Penetration Testing, Security Code Review and Web App Security Exercises

Free PRO CVE Easy Medium Hard XSS Code Review API SSRF HTTP RECON CSRF SQLi

Exercise	Avg. Time	Solved by	Tier
Authentication 04 This exercise is one of our challenges on Authentication issues	< 1 Hr.	18773	PRO
Authentication 01 This exercise is one of our challenges on Authentication issues	< 1 Hr.	20693	PRO
Authentication 02 This exercise is one of our challenges on Authentication issues	< 1 Hr.	19726	PRO
Authentication 03 This exercise is one of our challenges on Authentication issues	< 1 Hr.	19133	PRO
Authorization 01 This exercise is one of our challenges on Authorisation issues	< 1 Hr.	18243	PRO
Authorization 02 This exercise is one of our challenges on Authorisation issues	< 1 Hr.	17761	PRO
Code Execution 01 This exercise is one of our challenges on Code Execution	< 1 Hr.	15035	PRO
CVE-2016-10033: PHPMailer RCE This exercise covers a remote code execution vulnerability in PHPMailer	< 1 Hr.	3834	PRO
Cipher block chaining Crypto This exercise details how to tamper with data encrypted using CBC	1-2 Hr.	3017	PRO
Struts s2-045 This exercise covers a Remote Code Execution in Struts 2.	< 1 Hr.	2841	PRO
CVE-2016-2098 This exercise covers a remote code execution vulnerability in Ruby-on-Rails when using render on user-supplied data	< 1 Hr.	3744	PRO
CVE-2014-4511: Gitlist RCE This exercise explains how you can exploit a vulnerability published in 2014 in Gitlist.	< 1 Hr.	15	FREE
ECDSA Crypto This exercise covers the exploitation of a weakness in the usage of ECDSA	2-4 Hr.	371	PRO
Werkzeug DEBUG This challenge was written for Ruxcon CTF 2015 and cover the Debug mode of Werkzeug/Flask	< 1 Hr.	1629	PRO
Padding Oracle This exercise covers an attack against CBC mode. This attack can be used to decrypt data and re-encrypt arbitrary data	1-2 Hr.	855	FREE
Unickle This challenge was written for Ruxcon CTF 2015. It's an SQL injection mixed with a remote code execution.	1-2 Hr.	685	PRO
CVE-2015-3224 This exercise is a challenge written for Nullcon CTF in 2015	< 1 Hr.	1643	PRO
Luhn This challenge was written for Ruxcon CTF 2015. It's an SQL injection with a twist	2-4 Hr.	633	PRO
Introduction 00 This exercise will guide you through the process of scoring on an exercise to get it marked as completed	< 1 Hr.	31948	PRO
Introduction 01 This exercise will guide through the process of scoring an exercise to mark it as completed	< 1 Hr.	30868	PRO
Introduction 02 This exercise will guide through the process of scoring an exercise to mark it as completed. Finding the key is just a little bit harder than the previous exercise.	< 1 Hr.	30455	PRO
Introduction 03 This exercise will guide through the process of scoring an exercise to mark it as completed. However, this time, you will run commands on the underlying operating system. You will need to run the score command with your UUID.	< 1 Hr.	29756	PRO
CVE-2013-0156: Rails Object Injection This exercise covers the exploitation of a code execution in Ruby-on-Rails using XML and YAML.	< 1 Hr.	4077	PRO
JWT Algorithm Confusion JWT This exercise covers the exploitation of an issue with some implementations of JWT	1-2 Hr.	3882	PRO
CVE-2016-0792 This exercise covers the exploitation of an Xstream vulnerability in Jenkins	< 1 Hr.	4890	PRO
ObjectInputStream This exercise covers the exploitation of a call to readObject in a Spring application	< 1 Hr.	4386	PRO
XMLDecoder This exercise covers the exploitation of an application using XMLDecoder	< 1 Hr.	5486	PRO
CVE-2014-1266 This exercise covers how to intercept an HTTPs connection	1-2 Hr.	1080	PRO
CVE-2011-0228 This exercise covers how to intercept an HTTPs connection	1-2 Hr.	1234	PRO
Intercept 03 This exercise covers how to intercept an HTTPs connection with hostname verification.	< 1 Hr.	1518	PRO

‹ 1 … 21 22 23 24 25 ›

Showing 691–720 of 746 exercises