Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
From SQL injection to Shell III: PostgreSQL Edition
SQL Injection
This exercise covers how to gain access to an administration interface using a SQL injection, and how to get command execution using Ghostscript
|
2-4 Hr. |  |
251 | PRO |
|
OAuth2: Client CSRF II
This exercise covers the exploitation of a CSRF in an OAuth2 Client
|
2-4 Hr. | |
494 | PRO |
|
|
OAuth2: Client CSRF
This exercise covers the exploitation of a CSRF in an OAuth2 Client
|
< 1 Hr. | |
966 | PRO |
|
SVG XSS
This exercise covers how to use an SVG to trigger a Cross-Site-Scripting
|
< 1 Hr. | |
1827 | PRO |
|
Apache Pluto RCE
This exercise covers how to gain code execution on Apache Pluto 3.0.0 due to a flaw in the authorization logic
|
< 1 Hr. | |
556 | PRO |
|
|
JSON Cross-Site Request Forgery
This exercise details the exploitation of a Cross-Site Request Forgery when JSON is used
|
< 1 Hr. | |
1491 | PRO |
|
|
Cross-Site Request Forgery
This exercise details the exploitation of a Cross-Site Request Forgery to gain access to sensitive data
|
< 1 Hr. | |
1551 | PRO |
|
Code Review 02
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
562 | PRO |
|
postMessage() IV
This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the Origin and X-Frame-Options is used
|
< 1 Hr. | |
981 | PRO |
|
|
Code Review 01
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
814 | PRO |
|
|
Spring Actuators
This exercise covers how you can gain code execution using Spring Actuators when Spring Cloud is used.
|
1-2 Hr. | |
297 | PRO |
|
|
postMessage() III
This exercise covers how insecure calls to the JavaScript function postMessage() can be used to trigger a Cross-Site Scripting
|
< 1 Hr. | |
996 | PRO |
|
|
postMessage() II
This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the Origin
|
< 1 Hr. | |
1104 | PRO |
|
|
PHP phar://
This exercise covers how the PHP phar:// handler can be used to gain code execution using PHP unserialize.
|
< 1 Hr. | |
360 | PRO |
|
|
JSON Web Encryption
This exercise covers how you can create your own JWE if you have access to the public key used by the server
|
< 1 Hr. | |
543 | PRO |
|
|
postMessage()
This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information
|
< 1 Hr. | |
1260 | PRO |
|
|
Cross-Site WebSocket Hijacking
This exercise covers Cross-Site WebSocket Hijacking and how it can be used to gain access to sensitive information
|
< 1 Hr. | |
1108 | PRO |
|
|
Cross-Origin Resource Sharing II
This exercise covers Cross-Origin Resource Sharing and how it can be used to get access to sensitive data.
|
< 1 Hr. | |
1048 | PRO |
|
|
OAuth2: Client OpenRedirect
This exercise covers the exploitation of an OpenRedirect in an OAuth2 Client
|
< 1 Hr. | |
839 | PRO |
|
|
CVE-2019-5420
This exercise details the exploitation of CVE-2019-5420 to forge a session as another user
|
2-4 Hr. | |
921 | PRO |
|
|
GraphQL: SQL Injection
This exercise covers how to use introspection and a SQL injection to get access to additional information in GraphQL.
|
1-2 Hr. | |
1479 | PRO |
|
|
OAuth2: Authorization Server OpenRedirect
This exercise covers the exploitation of an OpenRedirect in an OAuth2 Authorization Server
|
< 1 Hr. | |
949 | PRO |
|
|
SAML: Signature Stripping
This exercise covers the exploitation of a signature stripping vulnerability in SAML
|
< 1 Hr. | |
2056 | PRO |
|
|
Android 05
This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data
|
1-2 Hr. | |
2010 | PRO |
|
|
Ruby 2.x Universal RCE Deserialization Gadget Chain
This exercise covers how to get code execution by using a Ruby Universal Gadget when an attacker controls the data passed to Marshal.load()
|
< 1 Hr. | |
1425 | PRO |
|
|
CVE-2018-10933: LibSSH auth bypass
This exercise covers how to bypass authentication on an SSH server based on libssh to gain a shell on the affected system
|
-- | |
0 | FREE |
|
|
Android 04
This exercise will guide you through the process of reversing a simple Android code
|
< 1 Hr. | |
2548 | PRO |
|
|
Android 03
This exercise will guide you through the process of extracting simple information from an APK
|
< 1 Hr. | |
3378 | PRO |
|
|
Introduction to CSP
This exercise details the exploitation of a XSS in a simple web application that uses Content Security Policy
|
< 1 Hr. | |
2495 | PRO |
|
|
Git Information Leak II
This exercise details how to retrieve information from an exposed .git directory on a web server, provided directory listing is disabled
|
< 1 Hr. | |
2631 | PRO |
Showing 151–180 of 250 exercises
Free Labs of the Month
