Exercises

In this challenge, you need to look for a key in the JavaScript used by the website

In this challenge, you need to look for a file named key.txt in the place used to serve the assets for the main website

In this challenge, you need to look in repo9 for deleted files

In this challenge, you need to look at the email addresses used for commits in the repository repo7

In this challenge, you need to look at the public repository of the developers in the organisation

In this challenge, you need to look at the name of the developer used in the repository test1

In this challenge, you need to find the version of Bind used

This exercise covers aliases in TLS certificates

This exercise covers simple directory bruteforcing

This exercise covers common interesting directories

This exercise covers 404 error pages

This exercise covers visual content discovery

This exercise covers how to bypass authentication on an SSH server based on libssh to gain a shell on the affected system

This exercise explains how you can exploit a vulnerability published in 2014 in Gitlist.

This exercise covers an attack against CBC mode. This attack can be used to decrypt data and re-encrypt arbitrary data

This exercise covers the exploitation of XML entities in the Play framework

This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanism

This exercise covers the exploitation of CVE-2007-1860. This vulnerability allows an attacker to gain access to inaccessible pages using crafted requests. This is a common trick that a lot of testers miss.

This exercise explains how to exploit a Cross-Site Scripting vulnerability to obtain an administrator's cookies, and how you can use their session to gain access to the administration panel, and find a SQL injection to gain code execution

This exercise explains how you can tamper with encrypted cookies to access another user's account

This exercise explains how you can, from a blind SQL injection, gain access to the administration console. Then once in the administration console, how you can run commands on the system.

This exercise explains the interactions between Tomcat and Apache, then it shows how to call and attack an Axis2 Web service. Using information retrieved from this attack, you will be able to gain access to the Tomcat Manager and deploy a WebShell to gain command execution.

This exercise explains how you can exploit CVE-2008-1930 to gain access to the administration interface of a Wordpress installation.

This exercise explains how you can from a SQL injection gain access to the administration console, and from there, how you can run commands on the underlying system

This exercise explains how you can exploit CVE-2012-1823 to retrieve the source code of an application and gain code execution.

This exercise describes the exploitation of a local file include with limited access. Once code execution is gained, you will see some post exploitation tricks.

This exercise demonstrates how to leverage a SQL injection to gain access to the admin console, and from there, how to execute commands on the underlying system