10010101 101110 11001 001 101 0111 101101 01101

WE WILL HELP YOU GET TO THE NEXT LEVEL!

TRY OUR FREE EXERCISES OR GO PRO

FILTER

	EXERCISE	AVERAGE TIME TO COMPLETE	# OF USERS COMPLETED

	API 08	< 1 Hr.	17
	JDBC RCE	--	0
	CVE-2008-1x3x	< 1 Hr.	12
	Golang Snippet #12	< 1 Hr.	29
	Python Snippet #02	< 1 Hr.	35
	TypeScript Snippet #01	< 1 Hr.	26
	TypeScript Snippet #02	< 1 Hr.	25
	TypeScript Snippet #03	< 1 Hr.	27
	API 07	< 1 Hr.	33
	CVE-2021-40438	< 1 Hr.	47
	CVE-2021-41773	< 1 Hr.	100
	CVE-2021-41773 II	1-2 Hr.	17
	HTTP 36	< 1 Hr.	161
	HTTP 37	< 1 Hr.	151
	HTTP 38	< 1 Hr.	156
	HTTP 39	< 1 Hr.	147
	HTTP 40	< 1 Hr.	155
	CVE-2006-4xxx	< 1 Hr.	44
	CVE-2006-4xxx_ii	< 1 Hr.	30
	PHP Snippet #04	< 1 Hr.	92
	PHP Snippet #05	< 1 Hr.	32
	PHP Snippet #06	< 1 Hr.	96
	API 06	< 1 Hr.	74
	CVE-2021-37xxx	< 1 Hr.	32
	PHP Snippet #01	< 1 Hr.	215
	PHP Snippet #02	< 1 Hr.	168
	PHP Snippet #03	< 1 Hr.	95
	HTTP 31	< 1 Hr.	239
	HTTP 32	< 1 Hr.	235
	HTTP 35	< 1 Hr.	203
	HTTP 34	< 1 Hr.	205
	HTTP 33	< 1 Hr.	232
	API 05	< 1 Hr.	125
	API 04	< 1 Hr.	133
	Golang Snippet #1	< 1 Hr.	222
	Golang Snippet #02	< 1 Hr.	121
	Golang Snippet #03	< 1 Hr.	94
	Golang Snippet #04	< 1 Hr.	113
	Golang Snippet #05	< 1 Hr.	102
	Golang Snippet #06	< 1 Hr.	86
	Golang Snippet #07	< 1 Hr.	88
	Golang Snippet #08	< 1 Hr.	76
	Golang Snippet #09	< 1 Hr.	76
	Golang Snippet #10	< 1 Hr.	80
	Golang Snippet #11	< 1 Hr.	74
	Javascript Snippet #01	< 1 Hr.	150
	Javascript Snippet #02	< 1 Hr.	131
	Javascript Snippet #03	< 1 Hr.	129
	Javascript Snippet #04	< 1 Hr.	117
	Javascript Snippet #05	< 1 Hr.	125
	Javascript Snippet #06	< 1 Hr.	105
	Javascript Snippet #07	< 1 Hr.	112
	Python Snippet #01	< 1 Hr.	137
	Ruby Snippet #01	< 1 Hr.	38
	Ruby Snippet #02	< 1 Hr.	46
	Ruby Snippet #03	< 1 Hr.	53
	Ruby Snippet #04	< 1 Hr.	47
	Ruby Snippet #05	< 1 Hr.	49
	Ruby Snippet #06	< 1 Hr.	44
	Ruby Snippet #07	< 1 Hr.	39
	Ruby Snippet #08	< 1 Hr.	43
	Ruby Snippet #09	< 1 Hr.	40
	HTTP 26	< 1 Hr.	299
	HTTP 27	< 1 Hr.	292
	HTTP 28	< 1 Hr.	282
	HTTP 29	< 1 Hr.	266
	HTTP 30	< 1 Hr.	243
	CVE-2020-17xx7	< 1 Hr.	74
	Ox Remote Code Execution	> 4 Hr.	6
	CVE-2020-9x9x	< 1 Hr.	59
	HTTP 21	< 1 Hr.	364
	HTTP 22	< 1 Hr.	362
	HTTP 23	< 1 Hr.	356
	HTTP 24	< 1 Hr.	359
	HTTP 25	< 1 Hr.	351
	HTTP 16	< 1 Hr.	416
	HTTP 20	< 1 Hr.	384
	HTTP 18	< 1 Hr.	406
	HTTP 19	< 1 Hr.	391
	HTTP 17	< 1 Hr.	410
	CVE-2020-17xx8	< 1 Hr.	63
	CVE-2021-22204: Exiftool RCE	< 1 Hr.	45
	SSRF via FFMPEG II	< 1 Hr.	35
	API 03	< 1 Hr.	121
	CVE-2020-11xxx	< 1 Hr.	74
	OAuth2: Authorization Server XSS II	< 1 Hr.	72
	HTTP 11	< 1 Hr.	516
	HTTP 15	< 1 Hr.	488
	HTTP 12	< 1 Hr.	507
	HTTP 13	< 1 Hr.	493
	HTTP 14	< 1 Hr.	489
	API 02	< 1 Hr.	378
	Express Local File Read	< 1 Hr.	80
	OAuth2: Authorization Server XSS	< 1 Hr.	97
	HTTP 10	< 1 Hr.	571
	HTTP 09	< 1 Hr.	584
	HTTP 07	< 1 Hr.	622
	HTTP 06	< 1 Hr.	621
	HTTP 08	< 1 Hr.	589
	HTTP 03	< 1 Hr.	758
	HTTP 04	< 1 Hr.	715
	HTTP 05	< 1 Hr.	704
	HTTP 02	< 1 Hr.	783
	HTTP 01	< 1 Hr.	857
	API 01	< 1 Hr.	584
	JSON Web Token XIII	< 1 Hr.	43
	SAML: Comment Injection II	< 1 Hr.	173
	Recon 24	< 1 Hr.	852
	Recon 25	1-2 Hr.	581
	Recon 26	< 1 Hr.	913
	SSRF via FFMPEG	1-2 Hr.	86
	SAML: Signature Wrapping II	< 1 Hr.	126
	RCE via argument injection	> 4 Hr.	11
	Code Review 16	< 1 Hr.	41
	SAML: Signature Wrapping	< 1 Hr.	164
	Recon 20	< 1 Hr.	1075
	Recon 21	< 1 Hr.	1070
	Recon 22	< 1 Hr.	983
	Recon 23	< 1 Hr.	1000
	SAML: SAMLResponse forwarding	< 1 Hr.	158
	CGI and Signature	< 1 Hr.	60
	Recon 17	< 1 Hr.	1185
	Recon 18	< 1 Hr.	1122
	Recon 19	< 1 Hr.	1005
	Code Review 15	< 1 Hr.	41
	Code Review 14	< 1 Hr.	43
	CVE-2020-14343: PyYAML unsafe loader	< 1 Hr.	108
	OAuth2: State Fixation	1-2 Hr.	141
	Code Review 13	2-4 Hr.	34
	CVE-2020-7115: Aruba Clearpass RCE	1-2 Hr.	69
	Code Review 12	< 1 Hr.	64
	OAuth2: Predictable State II	1-2 Hr.	97
	Recon 13	< 1 Hr.	1547
	Recon 14	< 1 Hr.	1417
	Recon 15	< 1 Hr.	1147
	Recon 16	< 1 Hr.	1302
	EDDSA vulnerability in Monocypher	1-2 Hr.	39
	Code Review 11	> 4 Hr.	20
	OAuth2: Predictable State	2-4 Hr.	106
	Code Review 10	< 1 Hr.	58
	Recon 11	< 1 Hr.	1329
	Recon 12	< 1 Hr.	1618
	Unicode and NFKC	< 1 Hr.	114
	SAML: Trusted Embedded Key	< 1 Hr.	152
	Recon 06	< 1 Hr.	2579
	Recon 07	< 1 Hr.	2263
	Recon 08	< 1 Hr.	2002
	CVE-2020-8163: Rails local name RCE	2-4 Hr.	97
	SAML: Known Key	1-2 Hr.	132
	Code Review 09	1-2 Hr.	54
	Recon 04	< 1 Hr.	3302
	Recon 05	< 1 Hr.	2551
	Recon 01	< 1 Hr.	4036
	OAuth2: Client Server XSS	1-2 Hr.	138
	Zip symlink	< 1 Hr.	290
	Code Review 08	2-4 Hr.	49
	SAML: Comment Injection	< 1 Hr.	818
	Unicode and Downcase	< 1 Hr.	311
	Code Review 07	1-2 Hr.	75
	Java Serialize 01	< 1 Hr.	178
	Unicode and Uppercase	< 1 Hr.	361
	Code Review 06	2-4 Hr.	33
	Cross-Site Leak	2-4 Hr.	331
	From SQL injection to Shell III: PostgreSQL Edition	2-4 Hr.	83
	OAuth2: Client CSRF II	2-4 Hr.	239
	XSS Include	< 1 Hr.	763
	OAuth2: Client CSRF	< 1 Hr.	553
	Code Review 05	2-4 Hr.	60
	Code Review 04	1-2 Hr.	153
	JS Prototype Pollution	< 1 Hr.	463
	OAuth2: Authorization Server CSRF	1-2 Hr.	655
	Code Review 03	2-4 Hr.	61
	SSRF in PDF generation	< 1 Hr.	493
	OAuth2: Github HTTP HEAD	1-2 Hr.	254
	SVG XSS	< 1 Hr.	1042
	Apache Pluto RCE	< 1 Hr.	295
	JSON Cross-Site Request Forgery	< 1 Hr.	943
	Cross-Site Request Forgery	< 1 Hr.	1084
	Code Review 02	1-2 Hr.	168
	postMessage() IV	< 1 Hr.	577
	Spring Actuators	1-2 Hr.	148
	postMessage() III	1-2 Hr.	595
	postMessage() II	< 1 Hr.	659
	PHP phar://	< 1 Hr.	196
	Signing Oracle	< 1 Hr.	473
	Length Extension Attack	1-2 Hr.	371
	JSON Web Encryption	< 1 Hr.	288
	postMessage()	< 1 Hr.	751
	CVE-2019-5418	1-2 Hr.	265
	Cross-Site WebSocket Hijacking	< 1 Hr.	696
	JWT XII	1-2 Hr.	364
	Cross-Origin Resource Sharing II	< 1 Hr.	636
	JWT XI	1-2 Hr.	358
	cve-2019-5420 II	1-2 Hr.	300
	OAuth2: Client OpenRedirect	< 1 Hr.	524
	CVE-2019-5420	2-4 Hr.	482
	JWT X	< 1 Hr.	410
	GraphQL: SQL Injection	1-2 Hr.	708
	OAuth2: Authorization Server OpenRedirect	1-2 Hr.	610
	JWT IX	< 1 Hr.	481
	Gogs RCE II	< 1 Hr.	324
	JWT VIII	1-2 Hr.	521
	SAML: Signature Stripping	< 1 Hr.	1219
	GraphQL Introspection	< 1 Hr.	1352
	Gogs RCE	1-2 Hr.	370
	Android 07	1-2 Hr.	836
	Android 06	1-2 Hr.	988
	Android 05	1-2 Hr.	1192
	Ruby 2.x Universal RCE Deserialization Gadget Chain	< 1 Hr.	830
	CVE-2018-10933: LibSSH auth bypass	--	0
	Android 04	< 1 Hr.	1527
	Android 03	< 1 Hr.	2034
	From SQL injection to Shell III	1-2 Hr.	611
	Android 02	< 1 Hr.	2248
	IDOR to Shell	1-2 Hr.	608
	Android 01	< 1 Hr.	2408
	Introduction to CSP	< 1 Hr.	1774
	CVE-2018-11235: Git Submodule RCE	2-4 Hr.	311
	Git Information Leak II	< 1 Hr.	1651
	Git Information Leak	< 1 Hr.	2190
	JWT VII	< 1 Hr.	2055
	CVE-2016-5386: HTTPoxy/Golang HTTProxy namespace conflict	< 1 Hr.	580
	Unix 31	< 1 Hr.	9614
	Unix 30	< 1 Hr.	9624
	Unix 25	< 1 Hr.	10072
	Unix 32	< 1 Hr.	9601
	Unix 34	< 1 Hr.	9559
	Unix 33	< 1 Hr.	9584
	Unix 27	< 1 Hr.	9947
	Unix 29	< 1 Hr.	9895
	Unix 28	< 1 Hr.	9911
	Unix 26	< 1 Hr.	9997
	CBC-MAC II	1-2 Hr.	1112
	JWT VI	< 1 Hr.	1597
	CVE-2018-6574: go get RCE	< 1 Hr.	570
	Unix 11	< 1 Hr.	13179
	Unix 12	< 1 Hr.	12834
	Unix 13	< 1 Hr.	12314
	Unix 14	< 1 Hr.	12057
	Unix 15	< 1 Hr.	11063
	Unix 16	< 1 Hr.	10845
	Unix 17	< 1 Hr.	11022
	Unix 18	< 1 Hr.	10972
	Unix 19	< 1 Hr.	10914
	Unix 20	< 1 Hr.	10266
	Unix 21	< 1 Hr.	10385
	Unix 22	< 1 Hr.	10276
	Unix 23	< 1 Hr.	10118
	Unix 24	< 1 Hr.	10072
	JWT V	< 1 Hr.	1925
	CVE-2018-0114	2-4 Hr.	1173
	JWT IV	< 1 Hr.	1696
	CBC-MAC	2-4 Hr.	1074
	JWT III	1-2 Hr.	1825
	Code Execution 09	< 1 Hr.	7310
	Server Side Template Injection 02	< 1 Hr.	5757
	MongoDB Injection 02	1-2 Hr.	5828
	Authorization 06	< 1 Hr.	9761
	Code Execution 08	< 1 Hr.	7424
	Authorization 04	< 1 Hr.	10578
	Authorization 05	< 1 Hr.	10165
	Command Execution 03	< 1 Hr.	7612
	Server Side Template Injection 01	< 1 Hr.	5758
	Code Execution 05	< 1 Hr.	8431
	Code Execution 06	< 1 Hr.	8280
	Code Execution 07	< 1 Hr.	8112
	Introduction to code review	--	0
	S2-052	< 1 Hr.	1677
	SQL Injection 06	< 1 Hr.	6198
	XML Attacks 01	< 1 Hr.	6059
	XML Attacks 02	< 1 Hr.	5773
	SQL Injection 04	< 1 Hr.	6555
	SQL Injection 05	< 1 Hr.	6510
	SQL Injection 01	< 1 Hr.	7231
	SQL Injection 02	< 1 Hr.	7028
	SQL Injection 03	< 1 Hr.	6879
	Code Execution 02	< 1 Hr.	9310
	Authorization 03	< 1 Hr.	11277
	Command Execution 01	< 1 Hr.	7923
	Command Execution 02	< 1 Hr.	7708
	Server Side Request Forgery 04	< 1 Hr.	6507
	Open Redirect 01	< 1 Hr.	6709
	Open Redirect 02	< 1 Hr.	6504
	MongoDB Injection 01	< 1 Hr.	6849
	SAML: Introduction	< 1 Hr.	1660
	Server Side Request Forgery 02	< 1 Hr.	6761
	Server Side Request Forgery 03	< 1 Hr.	6740
	Server Side Request Forgery 01	< 1 Hr.	6873
	XSS 09	< 1 Hr.	6064
	XSS 10	< 1 Hr.	5645
	Directory Traversal 01	< 1 Hr.	7995
	Directory Traversal 02	< 1 Hr.	7886
	Directory Traversal 03	< 1 Hr.	7821
	XSS 02	< 1 Hr.	7129
	XSS 03	< 1 Hr.	6881
	XSS 04	< 1 Hr.	6541
	XSS 05	< 1 Hr.	6370
	XSS 06	< 1 Hr.	6342
	XSS 07	< 1 Hr.	6229
	XSS 08	< 1 Hr.	6137
	File Upload 01	< 1 Hr.	6269
	File Upload 02	< 1 Hr.	6200
	XSS 01	< 1 Hr.	7367
	Authentication 05	< 1 Hr.	11501
	Code Execution 03	< 1 Hr.	8903
	Code Execution 04	< 1 Hr.	8739
	File Include 01	< 1 Hr.	7497
	File Include 02	< 1 Hr.	7341
	LDAP 01	< 1 Hr.	7265
	LDAP 02	< 1 Hr.	6979
	Authentication 04	< 1 Hr.	12087
	Authentication 01	< 1 Hr.	13101
	Authentication 02	< 1 Hr.	12657
	Authentication 03	< 1 Hr.	12298
	Authorization 01	< 1 Hr.	11676
	Authorization 02	< 1 Hr.	11452
	Code Execution 01	< 1 Hr.	9843
	CVE-2016-10033: PHPMailer RCE	< 1 Hr.	2605
	Cipher block chaining	1-2 Hr.	1979
	Struts s2-045	< 1 Hr.	1929
	CVE-2016-2098	< 1 Hr.	2488
	CVE-2014-4511: Gitlist RCE	--	0
	ECDSA	2-4 Hr.	282
	Werkzeug DEBUG	< 1 Hr.	1193
	Padding Oracle	1-2 Hr.	677
	Unickle	1-2 Hr.	547
	CVE-2015-3224	< 1 Hr.	1200
	Luhn	2-4 Hr.	493
	CVE-2013-0156: Rails Object Injection	< 1 Hr.	2914
	JSON Web Token II	1-2 Hr.	2459
	CVE-2016-0792	< 1 Hr.	3434
	ObjectInputStream	< 1 Hr.	3151
	XMLDecoder	< 1 Hr.	3847
	CVE-2014-1266	1-2 Hr.	946
	CVE-2011-0228	1-2 Hr.	1102
	Intercept 03	< 1 Hr.	1345
	Intercept 02	< 1 Hr.	1464
	Intercept 01	1-2 Hr.	1606
	Struts devMode	--	0
	JSON Web Token	< 1 Hr.	7242
	Cross-Origin Resource Sharing	--	0
	API to Shell	2-4 Hr.	2492
	Pickle Code Execution	< 1 Hr.	4740
	Play XML Entities	1-2 Hr.	1564
	CVE-2014-6271/Shellshock	< 1 Hr.	6650
	Play Session Injection	< 1 Hr.	1960
	CVE-2007-1860: mod_jk double-decoding	1-2 Hr.	4563
	XSS and MySQL FILE	--	0
	Electronic Code Book	1-2 Hr.	4350
	Web for Pentester II	--	0
	From SQL Injection to Shell II	--	0
	CVE-2012-6081: MoinMoin code execution	--	0
	Web for Pentester	--	0
	Axis2 Web service and Tomcat Manager	--	0
	CVE-2008-1930: Wordpress 2.5 Cookie Integrity Protection Vulnerability	--	0
	From SQL Injection to Shell: PostgreSQL edition	--	0
	Rack Cookies and Commands injection	--	0
	Linux Host Review	--	0
	CVE-2012-2661: ActiveRecord SQL injection	--	0
	CVE-2012-1823: PHP CGI	--	0
	PHP Include And Post Exploitation	--	0
	From SQL Injection to Shell	< 1 Hr.	6070
	Code Review 01	1-2 Hr.	278
	Introduction 01	< 1 Hr.	19191
	Recon 00	< 1 Hr.	4082
	Introduction 02	< 1 Hr.	18978
	Recon 02	< 1 Hr.	3476
	Introduction 03	< 1 Hr.	18615
	Recon 03	< 1 Hr.	3191
	Introduction 00	< 1 Hr.	19806
	Recon 10	1-2 Hr.	1463
	Recon 09	< 1 Hr.	2274
	Code Review 17	1-2 Hr.	16
	Unix 00	< 1 Hr.	16753
	Unix 01	< 1 Hr.	16391
	Unix 02	< 1 Hr.	16253
	Unix 03	< 1 Hr.	16073
	Unix 04	< 1 Hr.	15885
	Unix 05	< 1 Hr.	15145
	Unix 06	< 1 Hr.	14575
	Unix 07	< 1 Hr.	14352
	Unix 08	< 1 Hr.	14136
	Unix 09	< 1 Hr.	13724
	Unix 10	< 1 Hr.	13399
	PCAP 01	< 1 Hr.	5172
	PCAP 02	< 1 Hr.	5052
	PCAP 03	< 1 Hr.	4980
	PCAP 04	< 1 Hr.	4779
	PCAP 05	< 1 Hr.	4708
	PCAP 06	< 1 Hr.	4638
	PCAP 07	< 1 Hr.	4589
	PCAP 08	< 1 Hr.	4558
	PCAP 09	< 1 Hr.	4535
	PCAP 10	< 1 Hr.	4271
	PCAP 11	< 1 Hr.	4258
	PCAP 12	< 1 Hr.	4247
	PCAP 13	< 1 Hr.	4301
	Java Snippet #01	1-2 Hr.	41
	PCAP 14	< 1 Hr.	4288
	Java Snippet #02	< 1 Hr.	49
	PCAP 15	< 1 Hr.	4278
	Java Snippet #03	< 1 Hr.	42
	PCAP 16	< 1 Hr.	4260
	PCAP 17	< 1 Hr.	4211
	PCAP 18	< 1 Hr.	4207
	PCAP 19	< 1 Hr.	4185
	PCAP 20	< 1 Hr.	4113
	PCAP 21	< 1 Hr.	4067
	PCAP 22	< 1 Hr.	4045
	PCAP 23	< 1 Hr.	4040
	PCAP 24	< 1 Hr.	4032
	PCAP 25	< 1 Hr.	4036
	PCAP 26	< 1 Hr.	4035
	PCAP 27	< 1 Hr.	3986
	PCAP 28	< 1 Hr.	3973
	PCAP 29	< 1 Hr.	3965
	PCAP 30	< 1 Hr.	3942
	PCAP 31	< 1 Hr.	3929
	PCAP 32	< 1 Hr.	3877
	CVE-2021-4xx50	< 1 Hr.	25
	PCAP 33	< 1 Hr.	3816
	PCAP 34	< 1 Hr.	3855
	PCAP 35	< 1 Hr.	3913
	Android 08	1-2 Hr.	789
No search results found...