Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
OAuth2: Predictable State II
This exercise covers the exploitation of a predictable state in an OAuth2 Client
|
1-2 Hr. |  |
278 | PRO |
|
Code Review 11
This exercise is one of our challenges to help you learn how to review real source code
|
2-4 Hr. | |
366 | PRO |
|
|
OAuth2: Predictable State
This exercise covers the exploitation of a predictable state in an OAuth2 Client
|
2-4 Hr. | |
300 | PRO |
|
CVE-2020-8163: Rails local name RCE
This exercise details the exploitation of CVE-2020-8163 to gain code execution
|
1-2 Hr. | |
228 | PRO |
|
|
Code Review 09
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
406 | PRO |
|
OAuth2: Client Server XSS
This exercise covers the exploitation of a Cross-Site Scripting in an OAuth2 Client and Server
|
1-2 Hr. | |
379 | PRO |
|
|
Code Review 07
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
435 | PRO |
|
|
Cross-Site Leak
This exercise covers how to use Cross-Site Leak to recover sensitive information
|
2-4 Hr. | |
589 | PRO |
|
|
Code Review 05
This exercise is one of our challenges to help you learn how to review real source code
|
2-4 Hr. | |
425 | PRO |
|
|
Code Review 04
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
542 | PRO |
|
|
Code Review 03
This exercise is one of our challenges to help you learn how to review real source code
|
2-4 Hr. | |
466 | PRO |
|
|
OAuth2: Github HTTP HEAD
This exercise covers the exploitation of the HTTP HEAD issue impacting Github in 2019
|
< 1 Hr. | |
463 | PRO |
|
|
Length Extension Attack
This exercise covers how to use a length extension attack to exploit a directory traversal vulnerability
|
1-2 Hr. | |
774 | PRO |
|
|
CVE-2019-5418
This exercise details the exploitation of CVE-2019-5418 to get code execution
|
1-2 Hr. | |
515 | PRO |
|
|
JWT XII
JWT
This exercise covers how to use the x5u header to bypass an authentication based on JWT.
|
1-2 Hr. | |
697 | PRO |
|
|
JWT XI
JWT
This exercise covers how to use the jku header to bypass an authentication based on JWT.
|
1-2 Hr. | |
690 | PRO |
|
|
cve-2019-5420 II
This exercise details the exploitation of CVE-2019-5420 to gain code execution
|
1-2 Hr. | |
575 | PRO |
|
|
JWT X
JWT
This exercise covers how to use the jku header to bypass an authentication based on JWT.
|
< 1 Hr. | |
785 | PRO |
|
|
JWT IX
JWT
This exercise covers how to use the jku header to bypass an authentication based on JWT.
|
< 1 Hr. | |
911 | PRO |
|
|
Gogs RCE II
This exercise covers how to get code execution against the Git self hosted tool: Gogs.
|
< 1 Hr. | |
611 | PRO |
|
|
JWT VIII
JWT
This exercise covers how to use the jku header to bypass an authentication based on JWT.
|
1-2 Hr. | |
989 | PRO |
|
|
Gogs RCE
This exercise covers how to get code execution against the Git self hosted tool: Gogs.
|
1-2 Hr. | |
683 | PRO |
|
|
Android 07
This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data
|
1-2 Hr. | |
1473 | PRO |
|
|
Android 08
This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data
|
1-2 Hr. | |
1396 | PRO |
|
|
Android 06
This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data
|
< 1 Hr. | |
1718 | PRO |
|
From SQL injection to Shell III
SQL Injection
This exercise covers how to gain access to an administration interface using SQL injection followed by how to get command execution using ImageTragick
|
1-2 Hr. | |
1140 | PRO |
|
|
IDOR to Shell
This exercise covers how to get code execution by chaining vulnerabilities in a Ruby-on-Rails application
|
1-2 Hr. | |
1076 | PRO |
|
|
CVE-2018-11235: Git Submodule RCE
This exercise details the exploitation of a vulnerability in Git Sub
module that can be used to get command execution
|
2-4 Hr. | |
529 | PRO |
|
|
CVE-2018-0114
JWT
This exercise details
the exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT
|
2-4 Hr. | |
1908 | PRO |
|
|
CBC-MAC
Crypto
This exercise covers the exploitation of signature of non-fixed size messages with CBC-MAC
|
1-2 Hr. | |
1735 | PRO |
Showing 31–60 of 71 exercises
Free Labs of the Month
