Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
Recon 09 | < 1 Hr. |  |
10321 | FREE |
|
CVE-2020-8163: Rails local name RCE
This exercise details the exploitation of CVE-2020-8163 to gain code execution
|
1-2 Hr. |  |
228 | PRO |
|
SAML: Known Key
This exercise covers the exploitation of a known key in SAML
|
1-2 Hr. |  |
543 | PRO |
|
Code Review 09
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
406 | PRO |
|
|
Recon 04
This exercise covers common interesting directories
|
< 1 Hr. | |
16401 | FREE |
|
|
Recon 05
This exercise covers simple directory bruteforcing
|
< 1 Hr. | |
12025 | FREE |
|
|
Recon 01
This exercise covers 404 error pages
|
< 1 Hr. | |
21536 | FREE |
|
OAuth2: Client Server XSS
This exercise covers the exploitation of a Cross-Site Scripting in an OAuth2 Client and Server
|
1-2 Hr. | |
379 | PRO |
|
|
Zip symlink
This exercise covers how you can create a malicious Zip file and use it to gain access to sensitive files.
|
< 1 Hr. | |
597 | PRO |
|
|
Code Review 08
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
518 | PRO |
|
|
SAML: Comment Injection
This exercise covers the exploitation of a comment injection vulnerability in SAML
|
< 1 Hr. | |
1717 | PRO |
|
|
Unicode and Downcase
This exercise covers how you can use unicode to gain access to an admin account.
|
< 1 Hr. | |
604 | PRO |
|
|
Code Review 07
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
435 | PRO |
|
|
Recon 10
This exercise covers visual content discovery
|
< 1 Hr. | |
6610 | FREE |
|
|
Recon 00
This exercise covers the robots.txt file
|
< 1 Hr. | |
22076 | FREE |
|
|
Recon 02
This exercise covers the security.txt file
|
< 1 Hr. | |
18629 | FREE |
|
|
Recon 03
This exercise covers directory listing
|
< 1 Hr. | |
16697 | FREE |
|
|
Java Serialize 01
This exercise is one of our challenges to help you learn Java Serialisation exploitation
|
< 1 Hr. | |
428 | PRO |
|
|
Unicode and Uppercase
This exercise covers how you can use unicode to gain access to an admin account.
|
< 1 Hr. | |
681 | PRO |
|
|
Code Review 06
This exercise is one of our challenges to help you learn how to review real source code
|
2-4 Hr. | |
384 | PRO |
|
|
Cross-Site Leak
This exercise covers how to use Cross-Site Leak to recover sensitive information
|
2-4 Hr. | |
589 | PRO |
|
From SQL injection to Shell III: PostgreSQL Edition
SQL Injection
This exercise covers how to gain access to an administration interface using a SQL injection, and how to get command execution using Ghostscript
|
2-4 Hr. | |
256 | PRO |
|
OAuth2: Client CSRF II
This exercise covers the exploitation of a CSRF in an OAuth2 Client
|
2-4 Hr. | |
497 | PRO |
|
|
XSS Include
XSS
This exercise covers how to use Cross-Site-Scripting Include to leak information
|
< 1 Hr. | |
1375 | PRO |
|
|
OAuth2: Client CSRF
This exercise covers the exploitation of a CSRF in an OAuth2 Client
|
< 1 Hr. | |
972 | PRO |
|
|
Code Review 05
This exercise is one of our challenges to help you learn how to review real source code
|
2-4 Hr. | |
425 | PRO |
|
|
Code Review 04
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
542 | PRO |
|
|
JS Prototype Pollution
This exercise covers how to exploit Prototype Pollution against a JavaScript application
|
< 1 Hr. | |
949 | PRO |
|
|
OAuth2: Authorization Server CSRF
This exercise covers the exploitation of a CSRF in an OAuth2 Authorization Server
|
1-2 Hr. | |
1167 | PRO |
|
|
Code Review 03
This exercise is one of our challenges to help you learn how to review real source code
|
2-4 Hr. | |
466 | PRO |
Showing 451–480 of 722 exercises
Free Labs of the Month
