We'll help you get to the Next Level!
TRY OUR FREE EXERCISES OR GO PRO
FILTER
| EXERCISE | AVERAGE TIME TO COMPLETE | DIFFICULTY | # OF USERS COMPLETED | TIER |  |
 |
 |
|
|||
|---|---|---|---|---|---|---|---|---|---|---|---|
 |
SAML: CVE-2025-25291
This exercise covers the exploitation of CVE-2025-25291 (impacting ruby-saml)
|
1-2 Hr. |  |
3 |  |
||||||
 |
CVE-2022-37X1
This challenge covers the review of a CVE in a go codebase and its patch
|
-- | |
21 | |
||||||
|
CVE-2019-379X
This challenge is part of our golang code review challenges designed to teach you security code review by reviewing patches
|
< 1 Hr. | |
24 | |
||||||
|
CVE-2024-6X3X
This challenge covers the review of a CVE (original vulnerable code and diff) of a real go codebase
|
-- | |
18 | |
||||||
|
CVE-2025-XX95X
This challenge is part of our go code review challenges designed to teach you security code review by reviewing patches
|
< 1 Hr. | |
22 | |
||||||
|
SAML: CVE-2025-29775 Signed Metadata
This exercise covers the exploitation of CVE-2025-29775 (impacting xml-crypto) without XMLResponse
|
> 4 Hr. | |
4 | |
||||||
|
SAML: CVE-2025-29775
This exercise covers the exploitation of CVE-2025-29775 (impacting xml-crypto)
|
2-4 Hr. | |
10 | |
||||||
|
CVE-2024-X5X87
This challenge covers the review of a CVE in a go codebase and its patch
|
-- | |
43 | |
||||||
|
CVE-2023-XX463
This challenge covers the review of a CVE in a Go codebase and its patch
|
-- | |
40 | |
||||||
|
Golang Code Review #04
This challenge covers the review of a snippet of code written in Golang.
|
-- | |
44 | |
||||||
 |
API Mass-Assignment 03 | < 1 Hr. |  |
145 | |
||||||
 |
UUIDv1 IDOR | 1-2 Hr. | |
99 | |
||||||
|
API Mass-Assignment 02 | < 1 Hr. | |
170 | |
||||||
|
API Mass-Assignment 01 | < 1 Hr. | |
185 | |
||||||
|
Mongo IDOR II
This challenge covers how to recover a Mongo ID to leverage an IDOR
|
< 1 Hr. | |
135 | |
||||||
|
Mongo IDOR III | < 1 Hr. | |
84 | |
||||||
|
Mongo IDOR IV | 2-4 Hr. | |
46 | |
||||||
|
Golang Code Review #05
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. |  |
65 | |
||||||
|
Golang Code Review #09
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
65 | |
||||||
|
CVE-2024-x730x
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
67 | |
||||||
|
CVE-2023-28XX9
This challenge covers the review of a CVE in a Golang codebase and its patch
|
1-2 Hr. | |
51 | |
||||||
|
CVE-2023-X5821
This challenge covers the review of a CVE in a Go codebase and its patch
|
< 1 Hr. | |
53 | |
||||||
|
CVE-2024-X3X06
This challenge covers the review of a CVE in a Go codebase and its patch
|
< 1 Hr. | |
54 | |
||||||
|
CVE-2022-XX975
This challenge covers the review of a CVE in a Go codebase and its patch
|
< 1 Hr. | |
54 | |
||||||
|
API JWT REVOCATION
jwt
This exercise covers how to bypass a weak JWT Revocation Mechanism.
|
< 1 Hr. | |
192 | |
||||||
|
Puzzle 06
Leverage a weak implementation of lowercase to access arbitrary files
|
< 1 Hr. | |
18 | |
||||||
|
Puzzle 07
Leverage a weak implementation of lowercase to access arbitrary files
|
1-2 Hr. | |
17 | |
||||||
|
API 18
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
191 | |
||||||
|
API 19
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
201 | |
||||||
|
API 20
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
188 | |
||||||
|
API 16
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
281 | |
||||||
|
API 17
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
204 | |
||||||
|
GraphQL Authorization 01
This exercise covers a simple authorization issue in a GraphQL application.
|
< 1 Hr. | |
178 | |
||||||
|
GraphQL Authorization 02
This exercise covers a simple authorization issue in a GraphQL application.
|
< 1 Hr. | |
185 | |
||||||
|
Golang Code Review #01
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
104 | |
||||||
|
Golang Code Review #03
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
74 | |
||||||
|
Golang Code Review #02
This challenge covers the review of a snippet of code written in Golang.
|
< 1 Hr. | |
85 | |
||||||
|
CVE-2022-2X8XX
This challenge covers the review of a CVE in a Golang codebase and its patch
|
< 1 Hr. | |
100 | |
||||||
|
CVE-2022-X10X8
This challenge covers the review of a CVE in a Golang codebase and its patch
|
1-2 Hr. | |
92 | |
||||||
|
CVE-2024-X90X6
This challenge covers the review of a CVE in a Golang codebase and its patch
|
< 1 Hr. | |
74 | |
||||||
|
ORM LEAK: SQLite
This exercise covers how to exploit an ORM leak vulnerability
|
1-2 Hr. | |
70 | |
||||||
|
CVE-2022-X87X
This challenge covers the review of a CVE in a Golang codebase and its patch
|
-- | |
71 | |
||||||
|
CVE-2023-51XX2
This challenge covers the review of a CVE in a Golang codebase and its patch
|
< 1 Hr. | |
76 | |
||||||
|
CVE-2024-2791X
This challenge covers the review of a CVE in a Golang codebase and its patch
|
2-4 Hr. | |
66 | |
||||||
|
ORM LEAK 02
This exercise covers how to exploit an ORM leak vulnerability
|
< 1 Hr. | |
111 | |
||||||
|
Puzzle 05
Authentication Bypass using an SQL injection without or 1=1
|
1-2 Hr. | |
25 | |
||||||
|
CVE-2022-2X24X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
132 | |
||||||
|
CVE-2023-3X4X6
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
118 | |
||||||
|
CVE-2022-4x3x5
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
99 | |
||||||
|
Puzzle 03
Find and exploit a Golang vulnerability inspired by CVE-2022-31683
|
1-2 Hr. | |
19 | |
||||||
|
Java Code Review 14
This challenge covers the review of a simple codebase in Java
|
< 1 Hr. | |
96 | |
||||||
|
Java Code Review 15
This challenge covers the review of a simple codebase in Java
|
< 1 Hr. | |
88 | |
||||||
|
Java Code Review 16
This challenge covers the review of a simple codebase in Java
|
< 1 Hr. | |
79 | |
||||||
|
ORM LEAK 01
This exercise covers how to exploit a simple ORM leak.
|
1-2 Hr. | |
136 | |
||||||
|
Java Code Review 11
This challenge covers the review of a simple codebase in Java
|
< 1 Hr. | |
96 | |
||||||
|
Java Code Review 12
This challenge covers the review of a simple codebase in Java
|
-- | |
94 | |
||||||
|
Java Code Review 13
This challenge covers the review of a simple codebase in Java
|
< 1 Hr. | |
99 | |
||||||
|
Java Code Review 10
This challenge covers the review of a simple codebase in Java
|
< 1 Hr. | |
105 | |
||||||
|
CVE-2023-4X25X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
103 | |
||||||
|
Puzzle 04
Leverage SQL LIKE to gain access to sensitive information
|
2-4 Hr. | |
10 | |
||||||
|
CVE-2023-5X38X
This challenge covers the review of a CVE in a Java codebase and its patch
|
-- | |
118 | |
||||||
|
CVE-2024-2X31X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
156 | |
||||||
|
CVE-2024-X875X
This challenge covers the review of a CVE in a Java codebase and its patch
|
-- | |
135 | |
||||||
|
CVE-2022-0415
Exploit CVE-2022-0415 to gain code execution in Gogs
|
2-4 Hr. | |
12 | |
||||||
|
Java Code Review 07
This challenge covers the review of a simple codebase in Java
|
< 1 Hr. | |
106 | |
||||||
|
Java Code Review 08
This challenge covers the review of a simple codebase in Java
|
< 1 Hr. | |
112 | |
||||||
|
Java Code Review 09
This challenge covers the review of a simple codebase in Java
|
< 1 Hr. | |
90 | |
||||||
|
Puzzle 01
Find the XSS by leveraging backreferences in a regular expression
|
< 1 Hr. | |
32 | |
||||||
|
Puzzle 02
XSS
CSP
Leverage a PHP trick to bypass CSP
|
< 1 Hr. | |
25 | |
||||||
|
API 13
This exercise covers a complex filter bypass in API.
|
< 1 Hr. | |
418 | |
||||||
|
API 14
This exercise covers how to exploit a leaked encrypted password with an API.
|
< 1 Hr. | |
438 | |
||||||
|
API 15
This exercise covers how to exploit a leaked encrypted password with an API.
|
< 1 Hr. | |
382 | |
||||||
|
Java Code Review 04
This challenge covers the review of a simple codebase in Java
|
< 1 Hr. | |
131 | |
||||||
|
Java Code Review 05
This challenge covers the review of a simple codebase in Java
|
< 1 Hr. | |
136 | |
||||||
|
Java Code Review 06
This challenge covers the review of a simple codebase in Java
|
< 1 Hr. | |
133 | |
||||||
|
API 10
This exercise covers a common filter bypass in API.
|
< 1 Hr. | |
546 | |
||||||
|
API 11
This exercise covers a common filter bypass in API.
|
< 1 Hr. | |
497 | |
||||||
|
API 12
This exercise covers a common filter bypass in API.
|
< 1 Hr. | |
466 | |
||||||
|
Java Code Review 01
This challenge covers the review of a simple codebase in Java
|
< 1 Hr. | |
170 | |
||||||
|
Java Code Review 02
This challenge covers the review of a simple codebase in Java
|
< 1 Hr. | |
171 | |
||||||
|
Java Code Review 03
This challenge covers the review of a simple codebase in Java
|
-- | |
150 | |
||||||
|
JSON Web Token XV: CVE-2022-39227
jwt
This exercise covers the exploitation of polyglot token against python_jwt (CVE-2022-39227)
|
< 1 Hr. | |
28 | |
||||||
|
CVE-2023-X48X9
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
120 | |
||||||
|
CVE-2009-387X
This challenge covers the review of a CVE in a Java codebase and its patch
|
1-2 Hr. | |
186 | |
||||||
|
CVE-2023-5143X
This challenge covers the review of a CVE in a Java codebase and its patch
|
1-2 Hr. | |
180 | |
||||||
|
GHSA-95XX
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
95 | |
||||||
|
CVE-2022-4x13x
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
96 | |
||||||
|
CVE-2023-46XX2
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
102 | |
||||||
|
Java Serialize 06
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
2-4 Hr. | |
27 | |
||||||
|
API 09
This exercise covers how one can inspect HTTP responses to identify information leaks.
|
< 1 Hr. | |
660 | |
||||||
|
Java Serialize 04
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
1-2 Hr. | |
71 | |
||||||
|
Java Serialize 05
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
2-4 Hr. | |
44 | |
||||||
|
Cache Poisoning 01
This exercise details how to exploit an application vulnerable to cache poisoning
|
< 1 Hr. | |
103 | |
||||||
|
Cache Deception 02
This exercise details how to exploit an application vulnerable to cache deception
|
< 1 Hr. | |
99 | |
||||||
|
CVE-2023-XXX83
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
108 | |
||||||
|
CVE-2023-289X6
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
94 | |
||||||
|
CVE-2023-350XX
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
99 | |
||||||
|
CVE-2022-XX910
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
98 | |
||||||
|
CVE-2022-342XX
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
97 | |
||||||
|
Cache Deception 01
This exercise details how to exploit an application vulnerable to cache deception
|
< 1 Hr. | |
122 | |
||||||
|
CVE-2022-X50X6
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
102 | |
||||||
|
CVE-2023-25X4X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
91 | |
||||||
|
CVE-202X-2561X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
112 | |
||||||
|
CVE-2022-x0x08
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
127 | |
||||||
|
CVE-2022-4504x
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
161 | |
||||||
|
CVE-2022-X51X3
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
155 | |
||||||
|
CVE-2007-546X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
117 | |
||||||
|
CVE-2011-XX61
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
110 | |
||||||
|
CVE-2006-6X6X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
125 | |
||||||
|
Java Serialize 02
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
< 1 Hr. | |
127 | |
||||||
|
Java Serialize 03
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
< 1 Hr. | |
103 | |
||||||
|
CVE-2014-7X09
This challenge covers the review of a CVE in a Java codebase and its patch
|
1-2 Hr. | |
178 | |
||||||
|
CVE-2020-9X8X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
218 | |
||||||
|
CVE-2018-XX34
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
165 | |
||||||
|
CVE-2012-5XX3
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
123 | |
||||||
|
CVE-2022-X41X9
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
104 | |
||||||
|
CVE-2009-26X3
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
138 | |
||||||
|
CVE-2022-357X1
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
127 | |
||||||
|
CVE-2023-30XX1
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
142 | |
||||||
|
CVE-2023-2X8X1
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
138 | |
||||||
 |
SAML: PySAML2 SSRF
This exercise covers the exploitation of a SSRF in PySAML2
|
< 1 Hr. | |
122 | |
||||||
|
CVE-2022-378xx
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
326 | |
||||||
|
CVE-2022-x0x09
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
168 | |
||||||
|
CVE-2018-8x14
This challenge covers the review of a CVE in a Java codebase and its patch
|
2-4 Hr. | |
102 | |
||||||
|
JWT Algorithm Confusion with ECDSA Public Key Recovery
jwt
This exercise covers the exploitation of algorithm confusion when no public key is available with a ECDSA key
|
1-2 Hr. | |
24 | |
||||||
|
CVE-2014-X80X
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
139 | |
||||||
|
CVE-2015-3XX0
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
122 | |
||||||
|
CVE-2022-458X1
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
163 | |
||||||
|
SAML: CVE-2021-21239
This exercise covers the exploitation of CVE-2021-21239 (PySAML2)
|
2-4 Hr. | |
71 | |
||||||
|
CVE-2022-393XX
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
134 | |
||||||
|
CVE-2023-2XX60
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
129 | |
||||||
|
CVE-2023-2XX61
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
137 | |
||||||
|
SAML: Malicious IDP
This exercise covers the creation of a malicious IDP to forge an assertion
|
2-4 Hr. | |
34 | |
||||||
|
DOMPDF RCE IV
This exercise covers the automation of the exploitation of a vulnerability in the DOMPDF library
|
> 4 Hr. | |
21 | |
||||||
|
SAML: Signature Wrapping III
This exercise covers the exploitation of a Signature Wrapping Issue in passport-saml (CVE-2022-39299)
|
1-2 Hr. | |
103 | |
||||||
|
XSL Java
This exercise covers the exploitation of a Java application using XSL
|
< 1 Hr. | |
105 | |
||||||
|
DOMPDF RCE III
This exercise covers the exploitation of a vulnerability in the DOMPDF library
|
2-4 Hr. | |
47 | |
||||||
|
XSL PHP V
This exercise covers the exploitation of a PHP application using XSL
|
< 1 Hr. | |
102 | |
||||||
|
API Payments 07
This exercise covers a way to manipulate a shopping cart to lower the total amount
|
< 1 Hr. | |
789 | |
||||||
|
CVE-2021-22204: Exiftool RCE II
This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files
|
< 1 Hr. | |
71 | |
||||||
|
XSL PHP IV
This exercise covers the exploitation of a PHP application using XSL
|
2-4 Hr. | |
133 | |
||||||
|
API Payments 06
This exercise covers a simple payments bypass.
|
< 1 Hr. | |
823 | |
||||||
|
CVE-2022-39224
This exercise covers the exploitation of CVE-2022-39224
|
2-4 Hr. | |
84 | |
||||||
|
XSL PHP III
This exercise covers the exploitation of a PHP application using XSL
|
< 1 Hr. | |
157 | |
||||||
|
DOMPDF RCE II
This exercise covers the exploitation of a vulnerability in the DOMPDF library
|
2-4 Hr. | |
62 | |
||||||
|
DOMPDF RCE
This exercise covers the exploitation of a vulnerability in the DOMPDF library
|
< 1 Hr. | |
135 | |
||||||
|
API Payments 05
This exercise covers how to abuse a shopping cart allowing users to apply a voucher.
|
< 1 Hr. | |
761 | |
||||||
|
XSL PHP II
This exercise covers the exploitation of a PHP application using XSL
|
< 1 Hr. | |
219 | |
||||||
|
API Payments 04
This exercise covers how to abuse a shopping cart allowing users to apply a voucher..
|
< 1 Hr. | |
1024 | |
||||||
|
XSL PHP
This exercise covers the exploitation of a PHP application using XSL
|
< 1 Hr. | |
259 | |
||||||
|
API Payments 03
This exercise covers a simple payments bypass.
|
< 1 Hr. | |
1120 | |
||||||
|
Code Review 18
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
218 | |
||||||
|
CVE-2020-13xxx
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
469 | |
||||||
|
CVE-2008-5x8x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
609 | |
||||||
|
CVE-2022-3x7x1
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
582 | |
||||||
|
Python Snippet #02
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1659 | |
||||||
|
Java Snippet #10
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1225 | |
||||||
|
Java Snippet #11
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1118 | |
||||||
|
Java Snippet #12
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1077 | |
||||||
|
API Payments 02
This exercise covers a simple payments bypass.
|
< 1 Hr. | |
1281 | |
||||||
|
GCM Nonce Reuse
This challenge covers the impact of nonce reuse on GCM
|
1-2 Hr. | |
159 | |
||||||
|
CVE-2019-5x2x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
423 | |
||||||
|
Java Snippet #07
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1442 | |
||||||
|
Java Snippet #08
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1467 | |
||||||
|
Java Snippet #09
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1099 | |
||||||
|
API Payments 01
API
This exercise covers a simple payments bypass.
|
< 1 Hr. | |
1699 | |
||||||
|
CVE-2022-26xx9
This challenge covers a vulnerable snippet in a real Java application
|
< 1 Hr. | |
436 | |
||||||
|
Python Snippet #07
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1358 | |
||||||
|
Python Snippet #08
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1303 | |
||||||
|
Python Snippet #09
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1356 | |
||||||
|
Mongo IDOR
This challenge covers how to exploit an IDOR when Mongo IDs are used
|
< 1 Hr. | |
972 | |
||||||
|
CVE-2008-5x8x_ii
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
441 | |
||||||
|
CVE-2005-2x8x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
451 | |
||||||
|
Golang Snippet #01
This challenge covers the review of a snippet of code written in Golang
|
< 1 Hr. | |
1445 | |
||||||
|
Java Snippet #06
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1106 | |
||||||
|
Python Snippet #06
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1481 | |
||||||
|
CVE-2022-21449
jwt
This exercise covers the exploitation of CVE-2022-21449 against a Java Application relying on JWT
|
< 1 Hr. | |
154 | |
||||||
|
CVE-2021-33564 Argument Injection in Ruby Dragonfly
This exercise covers how you can get arbitrary file read using CVE-2021-33564 against Refinery CMS
|
< 1 Hr. | |
126 | |
||||||
|
CVE-2021-45xx9
This challenge covers a vulnerable snippet in a real Python application
|
< 1 Hr. | |
592 | |
||||||
|
PHP Snippet #07
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
1417 | |
||||||
|
PHP Snippet #08
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
1327 | |
||||||
|
PHP Snippet #09
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
1243 | |
||||||
|
Python Snippet #03
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1495 | |
||||||
|
Python Snippet #04
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1352 | |
||||||
|
Python Snippet #05
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1402 | |
||||||
|
CVE-2021-39x3x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
452 | |
||||||
|
CVE-2022-21724: JDBC RCE PostgreSQL
This challenge covers how to gain code execution by leveraging a JDBC connection string with PostgreSQL
|
< 1 Hr. | |
154 | |
||||||
|
Java Snippet #04
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1297 | |
||||||
|
Java Snippet #05
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1193 | |
||||||
|
Ox Remote Code Execution II
This exercise covers how you can gain code execution when an application is using Ox to deserialize data and is running on Ruby 2.7
|
2-4 Hr. | |
32 | |
||||||
|
CVE-2009-3x8x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
581 | |
||||||
 |
HTTP 41
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2399 | |
||||||
|
HTTP 42
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2420 | |
||||||
|
HTTP 43
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2342 | |
||||||
|
CVE-2021-381xx
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
483 | |
||||||
|
H2 RCE
This challenge covers how to gain code execution by leveraging an H2 database in a Java application
|
< 1 Hr. | |
118 | |
||||||
|
TypeScript Snippet #04
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
956 | |
||||||
|
TypeScript Snippet #05
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
979 | |
||||||
|
TypeScript Snippet #06
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
859 | |
||||||
|
TypeScript Snippet #07
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
804 | |
||||||
|
TypeScript Snippet #08
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
866 | |
||||||
|
TypeScript Snippet #09
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
896 | |
||||||
|
CVE-2008-4x9x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
527 | |
||||||
|
Log4j RCE II
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
1-2 Hr. | |
161 | |
||||||
|
Log4j RCE
This challenge covers the latest RCE in Log4j
|
1-2 Hr. | |
285 | |
||||||
|
CVE-2021-4379x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
562 | |
||||||
|
API 08
This exercise covers how one can inspect HTTP responses to identify information leaks.
|
< 1 Hr. | |
1474 | |
||||||
|
JDBC RCE
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
2-4 Hr. | |
60 | |
||||||
|
CVE-2008-1x3x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
751 | |
||||||
|
Golang Snippet #12
This challenge covers the review of a snippet of code written in Golang
|
< 1 Hr. | |
833 | |
||||||
|
TypeScript Snippet #01
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1163 | |
||||||
|
TypeScript Snippet #02
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1107 | |
||||||
|
TypeScript Snippet #03
This challenge covers the review of a snippet of code written in TypeScript
|
< 1 Hr. | |
1038 | |
||||||
|
API 07
API
Angular
This exercise covers how one can inspect JavaScript code to identify information leak.
|
< 1 Hr. | |
1566 | |
||||||
|
CVE-2021-40438
This challenge covers how to trigger a Server-Side Request Forgery by leveraging CVE-2021-40438
|
< 1 Hr. | |
319 | |
||||||
|
CVE-2021-41773
This challenge covers how to read arbitrary files by leveraging CVE-2021-41773
|
< 1 Hr. | |
520 | |
||||||
|
CVE-2021-41773 II
This challenge covers how to gain code execution by leveraging CVE-2021-41773
|
1-2 Hr. | |
193 | |
||||||
|
HTTP 36
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2596 | |
||||||
|
HTTP 37
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2573 | |
||||||
|
HTTP 38
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2624 | |
||||||
|
HTTP 39
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2608 | |
||||||
|
HTTP 40
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2622 | |
||||||
|
CVE-2006-4xxx
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
571 | |
||||||
|
CVE-2006-4xxx_ii
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
465 | |
||||||
|
PHP Snippet #04
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
1540 | |
||||||
|
PHP Snippet #05
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
1448 | |
||||||
|
PHP Snippet #06
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
1534 | |
||||||
|
API 06
API
Angular
This exercise covers how one can inspect JavaScript code to identify unused endpoints.
|
< 1 Hr. | |
1698 | |
||||||
|
CVE-2021-37xxx
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
536 | |
||||||
|
PHP Snippet #01
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
2148 | |
||||||
|
PHP Snippet #02
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
1853 | |
||||||
|
PHP Snippet #03
This challenge covers the review of a snippet of code written in PHP
|
< 1 Hr. | |
1634 | |
||||||
|
HTTP 31
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2742 | |
||||||
|
HTTP 32
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2676 | |
||||||
|
HTTP 35
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2674 | |
||||||
|
HTTP 34
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2636 | |
||||||
|
HTTP 33
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2668 | |
||||||
|
API 05
API
Angular
This exercise covers how one can inspect JavaScript code to identify unused endpoints.
|
< 1 Hr. | |
1978 | |
||||||
|
API 04
API
Angular
This exercise covers how one can inspect JavaScript code to identify unused endpoints.
|
< 1 Hr. | |
2155 | |
||||||
|
Golang Snippet #02
This challenge covers the review of a snippet of code written in Golang
|
< 1 Hr. | |
1175 | |
||||||
|
Golang Snippet #03
This challenge covers the review of a snippet of code written in Golang
|
< 1 Hr. | |
988 | |
||||||
|
Golang Snippet #04
This challenge covers the review of a snippet of code written in Golang
|
< 1 Hr. | |
1175 | |
||||||
|
Golang Snippet #05
This challenge covers the review of a snippet of code written in Golang
|
< 1 Hr. | |
1053 | |
||||||
|
Golang Snippet #06
This challenge covers the review of a snippet of code written in Golang
|
< 1 Hr. | |
938 | |
||||||
|
Golang Snippet #07
This challenge covers the review of a snippet of code written in Golang
|
< 1 Hr. | |
969 | |
||||||
|
Golang Snippet #08
This challenge covers the review of a snippet of code written in Golang
|
< 1 Hr. | |
903 | |
||||||
|
Golang Snippet #09
This challenge covers the review of a snippet of code written in Golang
|
< 1 Hr. | |
845 | |
||||||
|
Golang Snippet #10
This challenge covers the review of a snippet of code written in Golang
|
< 1 Hr. | |
950 | |
||||||
|
Golang Snippet #11
This challenge covers the review of a snippet of code written in Golang
|
< 1 Hr. | |
939 | |
||||||
|
Javascript Snippet #01
This challenge covers the review of a snippet of code written in JavaScript
|
< 1 Hr. | |
1834 | |
||||||
|
Javascript Snippet #02
This challenge covers the review of a snippet of code written in JavaScript
|
< 1 Hr. | |
1523 | |
||||||
|
Javascript Snippet #03
This challenge covers the review of a snippet of code written in JavaScript
|
< 1 Hr. | |
1536 | |
||||||
|
Javascript Snippet #04
This challenge covers the review of a snippet of code written in JavaScript
|
< 1 Hr. | |
1423 | |
||||||
|
Javascript Snippet #05
This challenge covers the review of a snippet of code written in JavaScript
|
< 1 Hr. | |
1489 | |
||||||
|
Javascript Snippet #06
This challenge covers the review of a snippet of code written in JavaScript
|
< 1 Hr. | |
1369 | |
||||||
|
Javascript Snippet #07
This challenge covers the review of a snippet of code written in JavaScript
|
< 1 Hr. | |
1335 | |
||||||
|
Python Snippet #01
This challenge covers the review of a snippet of code written in Python
|
< 1 Hr. | |
1815 | |
||||||
|
Ruby Snippet #01
This challenge covers the review of a snippet of code written in Ruby
|
< 1 Hr. | |
762 | |
||||||
|
Ruby Snippet #02
This challenge covers the review of a snippet of code written in Ruby
|
< 1 Hr. | |
720 | |
||||||
|
Ruby Snippet #03
This challenge covers the review of a snippet of code written in Ruby
|
< 1 Hr. | |
756 | |
||||||
|
Ruby Snippet #04
This challenge covers the review of a snippet of code written in Ruby
|
< 1 Hr. | |
685 | |
||||||
|
Ruby Snippet #05
This challenge covers the review of a snippet of code written in Ruby
|
< 1 Hr. | |
774 | |
||||||
|
Ruby Snippet #06
This challenge covers the review of a snippet of code written in Ruby
|
< 1 Hr. | |
755 | |
||||||
|
Ruby Snippet #07
This challenge covers the review of a snippet of code written in Ruby
|
< 1 Hr. | |
615 | |
||||||
|
Ruby Snippet #08
This challenge covers the review of a snippet of code written in Ruby
|
< 1 Hr. | |
663 | |
||||||
|
Ruby Snippet #09
This challenge covers the review of a snippet of code written in Ruby
|
< 1 Hr. | |
614 | |
||||||
|
HTTP 26
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2935 | |
||||||
|
HTTP 27
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2860 | |
||||||
|
HTTP 28
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2858 | |
||||||
|
HTTP 29
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2771 | |
||||||
|
HTTP 30
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2815 | |
||||||
|
CVE-2020-17xx7
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
975 | |
||||||
|
Ox Remote Code Execution
This exercise covers how you can gain code execution when an application is using Ox to deserialize data and is running on Ruby 2.3
|
2-4 Hr. | |
78 | |
||||||
|
CVE-2020-9x9x
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
751 | |
||||||
|
HTTP 21
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3076 | |
||||||
|
HTTP 22
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3041 | |
||||||
|
HTTP 23
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2952 | |
||||||
|
HTTP 24
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2956 | |
||||||
|
HTTP 25
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
2991 | |
||||||
|
HTTP 16
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3172 | |
||||||
|
HTTP 20
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3089 | |
||||||
|
HTTP 18
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3137 | |
||||||
|
HTTP 19
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3133 | |
||||||
|
HTTP 17
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3150 | |
||||||
|
CVE-2020-17xx8
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
557 | |
||||||
|
CVE-2021-22204: Exiftool RCE
This exercise covers how you can gain code execution when an application uses exiftool on user-controlled files
|
1-2 Hr. | |
165 | |
||||||
|
SSRF via FFMPEG II
This exercise covers how you can read arbitrary files when an application uses ffmpeg to render videos from a video you provide
|
< 1 Hr. | |
118 | |
||||||
|
API 03
API
This exercise is the API version of an exercise you already solved in another badge. You should use it to get more confident with discovering vulnerabilities without any hint on what to look for.
|
< 1 Hr. | |
2135 | |
||||||
|
CVE-2020-11xxx
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
569 | |
||||||
 |
OAuth2: Authorization Server XSS II
This exercise covers the exploitation of an XSS in an OAuth2 Authorization Server
|
< 1 Hr. | |
252 | |
||||||
|
HTTP 11
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3418 | |
||||||
|
HTTP 15
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3290 | |
||||||
|
HTTP 12
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3379 | |
||||||
|
HTTP 13
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3298 | |
||||||
|
HTTP 14
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3310 | |
||||||
|
API 02
API
This exercise is the API version of an exercise you already solved in another badge. You should use it to get more confident with discovering vulnerabilities without any hint on what to look for.
|
< 1 Hr. | |
2731 | |
||||||
|
Express Local File Read
This exercise covers how an insecure call to render can be used to gain local files read with Express
|
< 1 Hr. | |
385 | |
||||||
|
OAuth2: Authorization Server XSS
This exercise covers the exploitation of an XSS in an OAuth2 Authorization Server
|
< 1 Hr. | |
337 | |
||||||
|
HTTP 10
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3490 | |
||||||
|
HTTP 09
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3595 | |
||||||
|
HTTP 07
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3678 | |
||||||
|
HTTP 06
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3759 | |
||||||
|
HTTP 08
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3675 | |
||||||
|
HTTP 03
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
4086 | |
||||||
|
HTTP 04
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3939 | |
||||||
|
HTTP 05
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3864 | |
||||||
|
HTTP 02
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
4304 | |
||||||
|
HTTP 01
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
4535 | |
||||||
|
API 01
API
This exercise is the API version of an exercise you already solved in the Essential Badge. You should use it to get more confident with discovering vulnerabilities without any hint on what to look for.
|
< 1 Hr. | |
3216 | |
||||||
|
JWT Algorithm Confusion with RSA Public Key Recovery
jwt
This exercise covers the exploitation of algorithm confusion when no public key is available
|
< 1 Hr. | |
175 | |
||||||
|
SAML: Comment Injection II
This exercise covers the exploitation of a comment injection vulnerability in SAML
|
< 1 Hr. | |
557 | |
||||||
 |
Recon 24
In this challenge, you need to look for a file named key.txt in the place used to serve the assets for the main website
|
< 1 Hr. | |
4570 |  |
||||||
|
Recon 25
In this challenge, you need to look for a file named key2.txt in the place used to serve the assets for the main website
|
1-2 Hr. | |
2840 | |
||||||
|
Recon 26
In this challenge, you need to look for a key in the JavaScript used by the website
|
< 1 Hr. | |
4336 | |
||||||
|
SSRF via FFMPEG
This exercise covers how you can read arbitrary files when an application uses ffmpeg to render videos from a video you provide
|
< 1 Hr. | |
230 | |
||||||
|
SAML: Signature Wrapping II
This exercise covers how to use Signature Wrapping to become an arbitrary user
|
< 1 Hr. | |
417 | |
||||||
|
RCE via argument injection
This exercise covers a remote command execution vulnerability via argument injection
|
2-4 Hr. | |
51 | |
||||||
|
Code Review 16
This exercise is one of our challenges to help you learn how to review real source code
|
< 1 Hr. | |
334 | |
||||||
|
SAML: Signature Wrapping
This exercise covers how to use Signature Wrapping to become an arbitrary user
|
< 1 Hr. | |
515 | |
||||||
|
Recon 20
In this challenge, you need to look at the branches in repo3
|
< 1 Hr. | |
4640 | |
||||||
|
Recon 21
In this challenge, you need to look at the information in the branches for repo4
|
< 1 Hr. | |
4535 | |
||||||
|
Recon 22
In this challenge, you need to look in repo9 for deleted files
|
< 1 Hr. | |
4337 | |
||||||
|
Recon 23
In this challenge, you need to look for sensitive information in commit messages
|
< 1 Hr. | |
4339 | |
||||||
|
SAML: SAMLResponse forwarding
This exercise covers how to pass the SAMLResponse from one Service Provider to another
|
< 1 Hr. | |
463 | |
||||||
|
CGI and Signature
This exercise covers the exploitation of a vulnerable CGI.
|
< 1 Hr. | |
219 | |
||||||
|
Recon 17
In this challenge, you need to look at the name of the developer used in the repository test1
|
< 1 Hr. | |
4941 | |
||||||
|
Recon 18
In this challenge, you need to look at the public repository of the developers in the organisation
|
< 1 Hr. | |
4682 | |
||||||
|
Recon 19
In this challenge, you need to look at the email addresses used for commits in the repository repo7
|
< 1 Hr. | |
4389 | |
||||||
|
Code Review 15
This exercise is one of our challenges to help you learn how to review real source code
|
< 1 Hr. | |
322 | |
||||||
|
Code Review 14
This exercise is one of our challenges to help you learn how to review real source code
|
< 1 Hr. | |
344 | |
||||||
|
CVE-2020-14343: PyYAML unsafe loader
This exercise covers how you can gain code execution when an application use a vulnerable version of PyYAML and relies on load()
|
< 1 Hr. | |
302 | |
||||||
|
OAuth2: State Fixation
This exercise covers the exploitation of a state fixation in an OAuth2 Client
|
1-2 Hr. | |
374 | |
||||||
|
Code Review 13
This exercise is one of our challenges to help you learn how to review real source code
|
2-4 Hr. | |
250 | |
||||||
|
CVE-2020-7115: Aruba Clearpass RCE
This exercise covers a remote command execution issue on Aruba Clearpass RCE
|
< 1 Hr. | |
208 | |
||||||
|
Code Review 12
This exercise is one of our challenges to help you learn how to review real source code
|
< 1 Hr. | |
377 | |
||||||
|
OAuth2: Predictable State II
This exercise covers the exploitation of a predictable state in an OAuth2 Client
|
1-2 Hr. | |
252 | |
||||||
|
Recon 13
In this challenge, you need to find the TXT record linked to key.z.hackycorp.com
|
< 1 Hr. | |
5768 | |
||||||
|
Recon 14
In this challenge, you need to find a TXT record by doing a zone transfer on z.hackycorp.com
|
< 1 Hr. | |
5198 | |
||||||
|
Recon 15
In this challenge, you need to find a TXT record by doing a zone transfer on the internal zone "int"
|
< 1 Hr. | |
4671 | |
||||||
|
Recon 16
In this challenge, you need to find the version of Bind used
|
< 1 Hr. | |
4848 | |
||||||
|
EDDSA vulnerability in Monocypher
Crypto
This exercise covers the exploitation of a vulnerability impacting Monocypher.
|
1-2 Hr. | |
174 | |
||||||
|
Code Review 11
This exercise is one of our challenges to help you learn how to review real source code
|
2-4 Hr. | |
203 | |
||||||
|
OAuth2: Predictable State
This exercise covers the exploitation of a predictable state in an OAuth2 Client
|
2-4 Hr. | |
271 | |
||||||
|
Code Review 10
This exercise is one of our challenges to help you learn how to review real source code
|
< 1 Hr. | |
309 | |
||||||
|
Recon 11 | < 1 Hr. | |
5261 | |
||||||
|
Recon 12 | < 1 Hr. | |
5762 | |
||||||
|
Unicode and NFKC
This exercise covers how to leverage unicode to exploit a directory traversal
|
< 1 Hr. | |
297 | |
||||||
|
SAML: Trusted Embedded Key
This exercise covers the exploitation of a Service Provider (SP) that doesn't check the certificate provided in the SAMLResponse
|
< 1 Hr. | |
476 | |
||||||
|
Recon 06
This exercise covers default vhost
|
< 1 Hr. | |
10234 | |
||||||
|
Recon 07
This exercise covers default TLS vhost
|
< 1 Hr. | |
9264 | |
||||||
|
Recon 08
This exercise covers aliases in TLS certificates
|
< 1 Hr. | |
8396 | |
||||||
|
CVE-2020-8163: Rails local name RCE
This exercise details the exploitation of CVE-2020-8163 to gain code execution
|
1-2 Hr. | |
217 | |
||||||
|
SAML: Known Key
This exercise covers the exploitation of a known key in SAML
|
1-2 Hr. | |
500 | |
||||||
|
Code Review 09
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
245 | |
||||||
|
Recon 04
This exercise covers common interesting directories
|
< 1 Hr. | |
14151 | |
||||||
|
Recon 05
This exercise covers simple directory bruteforcing
|
< 1 Hr. | |
10467 | |
||||||
|
Recon 01
This exercise covers 404 error pages
|
< 1 Hr. | |
18685 | |
||||||
|
OAuth2: Client Server XSS
This exercise covers the exploitation of a Cross-Site Scripting in an OAuth2 Client and Server
|
1-2 Hr. | |
347 | |
||||||
|
Zip symlink
This exercise covers how you can create a malicious Zip file and use it to gain access to sensitive files.
|
< 1 Hr. | |
562 | |
||||||
|
Code Review 08
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
343 | |
||||||
|
SAML: Comment Injection
This exercise covers the exploitation of a comment injection vulnerability in SAML
|
< 1 Hr. | |
1535 | |
||||||
|
Unicode and Downcase
This exercise covers how you can use unicode to gain access to an admin account.
|
< 1 Hr. | |
577 | |
||||||
|
Code Review 07
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
274 | |
||||||
|
Java Serialize 01
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
< 1 Hr. | |
380 | |
||||||
|
Unicode and Uppercase
This exercise covers how you can use unicode to gain access to an admin account.
|
< 1 Hr. | |
646 | |
||||||
|
Code Review 06
This exercise is one of our challenges to help you learn how to review real source code
|
2-4 Hr. | |
223 | |
||||||
|
Cross-Site Leak
This exercise covers how to use Cross-Site Leak to recover sensitive information
|
2-4 Hr. | |
553 | |
||||||
 |
From SQL injection to Shell III: PostgreSQL Edition
SQL Injection
This exercise covers how to gain access to an administration interface using a SQL injection, and how to get command execution using Ghostscript
|
2-4 Hr. | |
242 | |
||||||
 |
OAuth2: Client CSRF II
This exercise covers the exploitation of a CSRF in an OAuth2 Client
|
2-4 Hr. | |
466 | |
||||||
|
XSS Include
XSS
This exercise covers how to use Cross-Site-Scripting Include to leak information
|
< 1 Hr. | |
1273 | |
||||||
|
OAuth2: Client CSRF
This exercise covers the exploitation of a CSRF in an OAuth2 Client
|
< 1 Hr. | |
918 | |
||||||
|
Code Review 05
This exercise is one of our challenges to help you learn how to review real source code
|
2-4 Hr. | |
255 | |
||||||
|
Code Review 04
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
370 | |
||||||
|
JS Prototype Pollution
This exercise covers how to exploit Prototype Pollution against a JavaScript application
|
< 1 Hr. | |
882 | |
||||||
|
OAuth2: Authorization Server CSRF
This exercise covers the exploitation of a CSRF in an OAuth2 Authorization Server
|
1-2 Hr. | |
1068 | |
||||||
|
Code Review 03
This exercise is one of our challenges to help you learn how to review real source code
|
2-4 Hr. | |
286 | |
||||||
|
SSRF in PDF generation
This exercise covers how you can read arbitrary files when an application generates pdfs from provided links
|
< 1 Hr. | |
851 | |
||||||
|
OAuth2: Github HTTP HEAD
This exercise covers the exploitation of the HTTP HEAD issue impacting Github in 2019
|
< 1 Hr. | |
436 | |
||||||
|
SVG XSS
This exercise covers how to use an SVG to trigger a Cross-Site-Scripting
|
< 1 Hr. | |
1732 | |
||||||
|
Apache Pluto RCE
This exercise covers how to gain code execution on Apache Pluto 3.0.0 due to a flaw in the authorization logic
|
< 1 Hr. | |
526 | |
||||||
|
JSON Cross-Site Request Forgery
This exercise details the exploitation of a Cross-Site Request Forgery when JSON is used
|
< 1 Hr. | |
1421 | |
||||||
|
Cross-Site Request Forgery
This exercise details the exploitation of a Cross-Site Request Forgery to gain access to sensitive data
|
< 1 Hr. | |
1494 | |
||||||
|
Code Review 02
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
449 | |
||||||
|
postMessage() IV
This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the Origin and X-Frame-Options is used
|
< 1 Hr. | |
929 | |
||||||
|
Spring Actuators
This exercise covers how you can gain code execution using Spring Actuators when Spring Cloud is used.
|
1-2 Hr. | |
281 | |
||||||
|
postMessage() III
This exercise covers how insecure calls to the JavaScript function postMessage() can be used to trigger a Cross-Site Scripting
|
1-2 Hr. | |
943 | |
||||||
|
postMessage() II
This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the Origin
|
< 1 Hr. | |
1044 | |
||||||
|
PHP phar://
This exercise covers how the PHP phar:// handler can be used to gain code execution using PHP unserialize.
|
< 1 Hr. | |
342 | |
||||||
|
Signing Oracle
This exercise covers how a signing oracle can be used to bypass authorization in place
|
< 1 Hr. | |
802 | |
||||||
|
Length Extension Attack
This exercise covers how to use a length extension attack to exploit a directory traversal vulnerability
|
1-2 Hr. | |
718 | |
||||||
|
JSON Web Encryption
This exercise covers how you can create your own JWE if you have access to the public key used by the server
|
< 1 Hr. | |
514 | |
||||||
|
postMessage()
This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information
|
< 1 Hr. | |
1190 | |
||||||
|
CVE-2019-5418
This exercise details the exploitation of CVE-2019-5418 to get code execution
|
1-2 Hr. | |
486 | |
||||||
|
Cross-Site WebSocket Hijacking
This exercise covers Cross-Site WebSocket Hijacking and how it can be used to gain access to sensitive information
|
< 1 Hr. | |
1062 | |
||||||
|
JWT XII
jwt
This exercise covers how to use the x5u header to bypass an authentication based on JWT.
|
1-2 Hr. | |
659 | |
||||||
|
Cross-Origin Resource Sharing II
This exercise covers Cross-Origin Resource Sharing and how it can be used to get access to sensitive data.
|
< 1 Hr. | |
1012 | |
||||||
|
JWT XI
jwt
This exercise covers how to use the jku header to bypass an authentication based on JWT.
|
1-2 Hr. | |
656 | |
||||||
|
cve-2019-5420 II
This exercise details the exploitation of CVE-2019-5420 to gain code execution
|
1-2 Hr. | |
544 | |
||||||
|
OAuth2: Client OpenRedirect
This exercise covers the exploitation of an OpenRedirect in an OAuth2 Client
|
< 1 Hr. | |
792 | |
||||||
|
CVE-2019-5420
This exercise details the exploitation of CVE-2019-5420 to forge a session as another user
|
2-4 Hr. | |
866 | |
||||||
|
JWT X
jwt
This exercise covers how to use the jku header to bypass an authentication based on JWT.
|
< 1 Hr. | |
742 | |
||||||
|
GraphQL: SQL Injection
This exercise covers how to use introspection and a SQL injection to get access to additional information in GraphQL.
|
1-2 Hr. | |
1377 | |
||||||
|
OAuth2: Authorization Server OpenRedirect
This exercise covers the exploitation of an OpenRedirect in an OAuth2 Authorization Server
|
< 1 Hr. | |
904 | |
||||||
|
JWT IX
jwt
This exercise covers how to use the jku header to bypass an authentication based on JWT.
|
< 1 Hr. | |
864 | |
||||||
|
Gogs RCE II
This exercise covers how to get code execution against the Git self hosted tool: Gogs.
|
< 1 Hr. | |
580 | |
||||||
|
JWT VIII
jwt
This exercise covers how to use the jku header to bypass an authentication based on JWT.
|
1-2 Hr. | |
932 | |
||||||
|
SAML: Signature Stripping
This exercise covers the exploitation of a signature stripping vulnerability in SAML
|
< 1 Hr. | |
1916 | |
||||||
|
GraphQL Introspection
This exercise covers how to use introspection to get access to additional information in GraphQL.
|
< 1 Hr. | |
2229 | |
||||||
|
Gogs RCE
This exercise covers how to get code execution against the Git self hosted tool: Gogs.
|
1-2 Hr. | |
646 | |
||||||
|
Android 07
This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data
|
1-2 Hr. | |
1370 | |
||||||
|
Android 06
This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data
|
< 1 Hr. | |
1603 | |
||||||
|
Android 05
This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data
|
1-2 Hr. | |
1893 | |
||||||
|
Ruby 2.x Universal RCE Deserialization Gadget Chain
This exercise covers how to get code execution by using a Ruby Universal Gadget when an attacker controls the data passed to Marshal.load()
|
< 1 Hr. | |
1352 | |
||||||
|
CVE-2018-10933: LibSSH auth bypass
This exercise covers how to bypass authentication on an SSH server based on libssh to gain a shell on the affected system
|
-- | |
0 | |
||||||
|
Android 04
This exercise will guide you through the process of reversing a simple Android code
|
< 1 Hr. | |
2412 | |
||||||
|
Android 03
This exercise will guide you through the process of extracting simple information from an APK
|
< 1 Hr. | |
3219 | |
||||||
|
From SQL injection to Shell III
SQL Injection
This exercise covers how to gain access to an administration interface using SQL injection followed by how to get command execution using ImageTragick
|
1-2 Hr. | |
1085 | |
||||||
|
Android 02
This exercise will guide you through the process of extracting data from a simple database used by an Android app
|
< 1 Hr. | |
3502 | |
||||||
|
IDOR to Shell
This exercise covers how to get code execution by chaining vulnerabilities in a Ruby-on-Rails application
|
1-2 Hr. | |
1007 | |
||||||
|
Android 01
This exercise will guide you through the process of extracting simple information from an APK
|
< 1 Hr. | |
3810 | |
||||||
|
Introduction to CSP
This exercise details the exploitation of a XSS in a simple web application that uses Content Security Policy
|
< 1 Hr. | |
2402 | |
||||||
|
CVE-2018-11235: Git Submodule RCE
This exercise details the exploitation of a vulnerability in Git Sub
module that can be used to get command execution
|
2-4 Hr. | |
500 | |
||||||
|
Git Information Leak II
This exercise details how to retrieve information from an exposed .git directory on a web server, provided directory listing is disabled
|
< 1 Hr. | |
2511 | |
||||||
|
Git Information Leak
This exercise details how to retrieve information from an exposed .git directory on a web server
|
< 1 Hr. | |
3397 | |
||||||
|
JWT VII
jwt
This exercise covers the exploitation of a website using JWT for session without verifying the signature
|
< 1 Hr. | |
3256 | |
||||||
|
CVE-2016-5386: HTTPoxy/Golang HTTProxy namespace conflict
This exercise covers the exploitation of HTTPoxy against an old version of Golang
|
< 1 Hr. | |
899 | |
||||||
|
Unix 31
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
13753 | |
||||||
|
Unix 30
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
13784 | |
||||||
|
Unix 25
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
14440 | |
||||||
|
Unix 32
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
13729 | |
||||||
|
Unix 34
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
13662 | |
||||||
|
Unix 33
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
13698 | |
||||||
|
Unix 27
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
14259 | |
||||||
|
Unix 29
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
14184 | |
||||||
|
Unix 28
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
14207 | |
||||||
|
Unix 26
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
14346 | |
||||||
|
CBC-MAC II
Crypto
This exercise covers the exploitation of an application using CBC-MAC when an attacker has control over the IV
|
1-2 Hr. | |
1678 | |
||||||
|
JWT VI
jwt
This exercise covers the exploitation of an injection in the kid element of a JWT. This injection can be used to bypass the signature mechanism
|
< 1 Hr. | |
2466 | |
||||||
|
CVE-2018-6574: go get RCE
This exercise covers a remote command execution in Golang's go get command.
|
< 1 Hr. | |
861 | |
||||||
|
Unix 11
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
19309 | |
||||||
|
Unix 12
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
18793 | |
||||||
|
Unix 13
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
17936 | |
||||||
|
Unix 14
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
17500 | |
||||||
|
Unix 15
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
15975 | |
||||||
|
Unix 16
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
15610 | |
||||||
|
Unix 17
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
15838 | |
||||||
|
Unix 18
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
15763 | |
||||||
|
Unix 19
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
15668 | |
||||||
|
Unix 20
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
14705 | |
||||||
|
Unix 21
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
14892 | |
||||||
|
Unix 22
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
14761 | |
||||||
|
Unix 23
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
14529 | |
||||||
|
Unix 24
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
14445 | |
||||||
|
JWT V
jwt
This exercise covers the exploitation of a trivial secret used to sign JWT tokens.
|
< 1 Hr. | |
2946 | |
||||||
|
CVE-2018-0114
jwt
This exercise details
the exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT
|
2-4 Hr. | |
1797 | |
||||||
|
JWT IV
jwt
This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP
|
< 1 Hr. | |
2611 | |
||||||
|
CBC-MAC
Crypto
This exercise covers the exploitation of signature of non-fixed size messages with CBC-MAC
|
1-2 Hr. | |
1639 | |
||||||
|
JWT kid Injection
jwt
This exercise covers the exploitation of an issue in the usage of JWT token
|
1-2 Hr. | |
2825 | |
||||||
|
Code Execution 09
This exercise is one of our challenges on Code Execution
|
< 1 Hr. | |
10546 | |
||||||
|
Server Side Template Injection 02
This exercise is one of our challenges on Server-Side Template Injection
|
< 1 Hr. | |
8309 | |
||||||
|
MongoDB Injection 02
This exercise is one of our challenges on vulnerabilities related to MongoDB
|
1-2 Hr. | |
8318 | |
||||||
|
Authorization 06
This exercise is one of our challenges on Authorisation issues
|
< 1 Hr. | |
14420 | |
||||||
|
Code Execution 08
This exercise is one of our challenges on Code Execution
|
< 1 Hr. | |
10641 | |
||||||
|
Authorization 04
This exercise is one of our challenges on Authorisation issues
|
< 1 Hr. | |
15602 | |
||||||
|
Authorization 05
This exercise is one of our challenges on Authorisation issues
|
< 1 Hr. | |
15025 | |
||||||
|
Command Execution 03
This exercise is one of our challenges on Command Execution
|
< 1 Hr. | |
10994 | |
||||||
|
Server Side Template Injection 01
This exercise is one of our challenges on Server-Side Template Injection
|
< 1 Hr. | |
8300 | |
||||||
|
Code Execution 05
This exercise is one of our challenges on Code Execution
|
< 1 Hr. | |
12130 | |
||||||
|
Code Execution 06
This exercise is one of our challenges on Code Execution
|
< 1 Hr. | |
11870 | |
||||||
|
Code Execution 07
This exercise is one of our challenges on Code Execution
|
< 1 Hr. | |
11617 | |
||||||
|
Introduction to code review
This exercise covers the different ways to perform code review. It also contains a simple application to review to help you get started.
|
-- | |
0 | |
||||||
|
S2-052
This exercise covers the exploitation of the Struts S2-052 vulnerability
|
< 1 Hr. | |
2475 | |
||||||
|
SQL Injection 06
SQL Injection
This exercise is one of our challenges on SQL Injections
|
< 1 Hr. | |
9112 | |
||||||
|
XML Attacks 01
This exercise is one of our challenges on vulnerabilities related to XML processing
|
< 1 Hr. | |
8813 | |
||||||
|
XML Attacks 02
This exercise is one of our challenges on vulnerabilities related to XML processing
|
< 1 Hr. | |
8340 | |
||||||
|
SQL Injection 04
SQL Injection
This exercise is one of our challenges on SQL Injections
|
< 1 Hr. | |
9664 | |
||||||
|
SQL Injection 05
SQL Injection
This exercise is one of our challenges on SQL Injections
|
< 1 Hr. | |
9574 | |
||||||
|
SQL Injection 01
SQL Injection
This exercise is one of our challenges on SQL Injections
|
< 1 Hr. | |
11054 | |
||||||
|
SQL Injection 02
SQL Injection
This exercise is one of our challenges on SQL Injections
|
< 1 Hr. | |
10577 | |
||||||
|
SQL Injection 03
SQL Injection
This exercise is one of our challenges on SQL Injections
|
< 1 Hr. | |
10263 | |
||||||
|
Code Execution 02
This exercise is one of our challenges on Code Execution
|
< 1 Hr. | |
13445 | |
||||||
|
Authorization 03
This exercise is one of our challenges on Authorisation issues
|
< 1 Hr. | |
16569 | |
||||||
|
Command Execution 01
This exercise is one of our challenges on Command Execution
|
< 1 Hr. | |
11475 | |
||||||
|
Command Execution 02
This exercise is one of our challenges on Command Execution
|
< 1 Hr. | |
11121 | |
||||||
|
Server Side Request Forgery 04
This exercise is one of our challenges on Server-Side Request Forgery
|
< 1 Hr. | |
9475 | |
||||||
|
Open Redirect 01
This exercise is one of our challenges on Open Redirect
|
< 1 Hr. | |
9760 | |
||||||
|
Open Redirect 02
This exercise is one of our challenges on Open Redirect
|
< 1 Hr. | |
9446 | |
||||||
|
MongoDB Injection 01
This exercise is one of our challenges on vulnerabilities related to MongoDB
|
< 1 Hr. | |
9853 | |
||||||
|
SAML: Introduction
This exercise covers the exploitation of a signature stripping vulnerability in SAML
|
< 1 Hr. | |
2706 | |
||||||
|
Server Side Request Forgery 02
This exercise is one of our challenges on Server-Side Request Forgery
|
< 1 Hr. | |
9832 | |
||||||
|
Server Side Request Forgery 03
This exercise is one of our challenges on Server-Side Request Forgery
|
< 1 Hr. | |
9770 | |
||||||
|
Server Side Request Forgery 01
This exercise is one of our challenges on Server-Side Request Forgery
|
< 1 Hr. | |
10011 | |
||||||
|
XSS 09
XSS
This exercise is one of our challenges on Cross-Site Scripting
|
< 1 Hr. | |
8890 | |
||||||
|
XSS 10
XSS
This exercise is one of our challenges on Cross-Site Scripting
|
< 1 Hr. | |
8238 | |
||||||
|
Directory Traversal 01
This exercise is one of our challenges on Directory Traversal
|
< 1 Hr. | |
11724 | |
||||||
|
Directory Traversal 02
This exercise is one of our challenges on Directory Traversal
|
< 1 Hr. | |
11484 | |
||||||
|
Directory Traversal 03
This exercise is one of our challenges on Directory Traversal
|
< 1 Hr. | |
11348 | |
||||||
|
XSS 02
XSS
This exercise is one of our challenges on Cross-Site Scripting
|
< 1 Hr. | |
10456 | |
||||||
|
XSS 03
XSS
This exercise is one of our challenges on Cross-Site Scripting
|
< 1 Hr. | |
10082 | |
||||||
|
XSS 04
XSS
This exercise is one of our challenges on Cross-Site Scripting
|
< 1 Hr. | |
9621 | |
||||||
|
XSS 05
XSS
This exercise is one of our challenges on Cross-Site Scripting
|
< 1 Hr. | |
9314 | |
||||||
|
XSS 06
XSS
This exercise is one of our challenges on Cross-Site Scripting
|
< 1 Hr. | |
9272 | |
||||||
|
XSS 07
XSS
This exercise is one of our challenges on Cross-Site Scripting
|
< 1 Hr. | |
9118 | |
||||||
|
XSS 08
XSS
This exercise is one of our challenges on Cross-Site Scripting
|
< 1 Hr. | |
8978 | |
||||||
|
File Upload 01
This exercise is one of our challenges on Upload vulnerabilities
|
< 1 Hr. | |
9088 | |
||||||
|
File Upload 02
This exercise is one of our challenges on Upload vulnerabilities
|
< 1 Hr. | |
8969 | |
||||||
|
XSS 01
XSS
This exercise is one of our challenges on Cross-Site Scripting
|
< 1 Hr. | |
10917 | |
||||||
|
Authentication 05
This exercise is one of our challenges on Authentication issues
|
< 1 Hr. | |
17011 | |
||||||
|
Code Execution 03
This exercise is one of our challenges on Code Execution
|
< 1 Hr. | |
12760 | |
||||||
|
Code Execution 04
This exercise is one of our challenges on Code Execution
|
< 1 Hr. | |
12516 | |
||||||
|
File Include 01
This exercise is one of our challenges on File Include vulnerabilities
|
< 1 Hr. | |
10805 | |
||||||
|
File Include 02
This exercise is one of our challenges on File Include vulnerabilities
|
< 1 Hr. | |
10534 | |
||||||
|
LDAP 01
This exercise is one of our challenges on vulnerabilities related to LDAP
|
< 1 Hr. | |
10467 | |
||||||
|
LDAP 02
This exercise is one of our challenges on vulnerabilities related to LDAP
|
< 1 Hr. | |
10020 | |
||||||
|
Authentication 04
This exercise is one of our challenges on Authentication issues
|
< 1 Hr. | |
17783 | |
||||||
|
Authentication 01
This exercise is one of our challenges on Authentication issues
|
< 1 Hr. | |
19345 | |
||||||
|
Authentication 02
This exercise is one of our challenges on Authentication issues
|
< 1 Hr. | |
18659 | |
||||||
|
Authentication 03
This exercise is one of our challenges on Authentication issues
|
< 1 Hr. | |
18116 | |
||||||
|
Authorization 01
This exercise is one of our challenges on Authorisation issues
|
< 1 Hr. | |
17170 | |
||||||
|
Authorization 02
This exercise is one of our challenges on Authorisation issues
|
< 1 Hr. | |
16847 | |
||||||
|
Code Execution 01
This exercise is one of our challenges on Code Execution
|
< 1 Hr. | |
14280 | |
||||||
|
CVE-2016-10033: PHPMailer RCE
This exercise covers a remote code execution vulnerability in PHPMailer
|
< 1 Hr. | |
3673 | |
||||||
|
Cipher block chaining
Crypto
This exercise details how to tamper with data encrypted using CBC
|
1-2 Hr. | |
2870 | |
||||||
|
Struts s2-045
This exercise covers a Remote Code Execution in Struts 2.
|
< 1 Hr. | |
2715 | |
||||||
|
CVE-2016-2098
This exercise covers a remote code execution vulnerability in Ruby-on-Rails when using render on user-supplied data
|
< 1 Hr. | |
3586 | |
||||||
|
CVE-2014-4511: Gitlist RCE
This exercise explains how you can exploit a vulnerability published in 2014 in Gitlist.
|
< 1 Hr. | |
9 | |
||||||
|
ECDSA
Crypto
This exercise covers the exploitation of a weakness in the usage of ECDSA
|
2-4 Hr. | |
347 | |
||||||
|
Werkzeug DEBUG
This challenge was written for Ruxcon CTF 2015 and cover the Debug mode of Werkzeug/Flask
|
< 1 Hr. | |
1582 | |
||||||
|
Padding Oracle
This exercise covers an attack against CBC mode. This attack can be used to decrypt data and re-encrypt arbitrary data
|
1-2 Hr. | |
824 | |
||||||
|
Unickle
This challenge was written for Ruxcon CTF 2015. It's an SQL injection mixed with a remote code execution.
|
1-2 Hr. | |
662 | |
||||||
|
CVE-2015-3224
This exercise is a challenge written for Nullcon CTF in 2015
|
< 1 Hr. | |
1597 | |
||||||
|
Luhn
This challenge was written for Ruxcon CTF 2015. It's an SQL injection with a twist
|
2-4 Hr. | |
609 | |
||||||
|
CVE-2013-0156: Rails Object Injection
This exercise covers the exploitation of a code execution in Ruby-on-Rails using XML and YAML.
|
< 1 Hr. | |
3940 | |
||||||
|
JWT Algorithm Confusion
jwt
This exercise covers the exploitation of an issue with some implementations of JWT
|
1-2 Hr. | |
3681 | |
||||||
|
CVE-2016-0792
This exercise covers the exploitation of an Xstream vulnerability in Jenkins
|
< 1 Hr. | |
4709 | |
||||||
|
ObjectInputStream
This exercise covers the exploitation of a call to readObject in a Spring application
|
< 1 Hr. | |
4233 | |
||||||
|
XMLDecoder
This exercise covers the exploitation of an application using XMLDecoder
|
< 1 Hr. | |
5276 | |
||||||
|
CVE-2014-1266
This exercise covers how to intercept an HTTPs connection
|
1-2 Hr. | |
1062 | |
||||||
|
CVE-2011-0228
This exercise covers how to intercept an HTTPs connection
|
1-2 Hr. | |
1214 | |
||||||
|
Intercept 03
This exercise covers how to intercept an HTTPs connection with hostname verification.
|
< 1 Hr. | |
1495 | |
||||||
|
Intercept 02
This exercise covers how to intercept an HTTPs connection.
|
< 1 Hr. | |
1649 | |
||||||
|
Intercept 01
This exercise covers how to intercept an HTTP connection.
|
1-2 Hr. | |
1821 | |
||||||
|
Struts devMode
This exercise covers how to get code execution when a Struts application is running in devMode
|
-- | |
0 | |
||||||
|
JSON Web Token None Algorithm
jwt
This exercise covers the exploitation of a signature weakness in a JWT library.
|
< 1 Hr. | |
9893 | |
||||||
|
Cross-Origin Resource Sharing
This exercise covers Cross-Origin Resource Sharing and how it can be used to bypass CSRF protection if it's misconfigured
|
-- | |
0 | |
||||||
|
API to Shell
API
This exercise covers the exploitation of PHP type confusion to bypass a signature and the exploitation of unserialize.
|
2-4 Hr. | |
3413 | |
||||||
|
Pickle Code Execution
This exercise covers the exploitation of Python's pickle when used to deserialize untrusted data
|
< 1 Hr. | |
6309 | |
||||||
|
Play XML Entities
This exercise covers the exploitation of XML entities in the Play framework
|
1-2 Hr. | |
2215 | |
||||||
|
CVE-2014-6271/Shellshock
This exercise covers the exploitation of a Bash vulnerability through a CGI.
|
< 1 Hr. | |
8804 | |
||||||
|
Play Session Injection
This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanism
|
< 1 Hr. | |
2842 | |
||||||
|
CVE-2007-1860: mod_jk double-decoding
This exercise covers the exploitation of CVE-2007-1860. This vulnerability allows an attacker to gain access to inaccessible pages using crafted requests. This is a common trick that a lot of testers miss.
|
1-2 Hr. | |
6003 | |
||||||
|
XSS and MySQL FILE
XSS
This exercise explains how to exploit a Cross-Site Scripting vulnerability to obtain an administrator's cookies, and how you can use their session to gain access to the administration panel, and find a SQL injection to gain code execution
|
-- | |
0 | |
||||||
|
Electronic Code Book
Crypto
This exercise explains how you can tamper with encrypted cookies to access another user's account
|
1-2 Hr. | |
5760 | |
||||||
|
Web for Pentester II
This exercise is a set of the most common web vulnerabilities.
|
-- | |
0 | |
||||||
|
From SQL Injection to Shell II
SQL Injection
This exercise explains how you can, from a blind SQL injection, gain access to the administration console. Then once in the administration console, how you can run commands on the system.
|
1-2 Hr. | |
37 | |
||||||
|
CVE-2012-6081: MoinMoin code execution
This exercise explains how you can exploit CVE-2012-6081 to gain code execution. This vulnerability was exploited to compromise Debian's wiki and Python documentation website
|
-- | |
0 | |
||||||
|
Web for Pentester
This exercise is a set of the most common web vulnerabilities.
|
-- | |
0 | |
||||||
|
Axis2 Web service and Tomcat Manager
This exercise explains the interactions between Tomcat and Apache, then it shows how to call and attack an Axis2 Web service. Using information retrieved from this attack, you will be able to gain access to the Tomcat Manager and deploy a WebShell to gain command execution.
|
-- | |
0 | |
||||||
|
CVE-2008-1930: WordPress Cookie Integrity Flaw
This exercise explains how you can exploit CVE-2008-1930 to gain access to the administration interface of a Wordpress installation.
|
< 1 Hr. | |
17 | |
||||||
|
From SQL Injection to Shell: PostgreSQL edition
SQL Injection
This exercise explains how you can from a SQL injection gain access to the administration console, and from there, how you can run commands on the underlying system
|
< 1 Hr. | |
11 | |
||||||
|
Rack Cookies and Commands injection
After a short brute force introduction, this exercise explains the tampering of rack cookies and how you can even manage to modify a signed cookie (if the secret is trivial). Using this issue, you will be able to escalate your privileges and gain command execution
|
-- | |
0 | |
||||||
|
Linux Host Review
This exercise explains how to perform a Linux host review, what and how you can check the configuration of a Linux server to ensure it is securely configured. The reviewed system is a traditional Linux-Apache-Mysql-PHP (LAMP) server used to host a blog.
|
-- | |
0 | |
||||||
|
CVE-2012-2661: ActiveRecord SQL injection
This exercise explains how you can exploit CVE-2012-2661 to retrieve information from a database
|
-- | |
0 | |
||||||
|
CVE-2012-1823: PHP CGI
This exercise explains how you can exploit CVE-2012-1823 to retrieve the source code of an application and gain code execution.
|
-- | |
0 | |
||||||
|
PHP Include And Post Exploitation
This exercise describes the exploitation of a local file include with limited access. Once code execution is gained, you will see some post exploitation tricks.
|
-- | |
0 | |
||||||
|
From SQL Injection to Shell
SQL Injection
This exercise demonstrates how to leverage a SQL injection to gain access to the admin console, and from there, how to execute commands on the underlying system
|
< 1 Hr. | |
8040 | |
||||||
|
Introduction 01
This exercise will guide through the process of scoring an exercise to mark it as completed
|
< 1 Hr. | |
29266 | |
||||||
|
Introduction 02
This exercise will guide through the process of scoring an exercise to mark it as completed. Finding the key is just a little bit harder than the previous exercise.
|
< 1 Hr. | |
28890 | |
||||||
|
Introduction 03
This exercise will guide through the process of scoring an exercise to mark it as completed. However, this time, you will run commands on the underlying operating system. You will need to run the score command with your UUID.
|
< 1 Hr. | |
28230 | |
||||||
|
Introduction 00
This exercise will guide you through the process of scoring on an exercise to get it marked as completed
|
< 1 Hr. | |
30265 | |
||||||
|
Unix 00
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
25287 | |
||||||
|
Unix 01
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
24660 | |
||||||
|
Unix 02
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
24363 | |
||||||
|
Unix 03
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
24042 | |
||||||
|
Unix 04
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
23711 | |
||||||
|
Unix 05
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
22532 | |
||||||
|
Unix 06
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
21603 | |
||||||
|
Unix 07
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
21222 | |
||||||
|
Unix 08
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
20873 | |
||||||
|
Unix 09
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
20225 | |
||||||
|
Unix 10
This exercise is one of our challenges to help you learn more about Unix/Linux
|
< 1 Hr. | |
19683 | |
||||||
|
PCAP 01
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
7550 | |
||||||
|
PCAP 02
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
7365 | |
||||||
|
PCAP 03
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
7272 | |
||||||
|
PCAP 04
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
7010 | |
||||||
|
PCAP 05
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
6886 | |
||||||
|
PCAP 06
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
6783 | |
||||||
|
PCAP 07
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
6721 | |
||||||
|
PCAP 08
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
6661 | |
||||||
|
PCAP 09
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
6625 | |
||||||
|
PCAP 10
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
6296 | |
||||||
|
PCAP 11
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
6290 | |
||||||
|
PCAP 12
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
6272 | |
||||||
|
PCAP 13
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
6316 | |
||||||
|
PCAP 14
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
6289 | |
||||||
|
PCAP 15
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
6272 | |
||||||
|
PCAP 16
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
6245 | |
||||||
|
PCAP 17
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
6189 | |
||||||
|
PCAP 18
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
6184 | |
||||||
|
PCAP 19
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
6160 | |
||||||
|
PCAP 20
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
6038 | |
||||||
|
PCAP 21
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
5977 | |
||||||
|
PCAP 22
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
5968 | |
||||||
|
PCAP 23
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
5955 | |
||||||
|
PCAP 24
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
5943 | |
||||||
|
PCAP 25
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
5943 | |
||||||
|
PCAP 26
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
5937 | |
||||||
|
PCAP 27
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
5884 | |
||||||
|
PCAP 28
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
5856 | |
||||||
|
PCAP 29
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
5840 | |
||||||
|
PCAP 30
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
5813 | |
||||||
|
PCAP 31
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
5790 | |
||||||
|
PCAP 32
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
5712 | |
||||||
|
PCAP 33
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
5606 | |
||||||
|
PCAP 34
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
5676 | |
||||||
|
PCAP 35
This exercise is one of our challenges to help you learn how to analyze PCAP files
|
< 1 Hr. | |
5753 | |
||||||
|
Android 08
This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data
|
1-2 Hr. | |
1294 | |
||||||
|
Code Review 01
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
698 | |
||||||
|
Recon 00
This exercise covers the robots.txt file
|
< 1 Hr. | |
18709 | |
||||||
|
Recon 02
This exercise covers the security.txt file
|
< 1 Hr. | |
15630 | |
||||||
|
Recon 03
This exercise covers directory listing
|
< 1 Hr. | |
13949 | |
||||||
|
Recon 10
This exercise covers visual content discovery
|
< 1 Hr. | |
5831 | |
||||||
|
Recon 09 | < 1 Hr. | |
8983 | |
||||||
|
Code Review 17
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
231 | |
||||||
|
Java Snippet #01
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1522 | |
||||||
|
Java Snippet #02
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1482 | |
||||||
|
Java Snippet #03
This challenge covers the review of a snippet of code written in Java
|
< 1 Hr. | |
1330 | |
||||||
|
CVE-2021-4xx50
This challenge covers the review of a CVE and its patch
|
< 1 Hr. | |
651 | |
||||||
| No search results found... | |||||||||||