Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
Recon 09 | < 1 Hr. |  |
10321 | FREE |
|
CVE-2020-8163: Rails local name RCE
This exercise details the exploitation of CVE-2020-8163 to gain code execution
|
1-2 Hr. |  |
227 | PRO |
|
SAML: Known Key
This exercise covers the exploitation of a known key in SAML
|
1-2 Hr. |  |
530 | PRO |
|
Code Review 09
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
330 | PRO |
|
|
Recon 04
This exercise covers common interesting directories
|
< 1 Hr. | |
16401 | FREE |
|
|
Recon 05
This exercise covers simple directory bruteforcing
|
< 1 Hr. | |
12025 | FREE |
|
|
Recon 01
This exercise covers 404 error pages
|
< 1 Hr. | |
21536 | FREE |
|
OAuth2: Client Server XSS
This exercise covers the exploitation of a Cross-Site Scripting in an OAuth2 Client and Server
|
1-2 Hr. | |
378 | PRO |
|
|
Zip symlink
This exercise covers how you can create a malicious Zip file and use it to gain access to sensitive files.
|
< 1 Hr. | |
595 | PRO |
|
|
Code Review 08
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
440 | PRO |
|
|
SAML: Comment Injection
This exercise covers the exploitation of a comment injection vulnerability in SAML
|
< 1 Hr. | |
1703 | PRO |
|
|
Unicode and Downcase
This exercise covers how you can use unicode to gain access to an admin account.
|
< 1 Hr. | |
604 | PRO |
|
|
Code Review 07
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
358 | PRO |
|
|
Recon 10
This exercise covers visual content discovery
|
< 1 Hr. | |
6610 | FREE |
|
|
Recon 00
This exercise covers the robots.txt file
|
< 1 Hr. | |
21503 | FREE |
|
|
Recon 02
This exercise covers the security.txt file
|
< 1 Hr. | |
18124 | FREE |
|
|
Recon 03
This exercise covers directory listing
|
< 1 Hr. | |
16265 | FREE |
|
|
Java Serialize 01
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
< 1 Hr. | |
428 | PRO |
|
|
Unicode and Uppercase
This exercise covers how you can use unicode to gain access to an admin account.
|
< 1 Hr. | |
681 | PRO |
|
|
Code Review 06
This exercise is one of our challenges to help you learn how to review real source code
|
2-4 Hr. | |
329 | PRO |
|
|
Cross-Site Leak
This exercise covers how to use Cross-Site Leak to recover sensitive information
|
2-4 Hr. | |
586 | PRO |
|
From SQL injection to Shell III: PostgreSQL Edition
SQL Injection
This exercise covers how to gain access to an administration interface using a SQL injection, and how to get command execution using Ghostscript
|
2-4 Hr. | |
251 | PRO |
|
OAuth2: Client CSRF II
This exercise covers the exploitation of a CSRF in an OAuth2 Client
|
2-4 Hr. | |
494 | PRO |
|
|
XSS Include
XSS
This exercise covers how to use Cross-Site-Scripting Include to leak information
|
< 1 Hr. | |
1365 | PRO |
|
|
OAuth2: Client CSRF
This exercise covers the exploitation of a CSRF in an OAuth2 Client
|
< 1 Hr. | |
966 | PRO |
|
|
Code Review 05
This exercise is one of our challenges to help you learn how to review real source code
|
2-4 Hr. | |
340 | PRO |
|
|
Code Review 04
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
459 | PRO |
|
|
JS Prototype Pollution
This exercise covers how to exploit Prototype Pollution against a JavaScript application
|
< 1 Hr. | |
943 | PRO |
|
|
OAuth2: Authorization Server CSRF
This exercise covers the exploitation of a CSRF in an OAuth2 Authorization Server
|
1-2 Hr. | |
1159 | PRO |
|
|
Code Review 03
This exercise is one of our challenges to help you learn how to review real source code
|
2-4 Hr. | |
407 | PRO |
Showing 421–450 of 692 exercises
Free Labs of the Month
