Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
Latex: --shell-escape
This exercise covers how one can leverage latex when pdflatex is used with the --shell-escape option to gain command execution.
|
< 1 Hr. |  |
21 | PRO |
|
CVE-2022-24720
This exercise covers how one can leverage image processing in ActiveStorage to gain command execution.
|
1-2 Hr. | |
15 | PRO |
|
|
CVE-2024-47081 | < 1 Hr. | |
21 | PRO |
|
|
UUIDv1 IDOR | 1-2 Hr. | |
170 | PRO |
|
API Mass-Assignment 03 | < 1 Hr. | |
368 | PRO |
|
|
API Mass-Assignment 02 | < 1 Hr. | |
400 | PRO |
|
|
API Mass-Assignment 01 | < 1 Hr. | |
425 | PRO |
|
|
Mongo IDOR III | < 1 Hr. | |
200 | PRO |
|
|
API 18
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
497 | PRO |
|
|
API 19
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
486 | PRO |
|
|
API 20
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
466 | PRO |
|
|
API 16
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
438 | PRO |
|
|
API 17
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
408 | PRO |
|
|
ORM LEAK: SQLite
This exercise covers how to exploit an ORM leak vulnerability
|
1-2 Hr. | |
121 | PRO |
|
|
ORM LEAK 02
This exercise covers how to exploit an ORM leak vulnerability
|
< 1 Hr. | |
192 | PRO |
|
|
ORM LEAK 01
This exercise covers how to exploit a simple ORM leak.
|
1-2 Hr. | |
232 | PRO |
|
|
API 14
This exercise covers how to exploit a leaked encrypted password with an API.
|
< 1 Hr. | |
656 | PRO |
|
|
API 11
This exercise covers a common filter bypass in API.
|
< 1 Hr. | |
675 | PRO |
|
|
API 12
This exercise covers a common filter bypass in API.
|
< 1 Hr. | |
639 | PRO |
|
|
API 10
This exercise covers a common filter bypass in API.
|
< 1 Hr. | |
739 | PRO |
|
|
API 09
This exercise covers how one can inspect HTTP responses to identify information leaks.
|
< 1 Hr. | |
875 | PRO |
|
|
Java Serialize 05
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
2-4 Hr. | |
63 | PRO |
|
|
Java Serialize 04
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
1-2 Hr. | |
100 | PRO |
|
|
Cache Poisoning 01
This exercise details how to exploit an application vulnerable to cache poisoning
|
< 1 Hr. | |
127 | PRO |
|
|
Cache Deception 02
This exercise details how to exploit an application vulnerable to cache deception
|
< 1 Hr. | |
125 | PRO |
|
CVE-2022-XX910
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
128 | PRO |
|
|
Cache Deception 01
This exercise details how to exploit an application vulnerable to cache deception
|
< 1 Hr. | |
151 | PRO |
|
|
Java Serialize 03
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
< 1 Hr. | |
141 | PRO |
|
|
Java Serialize 02
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
< 1 Hr. | |
170 | PRO |
|
|
CVE-2022-X41X9
This challenge covers the review of a CVE in a Java codebase and its patch
|
< 1 Hr. | |
138 | PRO |
Showing 1–30 of 250 exercises
Free Labs of the Month
