Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
OAuth2: Authorization Server OpenRedirect
This exercise covers the exploitation of an OpenRedirect in an OAuth2 Authorization Server
|
< 1 Hr. |  |
957 | PRO |
|
|
SAML: Signature Stripping
This exercise covers the exploitation of a signature stripping vulnerability in SAML
|
< 1 Hr. | |
2104 | PRO |
|
|
Android 05
This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data
|
1-2 Hr. | |
2018 | PRO |
|
|
Ruby 2.x Universal RCE Deserialization Gadget Chain
This exercise covers how to get code execution by using a Ruby Universal Gadget when an attacker controls the data passed to Marshal.load()
|
< 1 Hr. | |
1425 | PRO |
|
|
Android 04
This exercise will guide you through the process of reversing a simple Android code
|
< 1 Hr. | |
2558 | PRO |
|
|
Android 03
This exercise will guide you through the process of extracting simple information from an APK
|
< 1 Hr. | |
3390 | PRO |
|
|
JWT V
JWT
This exercise covers the exploitation of a trivial secret used to sign JWT tokens.
|
< 1 Hr. | |
3146 | PRO |
|
|
JWT IV
JWT
This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP
|
< 1 Hr. | |
2742 | PRO |
|
CVE-2016-10033: PHPMailer RCE
This exercise covers a remote code execution vulnerability in PHPMailer
|
< 1 Hr. | |
3810 | PRO |
|
|
Cipher block chaining
Crypto
This exercise details how to tamper with data encrypted using CBC
|
1-2 Hr. | |
2986 | PRO |
|
|
Struts s2-045
This exercise covers a Remote Code Execution in Struts 2.
|
< 1 Hr. | |
2826 | PRO |
|
|
CVE-2016-2098
This exercise covers a remote code execution vulnerability in Ruby-on-Rails when using render on user-supplied data
|
< 1 Hr. | |
3721 | PRO |
|
|
Werkzeug DEBUG
This challenge was written for Ruxcon CTF 2015 and cover the Debug mode of Werkzeug/Flask
|
< 1 Hr. | |
1620 | PRO |
|
|
CVE-2015-3224
This exercise is a challenge written for Nullcon CTF in 2015
|
< 1 Hr. | |
1634 | PRO |
|
|
CVE-2013-0156: Rails Object Injection
This exercise covers the exploitation of a code execution in Ruby-on-Rails using XML and YAML.
|
< 1 Hr. | |
4060 | PRO |
|
|
JWT Algorithm Confusion
JWT
This exercise covers the exploitation of an issue with some implementations of JWT
|
1-2 Hr. | |
3856 | PRO |
|
|
CVE-2016-0792
This exercise covers the exploitation of an Xstream vulnerability in Jenkins
|
< 1 Hr. | |
4870 | PRO |
|
|
ObjectInputStream
This exercise covers the exploitation of a call to readObject in a Spring application
|
< 1 Hr. | |
4367 | PRO |
|
|
XMLDecoder
This exercise covers the exploitation of an application using XMLDecoder
|
< 1 Hr. | |
5459 | PRO |
|
|
Intercept 03
This exercise covers how to intercept an HTTPs connection with hostname verification.
|
< 1 Hr. | |
1514 | PRO |
|
|
Intercept 02
This exercise covers how to intercept an HTTPs connection.
|
< 1 Hr. | |
1667 | PRO |
|
|
Struts devMode
This exercise covers how to get code execution when a Struts application is running in devMode
|
-- | |
0 | PRO |
|
|
Cross-Origin Resource Sharing
This exercise covers Cross-Origin Resource Sharing and how it can be used to bypass CSRF protection if it's misconfigured
|
-- | |
0 | PRO |
|
|
Pickle Code Execution
This exercise covers the exploitation of Python's pickle when used to deserialize untrusted data
|
< 1 Hr. | |
6505 | PRO |
Showing 31–54 of 54 exercises
Free Labs of the Month
