Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
CVE-2026-24895: FrankenPHP Path Confusion RCE using Unicode | 1-2 Hr. |  |
3 | PRO |
|
|
CVE-2022-24720
This exercise covers how one can leverage image processing in ActiveStorage to gain command execution.
|
1-2 Hr. |  |
15 | PRO |
|
|
CVE-2024-47081 | < 1 Hr. | |
21 | PRO |
|
|
SAML: CVE-2025-25291
This exercise covers the exploitation of CVE-2025-25291 (impacting ruby-saml)
|
2-4 Hr. | |
11 | PRO |
|
|
SAML: CVE-2025-29775 Signed Metadata
This exercise covers the exploitation of CVE-2025-29775 (impacting xml-crypto) without XMLResponse
|
2-4 Hr. | |
8 | PRO |
|
|
SAML: CVE-2025-29775
This exercise covers the exploitation of CVE-2025-29775 (impacting xml-crypto)
|
1-2 Hr. | |
16 | PRO |
|
|
SAML: CVE-2021-21239
This exercise covers the exploitation of CVE-2021-21239 (PySAML2)
|
1-2 Hr. | |
117 | PRO |
|
|
CVE-2022-21449
JWT
This exercise covers the exploitation of CVE-2022-21449 against a Java Application relying on JWT
|
< 1 Hr. | |
169 | PRO |
|
|
Gogs RCE II
This exercise covers how to get code execution against the Git self hosted tool: Gogs.
|
< 1 Hr. | |
609 | PRO |
|
|
Gogs RCE
This exercise covers how to get code execution against the Git self hosted tool: Gogs.
|
1-2 Hr. | |
681 | PRO |
|
|
CVE-2016-10033: PHPMailer RCE
This exercise covers a remote code execution vulnerability in PHPMailer
|
< 1 Hr. | |
3801 | PRO |
|
|
CVE-2016-2098
This exercise covers a remote code execution vulnerability in Ruby-on-Rails when using render on user-supplied data
|
< 1 Hr. | |
3714 | PRO |
|
|
CVE-2015-3224
This exercise is a challenge written for Nullcon CTF in 2015
|
< 1 Hr. | |
1632 | PRO |
|
|
CVE-2013-0156: Rails Object Injection
This exercise covers the exploitation of a code execution in Ruby-on-Rails using XML and YAML.
|
< 1 Hr. | |
4022 | PRO |
|
|
CVE-2016-0792
This exercise covers the exploitation of an Xstream vulnerability in Jenkins
|
< 1 Hr. | |
4860 | PRO |
Showing 1–15 of 15 exercises
Free Labs of the Month
