10010101 101110 11001 001 101 0111 101101 01101

WE WILL HELP YOU GET TO THE NEXT LEVEL!

TRY OUR FREE EXERCISES OR GO PRO

FILTER

	EXERCISE	AVERAGE TIME TO COMPLETE	# OF USERS COMPLETED

	API Payments 01	< 1 Hr.	16
	CVE-2022-26xx9	< 1 Hr.	16
	Python Snippet #07	< 1 Hr.	49
	Python Snippet #08	< 1 Hr.	33
	Python Snippet #09	< 1 Hr.	51
	Mongo IDOR	< 1 Hr.	71
	CVE-2008-5x8x_ii	< 1 Hr.	29
	CVE-2005-2x8x	< 1 Hr.	28
	Python Snippet #06	< 1 Hr.	102
	Golang Snippet #01	< 1 Hr.	68
	Java Snippet #06	2-4 Hr.	39
	CVE-2022-21449	< 1 Hr.	20
	CVE-2021-33564 Argument Injection in Ruby Dragonfly	< 1 Hr.	27
	CVE-2021-45xx9	< 1 Hr.	41
	PHP Snippet #07	< 1 Hr.	130
	PHP Snippet #08	< 1 Hr.	101
	PHP Snippet #09	< 1 Hr.	104
	Python Snippet #03	< 1 Hr.	148
	Python Snippet #04	< 1 Hr.	130
	Python Snippet #05	< 1 Hr.	149
	CVE-2021-39x3x	< 1 Hr.	43
	CVE-2022-21724: JDBC RCE PostgreSQL	< 1 Hr.	35
	Java Snippet #04	< 1 Hr.	142
	Java Snippet #05	< 1 Hr.	126
	Ox Remote Code Execution II	> 4 Hr.	6
	CVE-2009-3x8x	< 1 Hr.	54
	HTTP 41	< 1 Hr.	524
	HTTP 42	< 1 Hr.	530
	HTTP 43	< 1 Hr.	513
	CVE-2021-381xx	< 1 Hr.	61
	H2 RCE	< 1 Hr.	19
	TypeScript Snippet #04	< 1 Hr.	87
	TypeScript Snippet #05	< 1 Hr.	122
	TypeScript Snippet #06	1-2 Hr.	69
	TypeScript Snippet #07	< 1 Hr.	67
	TypeScript Snippet #08	< 1 Hr.	81
	TypeScript Snippet #09	< 1 Hr.	106
	CVE-2008-4x9x	< 1 Hr.	65
	Log4j RCE II	1-2 Hr.	61
	Log4j RCE	1-2 Hr.	174
	CVE-2021-4379x	< 1 Hr.	99
	API 08	< 1 Hr.	273
	JDBC RCE	2-4 Hr.	13
	CVE-2008-1x3x	< 1 Hr.	92
	Golang Snippet #12	< 1 Hr.	131
	Python Snippet #02	< 1 Hr.	239
	TypeScript Snippet #01	< 1 Hr.	189
	TypeScript Snippet #02	< 1 Hr.	164
	TypeScript Snippet #03	< 1 Hr.	168
	API 07	< 1 Hr.	330
	CVE-2021-40438	< 1 Hr.	120
	CVE-2021-41773	< 1 Hr.	220
	CVE-2021-41773 II	2-4 Hr.	57
	HTTP 36	< 1 Hr.	715
	HTTP 37	< 1 Hr.	698
	HTTP 38	< 1 Hr.	703
	HTTP 39	< 1 Hr.	683
	HTTP 40	< 1 Hr.	701
	CVE-2006-4xxx	< 1 Hr.	136
	CVE-2006-4xxx_ii	< 1 Hr.	94
	PHP Snippet #04	< 1 Hr.	302
	PHP Snippet #05	< 1 Hr.	259
	PHP Snippet #06	< 1 Hr.	307
	API 06	< 1 Hr.	372
	CVE-2021-37xxx	< 1 Hr.	85
	PHP Snippet #01	< 1 Hr.	550
	PHP Snippet #02	< 1 Hr.	441
	PHP Snippet #03	< 1 Hr.	317
	HTTP 31	< 1 Hr.	787
	HTTP 32	< 1 Hr.	778
	HTTP 35	< 1 Hr.	746
	HTTP 34	< 1 Hr.	750
	HTTP 33	< 1 Hr.	773
	API 05	< 1 Hr.	473
	API 04	< 1 Hr.	490
	Golang Snippet #1	< 1 Hr.	265
	Golang Snippet #02	< 1 Hr.	254
	Golang Snippet #03	< 1 Hr.	192
	Golang Snippet #04	< 1 Hr.	249
	Golang Snippet #05	< 1 Hr.	216
	Golang Snippet #06	< 1 Hr.	173
	Golang Snippet #07	< 1 Hr.	191
	Golang Snippet #08	< 1 Hr.	177
	Golang Snippet #09	< 1 Hr.	169
	Golang Snippet #10	< 1 Hr.	173
	Golang Snippet #11	< 1 Hr.	166
	Javascript Snippet #01	< 1 Hr.	388
	Javascript Snippet #02	< 1 Hr.	332
	Javascript Snippet #03	< 1 Hr.	333
	Javascript Snippet #04	< 1 Hr.	294
	Javascript Snippet #05	< 1 Hr.	309
	Javascript Snippet #06	< 1 Hr.	263
	Javascript Snippet #07	< 1 Hr.	288
	Python Snippet #01	< 1 Hr.	391
	Ruby Snippet #01	1-2 Hr.	96
	Ruby Snippet #02	< 1 Hr.	122
	Ruby Snippet #03	< 1 Hr.	140
	Ruby Snippet #04	< 1 Hr.	125
	Ruby Snippet #05	< 1 Hr.	128
	Ruby Snippet #06	< 1 Hr.	117
	Ruby Snippet #07	< 1 Hr.	102
	Ruby Snippet #08	< 1 Hr.	117
	Ruby Snippet #09	< 1 Hr.	110
	HTTP 26	< 1 Hr.	883
	HTTP 27	< 1 Hr.	871
	HTTP 28	< 1 Hr.	851
	HTTP 29	< 1 Hr.	822
	HTTP 30	< 1 Hr.	795
	CVE-2020-17xx7	< 1 Hr.	166
	Ox Remote Code Execution	2-4 Hr.	14
	CVE-2020-9x9x	< 1 Hr.	113
	HTTP 21	< 1 Hr.	959
	HTTP 22	< 1 Hr.	945
	HTTP 23	< 1 Hr.	931
	HTTP 24	< 1 Hr.	930
	HTTP 25	< 1 Hr.	929
	HTTP 16	< 1 Hr.	1024
	HTTP 20	< 1 Hr.	974
	HTTP 18	< 1 Hr.	1007
	HTTP 19	< 1 Hr.	985
	HTTP 17	< 1 Hr.	1016
	CVE-2020-17xx8	< 1 Hr.	119
	CVE-2021-22204: Exiftool RCE	1-2 Hr.	78
	SSRF via FFMPEG II	1-2 Hr.	63
	API 03	< 1 Hr.	476
	CVE-2020-11xxx	< 1 Hr.	132
	OAuth2: Authorization Server XSS II	< 1 Hr.	121
	HTTP 11	< 1 Hr.	1149
	HTTP 15	< 1 Hr.	1093
	HTTP 12	< 1 Hr.	1131
	HTTP 13	< 1 Hr.	1109
	HTTP 14	< 1 Hr.	1097
	API 02	< 1 Hr.	823
	Express Local File Read	< 1 Hr.	141
	OAuth2: Authorization Server XSS	1-2 Hr.	159
	HTTP 10	< 1 Hr.	1216
	HTTP 09	< 1 Hr.	1242
	HTTP 07	< 1 Hr.	1317
	HTTP 06	< 1 Hr.	1327
	HTTP 08	< 1 Hr.	1262
	HTTP 03	< 1 Hr.	1498
	HTTP 04	< 1 Hr.	1448
	HTTP 05	< 1 Hr.	1422
	HTTP 02	< 1 Hr.	1559
	HTTP 01	< 1 Hr.	1667
	API 01	< 1 Hr.	1096
	JSON Web Token XIII	< 1 Hr.	66
	SAML: Comment Injection II	< 1 Hr.	254
	Recon 24	< 1 Hr.	1496
	Recon 25	1-2 Hr.	963
	Recon 26	< 1 Hr.	1524
	SSRF via FFMPEG	1-2 Hr.	130
	SAML: Signature Wrapping II	< 1 Hr.	187
	RCE via argument injection	2-4 Hr.	17
	Code Review 16	< 1 Hr.	56
	SAML: Signature Wrapping	< 1 Hr.	244
	Recon 20	< 1 Hr.	1690
	Recon 21	< 1 Hr.	1673
	Recon 22	< 1 Hr.	1566
	Recon 23	< 1 Hr.	1581
	SAML: SAMLResponse forwarding	< 1 Hr.	221
	CGI and Signature	< 1 Hr.	91
	Recon 17	< 1 Hr.	1831
	Recon 18	< 1 Hr.	1730
	Recon 19	< 1 Hr.	1584
	Code Review 15	< 1 Hr.	56
	Code Review 14	< 1 Hr.	62
	CVE-2020-14343: PyYAML unsafe loader	< 1 Hr.	152
	OAuth2: State Fixation	1-2 Hr.	202
	Code Review 13	2-4 Hr.	46
	CVE-2020-7115: Aruba Clearpass RCE	1-2 Hr.	98
	Code Review 12	< 1 Hr.	92
	OAuth2: Predictable State II	1-2 Hr.	136
	Recon 13	< 1 Hr.	2262
	Recon 14	< 1 Hr.	2054
	Recon 15	< 1 Hr.	1718
	Recon 16	< 1 Hr.	1893
	EDDSA vulnerability in Monocypher	1-2 Hr.	50
	Code Review 11	2-4 Hr.	26
	OAuth2: Predictable State	2-4 Hr.	149
	Code Review 10	< 1 Hr.	74
	Recon 11	< 1 Hr.	1966
	Recon 12	< 1 Hr.	2305
	Unicode and NFKC	< 1 Hr.	146
	SAML: Trusted Embedded Key	< 1 Hr.	221
	Recon 06	< 1 Hr.	3848
	Recon 07	< 1 Hr.	3374
	Recon 08	< 1 Hr.	3011
	CVE-2020-8163: Rails local name RCE	2-4 Hr.	123
	SAML: Known Key	1-2 Hr.	207
	Code Review 09	1-2 Hr.	63
	Recon 04	< 1 Hr.	5041
	Recon 05	< 1 Hr.	3813
	Recon 01	< 1 Hr.	6543
	OAuth2: Client Server XSS	1-2 Hr.	198
	Zip symlink	< 1 Hr.	357
	Code Review 08	1-2 Hr.	63
	SAML: Comment Injection	< 1 Hr.	974
	Unicode and Downcase	< 1 Hr.	374
	Code Review 07	1-2 Hr.	84
	Java Serialize 01	< 1 Hr.	213
	Unicode and Uppercase	< 1 Hr.	423
	Code Review 06	2-4 Hr.	36
	Cross-Site Leak	2-4 Hr.	398
	From SQL injection to Shell III: PostgreSQL Edition	2-4 Hr.	103
	OAuth2: Client CSRF II	2-4 Hr.	306
	XSS Include	< 1 Hr.	908
	OAuth2: Client CSRF	< 1 Hr.	651
	Code Review 05	2-4 Hr.	64
	Code Review 04	1-2 Hr.	163
	JS Prototype Pollution	< 1 Hr.	561
	OAuth2: Authorization Server CSRF	1-2 Hr.	766
	Code Review 03	2-4 Hr.	69
	SSRF in PDF generation	< 1 Hr.	580
	OAuth2: Github HTTP HEAD	1-2 Hr.	303
	SVG XSS	< 1 Hr.	1224
	Apache Pluto RCE	< 1 Hr.	346
	JSON Cross-Site Request Forgery	< 1 Hr.	1089
	Cross-Site Request Forgery	< 1 Hr.	1196
	Code Review 02	1-2 Hr.	190
	postMessage() IV	< 1 Hr.	676
	Spring Actuators	1-2 Hr.	181
	postMessage() III	1-2 Hr.	695
	postMessage() II	< 1 Hr.	763
	PHP phar://	< 1 Hr.	231
	Signing Oracle	< 1 Hr.	537
	Length Extension Attack	1-2 Hr.	476
	JSON Web Encryption	< 1 Hr.	342
	postMessage()	< 1 Hr.	864
	CVE-2019-5418	1-2 Hr.	325
	Cross-Site WebSocket Hijacking	< 1 Hr.	801
	JWT XII	1-2 Hr.	436
	Cross-Origin Resource Sharing II	< 1 Hr.	749
	JWT XI	1-2 Hr.	429
	cve-2019-5420 II	1-2 Hr.	369
	OAuth2: Client OpenRedirect	< 1 Hr.	596
	CVE-2019-5420	2-4 Hr.	586
	JWT X	< 1 Hr.	492
	GraphQL: SQL Injection	1-2 Hr.	878
	OAuth2: Authorization Server OpenRedirect	< 1 Hr.	685
	JWT IX	< 1 Hr.	574
	Gogs RCE II	< 1 Hr.	389
	JWT VIII	1-2 Hr.	618
	SAML: Signature Stripping	< 1 Hr.	1370
	GraphQL Introspection	< 1 Hr.	1574
	Gogs RCE	1-2 Hr.	443
	Android 07	1-2 Hr.	961
	Android 06	< 1 Hr.	1133
	Android 05	1-2 Hr.	1348
	Ruby 2.x Universal RCE Deserialization Gadget Chain	< 1 Hr.	976
	CVE-2018-10933: LibSSH auth bypass	--	0
	Android 04	< 1 Hr.	1725
	Android 03	< 1 Hr.	2324
	From SQL injection to Shell III	1-2 Hr.	744
	Android 02	< 1 Hr.	2543
	IDOR to Shell	1-2 Hr.	712
	Android 01	< 1 Hr.	2717
	Introduction to CSP	< 1 Hr.	1927
	CVE-2018-11235: Git Submodule RCE	2-4 Hr.	369
	Git Information Leak II	< 1 Hr.	1882
	Git Information Leak	< 1 Hr.	2485
	JWT VII	< 1 Hr.	2365
	CVE-2016-5386: HTTPoxy/Golang HTTProxy namespace conflict	< 1 Hr.	666
	Unix 31	< 1 Hr.	10656
	Unix 30	< 1 Hr.	10688
	Unix 25	< 1 Hr.	11181
	Unix 32	< 1 Hr.	10640
	Unix 34	< 1 Hr.	10590
	Unix 33	< 1 Hr.	10621
	Unix 27	< 1 Hr.	11046
	Unix 29	< 1 Hr.	10991
	Unix 28	< 1 Hr.	11005
	Unix 26	< 1 Hr.	11109
	CBC-MAC II	1-2 Hr.	1272
	JWT VI	< 1 Hr.	1836
	CVE-2018-6574: go get RCE	< 1 Hr.	657
	Unix 11	< 1 Hr.	14707
	Unix 12	< 1 Hr.	14322
	Unix 13	< 1 Hr.	13740
	Unix 14	< 1 Hr.	13431
	Unix 15	< 1 Hr.	12328
	Unix 16	< 1 Hr.	12077
	Unix 17	< 1 Hr.	12271
	Unix 18	< 1 Hr.	12215
	Unix 19	< 1 Hr.	12140
	Unix 20	< 1 Hr.	11396
	Unix 21	< 1 Hr.	11529
	Unix 22	< 1 Hr.	11419
	Unix 23	< 1 Hr.	11242
	Unix 24	< 1 Hr.	11186
	JWT V	< 1 Hr.	2191
	CVE-2018-0114	2-4 Hr.	1337
	JWT IV	< 1 Hr.	1942
	CBC-MAC	1-2 Hr.	1235
	JWT III	1-2 Hr.	2083
	Code Execution 09	< 1 Hr.	8147
	Server Side Template Injection 02	< 1 Hr.	6387
	MongoDB Injection 02	1-2 Hr.	6443
	Authorization 06	< 1 Hr.	10957
	Code Execution 08	< 1 Hr.	8262
	Authorization 04	< 1 Hr.	11833
	Authorization 05	< 1 Hr.	11406
	Command Execution 03	< 1 Hr.	8484
	Server Side Template Injection 01	< 1 Hr.	6390
	Code Execution 05	< 1 Hr.	9411
	Code Execution 06	< 1 Hr.	9220
	Code Execution 07	< 1 Hr.	9016
	Introduction to code review	--	0
	S2-052	< 1 Hr.	1911
	SQL Injection 06	< 1 Hr.	6934
	XML Attacks 01	< 1 Hr.	6729
	XML Attacks 02	< 1 Hr.	6419
	SQL Injection 04	< 1 Hr.	7325
	SQL Injection 05	< 1 Hr.	7270
	SQL Injection 01	< 1 Hr.	8082
	SQL Injection 02	< 1 Hr.	7840
	SQL Injection 03	< 1 Hr.	7659
	Code Execution 02	< 1 Hr.	10407
	Authorization 03	< 1 Hr.	12618
	Command Execution 01	< 1 Hr.	8823
	Command Execution 02	< 1 Hr.	8581
	Server Side Request Forgery 04	< 1 Hr.	7246
	Open Redirect 01	< 1 Hr.	7441
	Open Redirect 02	< 1 Hr.	7213
	MongoDB Injection 01	< 1 Hr.	7602
	SAML: Introduction	< 1 Hr.	1872
	Server Side Request Forgery 02	< 1 Hr.	7517
	Server Side Request Forgery 03	< 1 Hr.	7494
	Server Side Request Forgery 01	< 1 Hr.	7645
	XSS 09	< 1 Hr.	6774
	XSS 10	< 1 Hr.	6298
	Directory Traversal 01	< 1 Hr.	8915
	Directory Traversal 02	< 1 Hr.	8787
	Directory Traversal 03	< 1 Hr.	8705
	XSS 02	< 1 Hr.	7957
	XSS 03	< 1 Hr.	7694
	XSS 04	< 1 Hr.	7312
	XSS 05	< 1 Hr.	7115
	XSS 06	< 1 Hr.	7096
	XSS 07	< 1 Hr.	6977
	XSS 08	< 1 Hr.	6864
	File Upload 01	< 1 Hr.	6952
	File Upload 02	< 1 Hr.	6875
	XSS 01	< 1 Hr.	8235
	Authentication 05	< 1 Hr.	12892
	Code Execution 03	< 1 Hr.	9930
	Code Execution 04	< 1 Hr.	9754
	File Include 01	< 1 Hr.	8324
	File Include 02	< 1 Hr.	8148
	LDAP 01	< 1 Hr.	8077
	LDAP 02	< 1 Hr.	7754
	Authentication 04	< 1 Hr.	13513
	Authentication 01	< 1 Hr.	14641
	Authentication 02	< 1 Hr.	14150
	Authentication 03	< 1 Hr.	13749
	Authorization 01	< 1 Hr.	13054
	Authorization 02	< 1 Hr.	12809
	Code Execution 01	< 1 Hr.	11000
	CVE-2016-10033: PHPMailer RCE	< 1 Hr.	2911
	Cipher block chaining	1-2 Hr.	2215
	Struts s2-045	< 1 Hr.	2153
	CVE-2016-2098	< 1 Hr.	2792
	CVE-2014-4511: Gitlist RCE	--	0
	ECDSA	2-4 Hr.	297
	Werkzeug DEBUG	< 1 Hr.	1285
	Padding Oracle	1-2 Hr.	716
	Unickle	1-2 Hr.	575
	CVE-2015-3224	< 1 Hr.	1289
	Luhn	2-4 Hr.	519
	CVE-2013-0156: Rails Object Injection	< 1 Hr.	3220
	JSON Web Token II	1-2 Hr.	2769
	CVE-2016-0792	< 1 Hr.	3783
	ObjectInputStream	< 1 Hr.	3465
	XMLDecoder	< 1 Hr.	4225
	CVE-2014-1266	1-2 Hr.	991
	CVE-2011-0228	1-2 Hr.	1145
	Intercept 03	< 1 Hr.	1398
	Intercept 02	< 1 Hr.	1527
	Intercept 01	1-2 Hr.	1673
	Struts devMode	--	0
	JSON Web Token	< 1 Hr.	7868
	Cross-Origin Resource Sharing	--	0
	API to Shell	2-4 Hr.	2756
	Pickle Code Execution	< 1 Hr.	5152
	Play XML Entities	1-2 Hr.	1747
	CVE-2014-6271/Shellshock	< 1 Hr.	7175
	Play Session Injection	< 1 Hr.	2199
	CVE-2007-1860: mod_jk double-decoding	1-2 Hr.	4954
	XSS and MySQL FILE	--	0
	Electronic Code Book	1-2 Hr.	4719
	Web for Pentester II	--	0
	From SQL Injection to Shell II	--	0
	CVE-2012-6081: MoinMoin code execution	--	0
	Web for Pentester	--	0
	Axis2 Web service and Tomcat Manager	--	0
	CVE-2008-1930: Wordpress 2.5 Cookie Integrity Protection Vulnerability	--	0
	From SQL Injection to Shell: PostgreSQL edition	--	0
	Rack Cookies and Commands injection	--	0
	Linux Host Review	--	0
	CVE-2012-2661: ActiveRecord SQL injection	--	0
	CVE-2012-1823: PHP CGI	--	0
	PHP Include And Post Exploitation	--	0
	From SQL Injection to Shell	< 1 Hr.	6560
	Code Review 01	1-2 Hr.	305
	Introduction 01	< 1 Hr.	21507
	Recon 00	< 1 Hr.	6541
	Introduction 02	< 1 Hr.	21260
	Recon 02	< 1 Hr.	5446
	Introduction 03	< 1 Hr.	20829
	Recon 03	< 1 Hr.	4858
	Introduction 00	< 1 Hr.	22181
	Recon 10	< 1 Hr.	2137
	Recon 09	< 1 Hr.	3412
	Code Review 17	1-2 Hr.	24
	Unix 00	< 1 Hr.	18825
	Unix 01	< 1 Hr.	18403
	Unix 02	< 1 Hr.	18243
	Unix 03	< 1 Hr.	18026
	Unix 04	< 1 Hr.	17798
	Unix 05	< 1 Hr.	16962
	Unix 06	< 1 Hr.	16294
	Unix 07	< 1 Hr.	16048
	Unix 08	< 1 Hr.	15809
	Unix 09	< 1 Hr.	15340
	Unix 10	< 1 Hr.	14959
	PCAP 01	< 1 Hr.	5779
	PCAP 02	< 1 Hr.	5647
	PCAP 03	< 1 Hr.	5568
	PCAP 04	< 1 Hr.	5350
	PCAP 05	< 1 Hr.	5260
	PCAP 06	< 1 Hr.	5178
	PCAP 07	< 1 Hr.	5128
	PCAP 08	< 1 Hr.	5090
	PCAP 09	< 1 Hr.	5067
	PCAP 10	< 1 Hr.	4793
	PCAP 11	< 1 Hr.	4779
	PCAP 12	< 1 Hr.	4766
	PCAP 13	< 1 Hr.	4818
	Java Snippet #01	< 1 Hr.	278
	PCAP 14	< 1 Hr.	4805
	Java Snippet #02	< 1 Hr.	249
	PCAP 15	< 1 Hr.	4793
	Java Snippet #03	< 1 Hr.	226
	PCAP 16	< 1 Hr.	4770
	PCAP 17	< 1 Hr.	4718
	PCAP 18	< 1 Hr.	4712
	PCAP 19	< 1 Hr.	4691
	PCAP 20	< 1 Hr.	4608
	PCAP 21	< 1 Hr.	4563
	PCAP 22	< 1 Hr.	4544
	PCAP 23	< 1 Hr.	4538
	PCAP 24	< 1 Hr.	4528
	PCAP 25	< 1 Hr.	4531
	PCAP 26	< 1 Hr.	4529
	PCAP 27	< 1 Hr.	4479
	PCAP 28	< 1 Hr.	4463
	PCAP 29	< 1 Hr.	4453
	PCAP 30	< 1 Hr.	4429
	PCAP 31	< 1 Hr.	4416
	PCAP 32	< 1 Hr.	4357
	CVE-2021-4xx50	< 1 Hr.	170
	PCAP 33	< 1 Hr.	4286
	PCAP 34	< 1 Hr.	4332
	PCAP 35	< 1 Hr.	4391
	Android 08	1-2 Hr.	910
No search results found...