Exercises

This exercise covers how to get code execution by using a Ruby Universal Gadget when an attacker controls the data passed to Marshal.load()

This exercise will guide you through the process of reversing a simple Android code

This exercise will guide you through the process of extracting simple information from an APK

This exercise covers how to gain access to an administration interface using SQL injection followed by how to get command execution using ImageTragick

This exercise covers how to get code execution by chaining vulnerabilities in a Ruby-on-Rails application

This exercise will guide you through the process of extracting simple information from an APK

This exercise covers the exploitation of a trivial secret used to sign JWT tokens.

This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP

This exercise covers the exploitation of a signature stripping vulnerability in SAML

This exercise covers a remote code execution vulnerability in PHPMailer

This exercise details how to tamper with data encrypted using CBC

This exercise covers a Remote Code Execution in Struts 2.

This exercise covers a remote code execution vulnerability in Ruby-on-Rails when using render on user-supplied data

This exercise covers the exploitation of a weakness in the usage of ECDSA

This challenge was written for Ruxcon CTF 2015 and cover the Debug mode of Werkzeug/Flask

This challenge was written for Ruxcon CTF 2015. It's an SQL injection mixed with a remote code execution.

This challenge was written for Ruxcon CTF 2015. It's an SQL injection with a twist

This exercise is a challenge written for Nullcon CTF in 2015

This exercise will guide you through the process of scoring on an exercise to get it marked as completed

This exercise will guide through the process of scoring an exercise to mark it as completed. However, this time, you will run commands on the underlying operating system. You will need to run the score command with your UUID.

This exercise will guide through the process of scoring an exercise to mark it as completed. Finding the key is just a little bit harder than the previous exercise.

This exercise will guide through the process of scoring an exercise to mark it as completed

This exercise covers the exploitation of a code execution in Ruby-on-Rails using XML and YAML.

This exercise covers the exploitation of an issue with some implementations of JWT

This exercise covers the exploitation of an Xstream vulnerability in Jenkins

This exercise covers the exploitation of a call to readObject in a Spring application

This exercise covers the exploitation of an application using XMLDecoder

This exercise covers how to intercept an HTTPs connection

This exercise covers how to intercept an HTTPs connection

This exercise covers how to intercept an HTTPs connection with hostname verification.