Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
API 02
API
This exercise is the API version of an exercise you already solved in another badge. You should use it to get more confident with discovering vulnerabilities without any hint on what to look for.
|
< 1 Hr. |  |
3010 | PRO |
|
HTTP 10
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3832 | PRO |
|
|
HTTP 07
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
4035 | PRO |
|
|
HTTP 06
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
4124 | PRO |
|
|
HTTP 08
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
4024 | PRO |
|
|
HTTP 03
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
4474 | PRO |
|
|
HTTP 04
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
4319 | PRO |
|
|
HTTP 05
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
4236 | PRO |
|
|
HTTP 01
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
4964 | PRO |
|
|
API 01
API
This exercise is the API version of an exercise you already solved in the Essential Badge. You should use it to get more confident with discovering vulnerabilities without any hint on what to look for.
|
< 1 Hr. | |
3518 | PRO |
|
Recon 25
In this challenge, you need to look for a file named key2.txt in the place used to serve the assets for the main website
|
1-2 Hr. | |
3216 | FREE |
|
Code Review 16
This exercise is one of our challenges to help you learn how to review real source code
|
< 1 Hr. | |
434 | PRO |
|
|
Recon 20
In this challenge, you need to look at the branches in repo3
|
< 1 Hr. | |
5316 | FREE |
|
|
Recon 21
In this challenge, you need to look at the information in the branches for repo4
|
< 1 Hr. | |
5194 | FREE |
|
|
Recon 23
In this challenge, you need to look for sensitive information in commit messages
|
< 1 Hr. | |
4975 | FREE |
|
|
Recon 13
In this challenge, you need to find the TXT record linked to key.z.hackycorp.com
|
< 1 Hr. | |
6617 | FREE |
|
|
Recon 14
In this challenge, you need to find a TXT record by doing a zone transfer on z.hackycorp.com
|
< 1 Hr. | |
5933 | FREE |
|
|
Recon 15
In this challenge, you need to find a TXT record by doing a zone transfer on the internal zone "int"
|
< 1 Hr. | |
5400 | FREE |
|
|
Recon 11 | < 1 Hr. | |
6035 | FREE |
|
|
Recon 12 | < 1 Hr. | |
6592 | FREE |
|
|
Recon 06
This exercise covers default vhost
|
< 1 Hr. | |
11758 | FREE |
|
|
Recon 07
This exercise covers default TLS vhost
|
< 1 Hr. | |
10681 | FREE |
|
|
Recon 09 | < 1 Hr. | |
10321 | FREE |
|
|
Code Review 08
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
440 | PRO |
|
|
Recon 00
This exercise covers the robots.txt file
|
< 1 Hr. | |
21503 | FREE |
|
|
Recon 02
This exercise covers the security.txt file
|
< 1 Hr. | |
18124 | FREE |
|
|
Recon 03
This exercise covers directory listing
|
< 1 Hr. | |
16265 | FREE |
|
Java Serialize 01
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
< 1 Hr. | |
428 | PRO |
|
XSS Include
XSS
This exercise covers how to use Cross-Site-Scripting Include to leak information
|
< 1 Hr. | |
1365 | PRO |
|
|
JS Prototype Pollution
This exercise covers how to exploit Prototype Pollution against a JavaScript application
|
< 1 Hr. | |
943 | PRO |
Showing 121–150 of 266 exercises
Free Labs of the Month
