side Template Injection

This exercise is one of our challenges on Code Execution

This exercise is one of our challenges on Code Execution

This exercise is one of our challenges on Code Execution

This exercise covers the different ways to perform code review. It also contains a simple application to review to help you get started.

This exercise covers the exploitation of the Struts S2-052 vulnerability

This exercise is one of our challenges on SQL Injections

This exercise is one of our challenges on vulnerabilities related to XML processing

This exercise is one of our challenges on vulnerabilities related to XML processing

This exercise is one of our challenges on SQL Injections

This exercise is one of our challenges on SQL Injections

This exercise is one of our challenges on SQL Injections

This exercise is one of our challenges on SQL Injections

This exercise is one of our challenges on SQL Injections

This exercise is one of our challenges on Code Execution

This exercise is one of our challenges on Authorisation issues

This exercise is one of our challenges on Command Execution

This exercise is one of our challenges on Command Execution

This exercise is one of our challenges on Server-Side Request Forgery

This exercise is one of our challenges on Open Redirect

This exercise is one of our challenges on Open Redirect

This exercise is one of our challenges on vulnerabilities related to MongoDB

This exercise covers the exploitation of a signature stripping vulnerability in SAML

This exercise is one of our challenges on Server-Side Request Forgery

This exercise is one of our challenges on Server-Side Request Forgery

This exercise is one of our challenges on Server-Side Request Forgery

This exercise is one of our challenges on Cross-Site Scripting

This exercise is one of our challenges on Cross-Site Scripting

This exercise is one of our challenges on Directory Traversal

This exercise is one of our challenges on Directory Traversal

This exercise is one of our challenges on Directory Traversal

This exercise is one of our challenges on Cross-Site Scripting

This exercise is one of our challenges on Cross-Site Scripting

This exercise is one of our challenges on Cross-Site Scripting

This exercise is one of our challenges on Cross-Site Scripting

This exercise is one of our challenges on Cross-Site Scripting

This exercise is one of our challenges on Cross-Site Scripting

This exercise is one of our challenges on Cross-Site Scripting

This exercise is one of our challenges on Upload vulnerabilities

This exercise is one of our challenges on Upload vulnerabilities

This exercise is one of our challenges on Cross-Site Scripting

This exercise is one of our challenges on Authentication issues

This exercise is one of our challenges on Code Execution

This exercise is one of our challenges on Code Execution

This exercise is one of our challenges on File Include vulnerabilities

This exercise is one of our challenges on File Include vulnerabilities

This exercise is one of our challenges on vulnerabilities related to LDAP

This exercise is one of our challenges on vulnerabilities related to LDAP

This exercise is one of our challenges on Authentication issues

This exercise is one of our challenges on Authentication issues

This exercise is one of our challenges on Authentication issues

This exercise is one of our challenges on Authentication issues

This exercise is one of our challenges on Authorisation issues

This exercise is one of our challenges on Authorisation issues

This exercise is one of our challenges on Code Execution

This exercise covers a remote code execution vulnerability in PHPMailer

This exercise details how to tamper with data encrypted using CBC

This exercise covers a Remote Code Execution in Struts 2.

This exercise covers a remote code execution vulnerability in Ruby-on-Rails when using render on user-supplied data

This exercise explains how you can exploit a vulnerability published in 2014 in Gitlist.

This exercise covers the exploitation of a weakness in the usage of ECDSA

This challenge was written for Ruxcon CTF 2015 and cover the Debug mode of Werkzeug/Flask

This exercise covers an attack against CBC mode. This attack can be used to decrypt data and re-encrypt arbitrary data

This challenge was written for Ruxcon CTF 2015. It's an SQL injection mixed with a remote code execution.

This exercise is a challenge written for Nullcon CTF in 2015

This challenge was written for Ruxcon CTF 2015. It's an SQL injection with a twist

This exercise covers the exploitation of a code execution in Ruby-on-Rails using XML and YAML.

This exercise covers the exploitation of an issue with some implementations of JWT

This exercise covers the exploitation of an Xstream vulnerability in Jenkins

This exercise covers the exploitation of a call to readObject in a Spring application

This exercise covers the exploitation of an application using XMLDecoder

This exercise covers how to intercept an HTTPs connection..

This exercise covers how to intercept an HTTPs connection..

This exercise covers how to intercept an HTTPs connection with hostname verification.

This exercise covers how to intercept an HTTPs connection.

This exercise covers how to intercept an HTTP connection.

This exercise covers how to get code execution when a Struts application is running in devMode

This exercise covers the exploitation of a signature weakness in a JWT library.

This exercise covers Cross-Origin Resource Sharing and how it can be used to bypass CSRF protection if misconfigured.

This exercise covers the exploitation of PHP type confusion to bypass a signature and the exploitation of unserialize.

This exercise covers the exploitation of Python's pickle when used to deserialize untrusted data

This exercise covers the exploitation of a XML entities in the Play framework.

This exercise covers the exploitation of a Bash vulnerability through a CGI.

This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanism

This exercise covers the exploitation of CVE-2007-1860. This vulnerability allows an attacker to gain access to inaccessible pages using crafted requests. This is a common trick that a lot of testers miss.

This exercise explains how you can use a Cross-Site Scripting vulnerability to get access to an administrator's cookies. Then how you can use his/her session to gain access to the administration to find a SQL injection and gain code execution using it.

This exercise explains how you can tamper with an encrypted cookies to access another user's account.

This exercise is a set of the most common web vulnerabilities.

This exercise explains how you can, from a blind SQL injection, gain access to the administration console. Then once in the administration console, how you can run commands on the system.

This exercise explains how you can exploit CVE-2012-6081 to gain code execution. This vulnerability was exploited to compromise Debian's wiki and Python documentation website

This exercise is a set of the most common web vulnerabilities.

This exercise explains the interactions between Tomcat and Apache, then it will show you how to call and attack an Axis2 Web service. Using information retrieved from this attack, you will be able to gain access to the Tomcat Manager and deploy a WebShell to gain commands execution.

This exercise explains how you can exploit CVE-2008-1930 to gain access to the administration interface of a Wordpress installation.

This exercise explains how you can from a SQL injection gain access to the administration console. Then in the administration console, how you can run commands on the system.

After a short brute force introduction, this exercise explains the tampering of rack cookie and how you can even manage to modify a signed cookie (if the secret is trivial). Using this issue, you will be able to escalate your privileges and gain commands execution.

This exercise explains how to perform a Linux host review, what and how you can check the configuration of a Linux server to ensure it is securely configured. The reviewed system is a traditional Linux-Apache-Mysql-PHP (LAMP) server used to host a blog.

This exercise explains how you can exploit CVE-2012-2661 to retrieve information from a database

This exercise explains how you can exploit CVE-2012-1823 to retrieve the source code of an application and gain code execution.