Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
MongoDB Injection 02
This exercise is one of our challenges on vulnerabilities related to MongoDB
|
1-2 Hr. |  |
8628 | PRO |
|
|
ECDSA
Crypto
This exercise covers the exploitation of a weakness in the usage of ECDSA
|
2-4 Hr. | |
362 | PRO |
|
|
Unickle
This challenge was written for Ruxcon CTF 2015. It's an SQL injection mixed with a remote code execution.
|
1-2 Hr. | |
670 | PRO |
|
|
Luhn
This challenge was written for Ruxcon CTF 2015. It's an SQL injection with a twist
|
2-4 Hr. | |
627 | PRO |
|
|
CVE-2014-1266
This exercise covers how to intercept an HTTPs connection
|
1-2 Hr. | |
1078 | PRO |
|
|
CVE-2011-0228
This exercise covers how to intercept an HTTPs connection
|
1-2 Hr. | |
1231 | PRO |
|
API to Shell
API
This exercise covers the exploitation of PHP type confusion to bypass a signature and the exploitation of unserialize.
|
2-4 Hr. | |
3513 | PRO |
|
CVE-2012-6081: MoinMoin code execution
This exercise explains how you can exploit CVE-2012-6081 to gain code execution. This vulnerability was exploited to compromise Debian's wiki and Python documentation website
|
-- | |
0 | FREE |
|
|
Rack Cookies and Commands injection
After a short brute force introduction, this exercise explains the tampering of rack cookies and how you can even manage to modify a signed cookie (if the secret is trivial). Using this issue, you will be able to escalate your privileges and gain command execution
|
-- | |
1 | FREE |
|
|
Linux Host Review
This exercise explains how to perform a Linux host review, what and how you can check the configuration of a Linux server to ensure it is securely configured. The reviewed system is a traditional Linux-Apache-Mysql-PHP (LAMP) server used to host a blog.
|
-- | |
1 | FREE |
|
|
CVE-2012-2661: ActiveRecord SQL injection
This exercise explains how you can exploit CVE-2012-2661 to retrieve information from a database
|
-- | |
0 | FREE |
Showing 61–71 of 71 exercises
Free Labs of the Month
