Exercises

This exercise demonstrates how to leverage a SQL injection to gain access to the admin console, and from there, how to execute commands on the underlying system

This exercise describes the exploitation of a local file include with limited access. Once code execution is gained, you will see some post exploitation tricks.

This exercise explains how you can exploit CVE-2012-1823 to retrieve the source code of an application and gain code execution.

This exercise explains how you can exploit CVE-2012-2661 to retrieve information from a database

This exercise explains how to perform a Linux host review, what and how you can check the configuration of a Linux server to ensure it is securely configured. The reviewed system is a traditional Linux-Apache-Mysql-PHP (LAMP) server used to host a blog.

After a short brute force introduction, this exercise explains the tampering of rack cookies and how you can even manage to modify a signed cookie (if the secret is trivial). Using this issue, you will be able to escalate your privileges and gain command execution

This exercise explains how you can from a SQL injection gain access to the administration console, and from there, how you can run commands on the underlying system

This exercise explains how you can exploit CVE-2008-1930 to gain access to the administration interface of a Wordpress installation.

This exercise explains the interactions between Tomcat and Apache, then it shows how to call and attack an Axis2 Web service. Using information retrieved from this attack, you will be able to gain access to the Tomcat Manager and deploy a WebShell to gain command execution.

This exercise is a set of the most common web vulnerabilities.

This exercise explains how you can exploit CVE-2012-6081 to gain code execution. This vulnerability was exploited to compromise Debian's wiki and Python documentation website

This exercise explains how you can, from a blind SQL injection, gain access to the administration console. Then once in the administration console, how you can run commands on the system.

This exercise is a set of the most common web vulnerabilities.

This exercise explains how you can tamper with encrypted cookies to access another user's account

This exercise explains how to exploit a Cross-Site Scripting vulnerability to obtain an administrator's cookies, and how you can use their session to gain access to the administration panel, and find a SQL injection to gain code execution

This exercise covers the exploitation of CVE-2007-1860. This vulnerability allows an attacker to gain access to inaccessible pages using crafted requests. This is a common trick that a lot of testers miss.

This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanism

This exercise covers the exploitation of a Bash vulnerability through a CGI.

This exercise covers the exploitation of XML entities in the Play framework

This exercise covers the exploitation of Python's pickle when used to deserialize untrusted data

This exercise covers Cross-Origin Resource Sharing and how it can be used to bypass CSRF protection if it's misconfigured

This exercise covers the exploitation of PHP type confusion to bypass a signature and the exploitation of unserialize.

This exercise covers the exploitation of a signature weakness in a JWT library.

This exercise covers how to get code execution when a Struts application is running in devMode

This exercise covers how to intercept an HTTP connection.

This exercise covers how to intercept an HTTPs connection.

This exercise covers how to intercept an HTTPs connection with hostname verification.

This exercise covers how to intercept an HTTPs connection

This exercise covers how to intercept an HTTPs connection

This exercise covers the exploitation of an application using XMLDecoder