10010101 101110 11001 001 101 0111 101101 01101

WE WILL HELP YOU GET TO THE NEXT LEVEL!

TRY OUR FREE EXERCISES OR GO PRO

FILTER

	EXERCISE	AVERAGE TIME TO COMPLETE	# OF USERS COMPLETED

	CVE-2008-5x8x_ii	< 1 Hr.	8
	CVE-2005-2x8x	< 1 Hr.	9
	Python Snippet #06	< 1 Hr.	39
	Golang Snippet #01	< 1 Hr.	24
	Java Snippet #06	< 1 Hr.	12
	CVE-2022-21449	< 1 Hr.	12
	CVE-2021-33564 Argument Injection in Ruby Dragonfly	< 1 Hr.	20
	CVE-2021-45xx9	< 1 Hr.	26
	PHP Snippet #07	< 1 Hr.	81
	PHP Snippet #08	< 1 Hr.	57
	PHP Snippet #09	< 1 Hr.	58
	Python Snippet #03	< 1 Hr.	102
	Python Snippet #04	< 1 Hr.	81
	Python Snippet #05	< 1 Hr.	99
	CVE-2021-39x3x	< 1 Hr.	36
	CVE-2022-21724: JDBC RCE PostgreSQL	< 1 Hr.	27
	Java Snippet #04	< 1 Hr.	101
	Java Snippet #05	< 1 Hr.	87
	Ox Remote Code Execution II	2-4 Hr.	3
	CVE-2009-3x8x	< 1 Hr.	41
	HTTP 41	< 1 Hr.	388
	HTTP 42	< 1 Hr.	391
	HTTP 43	< 1 Hr.	372
	CVE-2021-381xx	< 1 Hr.	54
	H2 RCE	< 1 Hr.	14
	TypeScript Snippet #04	< 1 Hr.	62
	TypeScript Snippet #05	< 1 Hr.	99
	TypeScript Snippet #06	1-2 Hr.	46
	TypeScript Snippet #07	< 1 Hr.	46
	TypeScript Snippet #08	< 1 Hr.	58
	TypeScript Snippet #09	< 1 Hr.	84
	CVE-2008-4x9x	< 1 Hr.	59
	Log4j RCE II	< 1 Hr.	55
	Log4j RCE	1-2 Hr.	165
	CVE-2021-4379x	< 1 Hr.	87
	API 08	< 1 Hr.	214
	JDBC RCE	2-4 Hr.	9
	CVE-2008-1x3x	< 1 Hr.	80
	Golang Snippet #12	< 1 Hr.	114
	Python Snippet #02	< 1 Hr.	201
	TypeScript Snippet #01	< 1 Hr.	159
	TypeScript Snippet #02	< 1 Hr.	138
	TypeScript Snippet #03	< 1 Hr.	143
	API 07	< 1 Hr.	268
	CVE-2021-40438	< 1 Hr.	105
	CVE-2021-41773	< 1 Hr.	203
	CVE-2021-41773 II	2-4 Hr.	49
	HTTP 36	< 1 Hr.	579
	HTTP 37	< 1 Hr.	562
	HTTP 38	< 1 Hr.	567
	HTTP 39	< 1 Hr.	549
	HTTP 40	< 1 Hr.	567
	CVE-2006-4xxx	< 1 Hr.	123
	CVE-2006-4xxx_ii	< 1 Hr.	85
	PHP Snippet #04	< 1 Hr.	262
	PHP Snippet #05	< 1 Hr.	215
	PHP Snippet #06	< 1 Hr.	270
	API 06	< 1 Hr.	317
	CVE-2021-37xxx	< 1 Hr.	81
	PHP Snippet #01	< 1 Hr.	497
	PHP Snippet #02	< 1 Hr.	391
	PHP Snippet #03	< 1 Hr.	276
	HTTP 31	< 1 Hr.	652
	HTTP 32	< 1 Hr.	645
	HTTP 35	< 1 Hr.	614
	HTTP 34	< 1 Hr.	617
	HTTP 33	< 1 Hr.	640
	API 05	< 1 Hr.	414
	API 04	< 1 Hr.	429
	Golang Snippet #1	< 1 Hr.	265
	Golang Snippet #02	< 1 Hr.	235
	Golang Snippet #03	< 1 Hr.	177
	Golang Snippet #04	< 1 Hr.	226
	Golang Snippet #05	< 1 Hr.	195
	Golang Snippet #06	< 1 Hr.	156
	Golang Snippet #07	< 1 Hr.	168
	Golang Snippet #08	< 1 Hr.	157
	Golang Snippet #09	< 1 Hr.	153
	Golang Snippet #10	< 1 Hr.	156
	Golang Snippet #11	< 1 Hr.	148
	Javascript Snippet #01	< 1 Hr.	340
	Javascript Snippet #02	< 1 Hr.	292
	Javascript Snippet #03	< 1 Hr.	295
	Javascript Snippet #04	< 1 Hr.	261
	Javascript Snippet #05	< 1 Hr.	272
	Javascript Snippet #06	< 1 Hr.	232
	Javascript Snippet #07	< 1 Hr.	256
	Python Snippet #01	< 1 Hr.	339
	Ruby Snippet #01	1-2 Hr.	83
	Ruby Snippet #02	< 1 Hr.	106
	Ruby Snippet #03	< 1 Hr.	124
	Ruby Snippet #04	< 1 Hr.	112
	Ruby Snippet #05	< 1 Hr.	115
	Ruby Snippet #06	< 1 Hr.	103
	Ruby Snippet #07	< 1 Hr.	89
	Ruby Snippet #08	< 1 Hr.	104
	Ruby Snippet #09	< 1 Hr.	98
	HTTP 26	< 1 Hr.	745
	HTTP 27	< 1 Hr.	737
	HTTP 28	< 1 Hr.	716
	HTTP 29	< 1 Hr.	688
	HTTP 30	< 1 Hr.	663
	CVE-2020-17xx7	< 1 Hr.	150
	Ox Remote Code Execution	2-4 Hr.	12
	CVE-2020-9x9x	< 1 Hr.	106
	HTTP 21	< 1 Hr.	820
	HTTP 22	< 1 Hr.	806
	HTTP 23	< 1 Hr.	797
	HTTP 24	< 1 Hr.	794
	HTTP 25	< 1 Hr.	792
	HTTP 16	< 1 Hr.	877
	HTTP 20	< 1 Hr.	831
	HTTP 18	< 1 Hr.	861
	HTTP 19	< 1 Hr.	840
	HTTP 17	< 1 Hr.	869
	CVE-2020-17xx8	< 1 Hr.	111
	CVE-2021-22204: Exiftool RCE	1-2 Hr.	73
	SSRF via FFMPEG II	1-2 Hr.	59
	API 03	< 1 Hr.	411
	CVE-2020-11xxx	< 1 Hr.	125
	OAuth2: Authorization Server XSS II	< 1 Hr.	113
	HTTP 11	< 1 Hr.	1001
	HTTP 15	< 1 Hr.	949
	HTTP 12	< 1 Hr.	987
	HTTP 13	< 1 Hr.	965
	HTTP 14	< 1 Hr.	954
	API 02	< 1 Hr.	740
	Express Local File Read	< 1 Hr.	126
	OAuth2: Authorization Server XSS	< 1 Hr.	149
	HTTP 10	< 1 Hr.	1066
	HTTP 09	< 1 Hr.	1091
	HTTP 07	< 1 Hr.	1161
	HTTP 06	< 1 Hr.	1170
	HTTP 08	< 1 Hr.	1110
	HTTP 03	< 1 Hr.	1329
	HTTP 04	< 1 Hr.	1281
	HTTP 05	< 1 Hr.	1257
	HTTP 02	< 1 Hr.	1378
	HTTP 01	< 1 Hr.	1488
	API 01	< 1 Hr.	1005
	JSON Web Token XIII	< 1 Hr.	63
	SAML: Comment Injection II	< 1 Hr.	244
	Recon 24	< 1 Hr.	1401
	Recon 25	1-2 Hr.	908
	Recon 26	< 1 Hr.	1431
	SSRF via FFMPEG	1-2 Hr.	122
	SAML: Signature Wrapping II	< 1 Hr.	178
	RCE via argument injection	2-4 Hr.	15
	Code Review 16	< 1 Hr.	55
	SAML: Signature Wrapping	< 1 Hr.	231
	Recon 20	< 1 Hr.	1600
	Recon 21	< 1 Hr.	1580
	Recon 22	< 1 Hr.	1473
	Recon 23	< 1 Hr.	1488
	SAML: SAMLResponse forwarding	< 1 Hr.	215
	CGI and Signature	< 1 Hr.	85
	Recon 17	< 1 Hr.	1735
	Recon 18	< 1 Hr.	1639
	Recon 19	< 1 Hr.	1498
	Code Review 15	< 1 Hr.	55
	Code Review 14	< 1 Hr.	59
	CVE-2020-14343: PyYAML unsafe loader	< 1 Hr.	144
	OAuth2: State Fixation	1-2 Hr.	196
	Code Review 13	2-4 Hr.	45
	CVE-2020-7115: Aruba Clearpass RCE	1-2 Hr.	94
	Code Review 12	< 1 Hr.	87
	OAuth2: Predictable State II	1-2 Hr.	131
	Recon 13	< 1 Hr.	2151
	Recon 14	< 1 Hr.	1957
	Recon 15	< 1 Hr.	1629
	Recon 16	< 1 Hr.	1802
	EDDSA vulnerability in Monocypher	1-2 Hr.	46
	Code Review 11	2-4 Hr.	26
	OAuth2: Predictable State	2-4 Hr.	143
	Code Review 10	< 1 Hr.	72
	Recon 11	< 1 Hr.	1871
	Recon 12	< 1 Hr.	2197
	Unicode and NFKC	< 1 Hr.	140
	SAML: Trusted Embedded Key	< 1 Hr.	209
	Recon 06	< 1 Hr.	3635
	Recon 07	< 1 Hr.	3190
	Recon 08	< 1 Hr.	2851
	CVE-2020-8163: Rails local name RCE	2-4 Hr.	119
	SAML: Known Key	1-2 Hr.	194
	Code Review 09	1-2 Hr.	63
	Recon 04	< 1 Hr.	4750
	Recon 05	< 1 Hr.	3614
	Recon 01	< 1 Hr.	6135
	OAuth2: Client Server XSS	1-2 Hr.	190
	Zip symlink	< 1 Hr.	346
	Code Review 08	1-2 Hr.	63
	SAML: Comment Injection	< 1 Hr.	958
	Unicode and Downcase	< 1 Hr.	362
	Code Review 07	1-2 Hr.	84
	Java Serialize 01	< 1 Hr.	207
	Unicode and Uppercase	< 1 Hr.	412
	Code Review 06	2-4 Hr.	37
	Cross-Site Leak	2-4 Hr.	385
	From SQL injection to Shell III: PostgreSQL Edition	2-4 Hr.	99
	OAuth2: Client CSRF II	2-4 Hr.	301
	XSS Include	< 1 Hr.	882
	OAuth2: Client CSRF	< 1 Hr.	638
	Code Review 05	2-4 Hr.	65
	Code Review 04	1-2 Hr.	165
	JS Prototype Pollution	< 1 Hr.	545
	OAuth2: Authorization Server CSRF	1-2 Hr.	754
	Code Review 03	2-4 Hr.	70
	SSRF in PDF generation	< 1 Hr.	567
	OAuth2: Github HTTP HEAD	1-2 Hr.	297
	SVG XSS	< 1 Hr.	1192
	Apache Pluto RCE	< 1 Hr.	333
	JSON Cross-Site Request Forgery	< 1 Hr.	1062
	Cross-Site Request Forgery	< 1 Hr.	1179
	Code Review 02	1-2 Hr.	191
	postMessage() IV	< 1 Hr.	658
	Spring Actuators	1-2 Hr.	176
	postMessage() III	1-2 Hr.	677
	postMessage() II	< 1 Hr.	745
	PHP phar://	< 1 Hr.	226
	Signing Oracle	< 1 Hr.	520
	Length Extension Attack	1-2 Hr.	459
	JSON Web Encryption	< 1 Hr.	328
	postMessage()	< 1 Hr.	845
	CVE-2019-5418	1-2 Hr.	316
	Cross-Site WebSocket Hijacking	< 1 Hr.	784
	JWT XII	1-2 Hr.	424
	Cross-Origin Resource Sharing II	< 1 Hr.	728
	JWT XI	1-2 Hr.	417
	cve-2019-5420 II	1-2 Hr.	359
	OAuth2: Client OpenRedirect	< 1 Hr.	588
	CVE-2019-5420	2-4 Hr.	570
	JWT X	< 1 Hr.	479
	GraphQL: SQL Injection	1-2 Hr.	849
	OAuth2: Authorization Server OpenRedirect	< 1 Hr.	675
	JWT IX	< 1 Hr.	558
	Gogs RCE II	< 1 Hr.	380
	JWT VIII	1-2 Hr.	604
	SAML: Signature Stripping	< 1 Hr.	1353
	GraphQL Introspection	< 1 Hr.	1533
	Gogs RCE	1-2 Hr.	435
	Android 07	1-2 Hr.	949
	Android 06	< 1 Hr.	1119
	Android 05	1-2 Hr.	1334
	Ruby 2.x Universal RCE Deserialization Gadget Chain	< 1 Hr.	950
	CVE-2018-10933: LibSSH auth bypass	--	0
	Android 04	< 1 Hr.	1703
	Android 03	< 1 Hr.	2290
	From SQL injection to Shell III	1-2 Hr.	720
	Android 02	< 1 Hr.	2508
	IDOR to Shell	1-2 Hr.	695
	Android 01	< 1 Hr.	2679
	Introduction to CSP	< 1 Hr.	1900
	CVE-2018-11235: Git Submodule RCE	2-4 Hr.	354
	Git Information Leak II	< 1 Hr.	1848
	Git Information Leak	< 1 Hr.	2437
	JWT VII	< 1 Hr.	2320
	CVE-2016-5386: HTTPoxy/Golang HTTProxy namespace conflict	< 1 Hr.	644
	Unix 31	< 1 Hr.	10480
	Unix 30	< 1 Hr.	10507
	Unix 25	< 1 Hr.	11006
	Unix 32	< 1 Hr.	10468
	Unix 34	< 1 Hr.	10419
	Unix 33	< 1 Hr.	10448
	Unix 27	< 1 Hr.	10869
	Unix 29	< 1 Hr.	10811
	Unix 28	< 1 Hr.	10827
	Unix 26	< 1 Hr.	10929
	CBC-MAC II	1-2 Hr.	1240
	JWT VI	< 1 Hr.	1793
	CVE-2018-6574: go get RCE	< 1 Hr.	636
	Unix 11	< 1 Hr.	14478
	Unix 12	< 1 Hr.	14090
	Unix 13	< 1 Hr.	13512
	Unix 14	< 1 Hr.	13211
	Unix 15	< 1 Hr.	12125
	Unix 16	< 1 Hr.	11874
	Unix 17	< 1 Hr.	12072
	Unix 18	< 1 Hr.	12020
	Unix 19	< 1 Hr.	11946
	Unix 20	< 1 Hr.	11215
	Unix 21	< 1 Hr.	11352
	Unix 22	< 1 Hr.	11241
	Unix 23	< 1 Hr.	11060
	Unix 24	< 1 Hr.	11007
	JWT V	< 1 Hr.	2152
	CVE-2018-0114	2-4 Hr.	1306
	JWT IV	< 1 Hr.	1903
	CBC-MAC	1-2 Hr.	1203
	JWT III	1-2 Hr.	2042
	Code Execution 09	< 1 Hr.	8003
	Server Side Template Injection 02	< 1 Hr.	6266
	MongoDB Injection 02	1-2 Hr.	6326
	Authorization 06	< 1 Hr.	10764
	Code Execution 08	< 1 Hr.	8120
	Authorization 04	< 1 Hr.	11625
	Authorization 05	< 1 Hr.	11197
	Command Execution 03	< 1 Hr.	8332
	Server Side Template Injection 01	< 1 Hr.	6271
	Code Execution 05	< 1 Hr.	9247
	Code Execution 06	< 1 Hr.	9065
	Code Execution 07	< 1 Hr.	8867
	Introduction to code review	--	0
	S2-052	< 1 Hr.	1879
	SQL Injection 06	< 1 Hr.	6786
	XML Attacks 01	< 1 Hr.	6597
	XML Attacks 02	< 1 Hr.	6285
	SQL Injection 04	< 1 Hr.	7177
	SQL Injection 05	< 1 Hr.	7121
	SQL Injection 01	< 1 Hr.	7918
	SQL Injection 02	< 1 Hr.	7681
	SQL Injection 03	< 1 Hr.	7505
	Code Execution 02	< 1 Hr.	10217
	Authorization 03	< 1 Hr.	12396
	Command Execution 01	< 1 Hr.	8668
	Command Execution 02	< 1 Hr.	8429
	Server Side Request Forgery 04	< 1 Hr.	7110
	Open Redirect 01	< 1 Hr.	7290
	Open Redirect 02	< 1 Hr.	7067
	MongoDB Injection 01	< 1 Hr.	7460
	SAML: Introduction	< 1 Hr.	1852
	Server Side Request Forgery 02	< 1 Hr.	7378
	Server Side Request Forgery 03	< 1 Hr.	7355
	Server Side Request Forgery 01	< 1 Hr.	7505
	XSS 09	< 1 Hr.	6641
	XSS 10	< 1 Hr.	6175
	Directory Traversal 01	< 1 Hr.	8749
	Directory Traversal 02	< 1 Hr.	8625
	Directory Traversal 03	< 1 Hr.	8549
	XSS 02	< 1 Hr.	7810
	XSS 03	< 1 Hr.	7548
	XSS 04	< 1 Hr.	7170
	XSS 05	< 1 Hr.	6977
	XSS 06	< 1 Hr.	6956
	XSS 07	< 1 Hr.	6840
	XSS 08	< 1 Hr.	6730
	File Upload 01	< 1 Hr.	6821
	File Upload 02	< 1 Hr.	6746
	XSS 01	< 1 Hr.	8078
	Authentication 05	< 1 Hr.	12665
	Code Execution 03	< 1 Hr.	9760
	Code Execution 04	< 1 Hr.	9583
	File Include 01	< 1 Hr.	8173
	File Include 02	< 1 Hr.	8004
	LDAP 01	< 1 Hr.	7920
	LDAP 02	< 1 Hr.	7599
	Authentication 04	< 1 Hr.	13283
	Authentication 01	< 1 Hr.	14396
	Authentication 02	< 1 Hr.	13912
	Authentication 03	< 1 Hr.	13523
	Authorization 01	< 1 Hr.	12827
	Authorization 02	< 1 Hr.	12588
	Code Execution 01	< 1 Hr.	10796
	CVE-2016-10033: PHPMailer RCE	< 1 Hr.	2874
	Cipher block chaining	1-2 Hr.	2184
	Struts s2-045	< 1 Hr.	2120
	CVE-2016-2098	< 1 Hr.	2756
	CVE-2014-4511: Gitlist RCE	--	0
	ECDSA	2-4 Hr.	297
	Werkzeug DEBUG	< 1 Hr.	1269
	Padding Oracle	1-2 Hr.	711
	Unickle	1-2 Hr.	574
	CVE-2015-3224	< 1 Hr.	1276
	Luhn	2-4 Hr.	517
	CVE-2013-0156: Rails Object Injection	< 1 Hr.	3186
	JSON Web Token II	1-2 Hr.	2731
	CVE-2016-0792	< 1 Hr.	3738
	ObjectInputStream	< 1 Hr.	3427
	XMLDecoder	< 1 Hr.	4174
	CVE-2014-1266	1-2 Hr.	982
	CVE-2011-0228	1-2 Hr.	1137
	Intercept 03	< 1 Hr.	1391
	Intercept 02	< 1 Hr.	1517
	Intercept 01	1-2 Hr.	1662
	Struts devMode	--	0
	JSON Web Token	< 1 Hr.	7764
	Cross-Origin Resource Sharing	--	0
	API to Shell	2-4 Hr.	2721
	Pickle Code Execution	< 1 Hr.	5096
	Play XML Entities	1-2 Hr.	1722
	CVE-2014-6271/Shellshock	< 1 Hr.	7087
	Play Session Injection	< 1 Hr.	2163
	CVE-2007-1860: mod_jk double-decoding	1-2 Hr.	4903
	XSS and MySQL FILE	--	0
	Electronic Code Book	1-2 Hr.	4670
	Web for Pentester II	--	0
	From SQL Injection to Shell II	--	0
	CVE-2012-6081: MoinMoin code execution	--	0
	Web for Pentester	--	0
	Axis2 Web service and Tomcat Manager	--	0
	CVE-2008-1930: Wordpress 2.5 Cookie Integrity Protection Vulnerability	--	0
	From SQL Injection to Shell: PostgreSQL edition	--	0
	Rack Cookies and Commands injection	--	0
	Linux Host Review	--	0
	CVE-2012-2661: ActiveRecord SQL injection	--	0
	CVE-2012-1823: PHP CGI	--	0
	PHP Include And Post Exploitation	--	0
	From SQL Injection to Shell	< 1 Hr.	6482
	Code Review 01	1-2 Hr.	306
	Introduction 01	< 1 Hr.	21133
	Recon 00	< 1 Hr.	6120
	Introduction 02	< 1 Hr.	20892
	Recon 02	< 1 Hr.	5115
	Introduction 03	< 1 Hr.	20482
	Recon 03	< 1 Hr.	4582
	Introduction 00	< 1 Hr.	21805
	Recon 10	< 1 Hr.	2022
	Recon 09	< 1 Hr.	3230
	Code Review 17	1-2 Hr.	24
	Unix 00	< 1 Hr.	18500
	Unix 01	< 1 Hr.	18096
	Unix 02	< 1 Hr.	17938
	Unix 03	< 1 Hr.	17730
	Unix 04	< 1 Hr.	17508
	Unix 05	< 1 Hr.	16690
	Unix 06	< 1 Hr.	16035
	Unix 07	< 1 Hr.	15787
	Unix 08	< 1 Hr.	15553
	Unix 09	< 1 Hr.	15096
	Unix 10	< 1 Hr.	14730
	PCAP 01	< 1 Hr.	5686
	PCAP 02	< 1 Hr.	5558
	PCAP 03	< 1 Hr.	5482
	PCAP 04	< 1 Hr.	5266
	PCAP 05	< 1 Hr.	5178
	PCAP 06	< 1 Hr.	5100
	PCAP 07	< 1 Hr.	5052
	PCAP 08	< 1 Hr.	5014
	PCAP 09	< 1 Hr.	4992
	PCAP 10	< 1 Hr.	4717
	PCAP 11	< 1 Hr.	4703
	PCAP 12	< 1 Hr.	4692
	PCAP 13	< 1 Hr.	4744
	Java Snippet #01	< 1 Hr.	234
	PCAP 14	< 1 Hr.	4730
	Java Snippet #02	< 1 Hr.	212
	PCAP 15	< 1 Hr.	4718
	Java Snippet #03	< 1 Hr.	196
	PCAP 16	< 1 Hr.	4697
	PCAP 17	< 1 Hr.	4645
	PCAP 18	< 1 Hr.	4639
	PCAP 19	< 1 Hr.	4617
	PCAP 20	< 1 Hr.	4535
	PCAP 21	< 1 Hr.	4490
	PCAP 22	< 1 Hr.	4469
	PCAP 23	< 1 Hr.	4463
	PCAP 24	< 1 Hr.	4453
	PCAP 25	< 1 Hr.	4456
	PCAP 26	< 1 Hr.	4454
	PCAP 27	< 1 Hr.	4405
	PCAP 28	< 1 Hr.	4388
	PCAP 29	< 1 Hr.	4379
	PCAP 30	< 1 Hr.	4354
	PCAP 31	< 1 Hr.	4344
	PCAP 32	< 1 Hr.	4286
	CVE-2021-4xx50	< 1 Hr.	150
	PCAP 33	< 1 Hr.	4218
	PCAP 34	< 1 Hr.	4264
	PCAP 35	< 1 Hr.	4324
	Android 08	1-2 Hr.	897
No search results found...