Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
OAuth2: Authorization Server OpenRedirect
This exercise covers the exploitation of an OpenRedirect in an OAuth2 Authorization Server
|
< 1 Hr. |  |
949 | PRO |
|
|
SAML: Signature Stripping
This exercise covers the exploitation of a signature stripping vulnerability in SAML
|
< 1 Hr. | |
2056 | PRO |
|
|
Android 05
This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data
|
1-2 Hr. | |
2010 | PRO |
|
|
Ruby 2.x Universal RCE Deserialization Gadget Chain
This exercise covers how to get code execution by using a Ruby Universal Gadget when an attacker controls the data passed to Marshal.load()
|
< 1 Hr. | |
1425 | PRO |
|
|
Android 04
This exercise will guide you through the process of reversing a simple Android code
|
< 1 Hr. | |
2548 | PRO |
|
|
Android 03
This exercise will guide you through the process of extracting simple information from an APK
|
< 1 Hr. | |
3378 | PRO |
|
|
JWT V
JWT
This exercise covers the exploitation of a trivial secret used to sign JWT tokens.
|
< 1 Hr. | |
3067 | PRO |
|
|
JWT IV
JWT
This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP
|
< 1 Hr. | |
2736 | PRO |
|
CVE-2016-10033: PHPMailer RCE
This exercise covers a remote code execution vulnerability in PHPMailer
|
< 1 Hr. | |
3801 | PRO |
|
|
Cipher block chaining
Crypto
This exercise details how to tamper with data encrypted using CBC
|
1-2 Hr. | |
2977 | PRO |
|
|
Struts s2-045
This exercise covers a Remote Code Execution in Struts 2.
|
< 1 Hr. | |
2819 | PRO |
|
|
CVE-2016-2098
This exercise covers a remote code execution vulnerability in Ruby-on-Rails when using render on user-supplied data
|
< 1 Hr. | |
3714 | PRO |
|
|
Werkzeug DEBUG
This challenge was written for Ruxcon CTF 2015 and cover the Debug mode of Werkzeug/Flask
|
< 1 Hr. | |
1619 | PRO |
|
|
CVE-2015-3224
This exercise is a challenge written for Nullcon CTF in 2015
|
< 1 Hr. | |
1632 | PRO |
|
|
CVE-2013-0156: Rails Object Injection
This exercise covers the exploitation of a code execution in Ruby-on-Rails using XML and YAML.
|
< 1 Hr. | |
4022 | PRO |
|
|
JWT Algorithm Confusion
JWT
This exercise covers the exploitation of an issue with some implementations of JWT
|
1-2 Hr. | |
3845 | PRO |
|
|
CVE-2016-0792
This exercise covers the exploitation of an Xstream vulnerability in Jenkins
|
< 1 Hr. | |
4860 | PRO |
|
|
ObjectInputStream
This exercise covers the exploitation of a call to readObject in a Spring application
|
< 1 Hr. | |
4358 | PRO |
|
|
XMLDecoder
This exercise covers the exploitation of an application using XMLDecoder
|
< 1 Hr. | |
5447 | PRO |
|
|
Intercept 03
This exercise covers how to intercept an HTTPs connection with hostname verification.
|
< 1 Hr. | |
1514 | PRO |
|
|
Intercept 02
This exercise covers how to intercept an HTTPs connection.
|
< 1 Hr. | |
1667 | PRO |
|
|
Struts devMode
This exercise covers how to get code execution when a Struts application is running in devMode
|
-- | |
0 | PRO |
|
|
Cross-Origin Resource Sharing
This exercise covers Cross-Origin Resource Sharing and how it can be used to bypass CSRF protection if it's misconfigured
|
-- | |
0 | PRO |
|
|
Pickle Code Execution
This exercise covers the exploitation of Python's pickle when used to deserialize untrusted data
|
< 1 Hr. | |
6491 | PRO |
Showing 31–54 of 54 exercises
Free Labs of the Month
