Your progress
This is our default path with all our labs organised to improve your skills.
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
-
API Mobile 01 Coming soon
-
Mongo IDOR II Coming soon
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
-
ODF XXE Coming soon
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
-
CVE-2024-x730x Coming soon
-
CVE-2023-28XX9 Coming soon
-
Golang Code Review #05 Coming soon
-
Golang Code Review #09 Coming soon
This course is only available for PRO members, please upgrade your account so you can get started. Upgrade now
Here you will find all the online free labs you have access to.
Here you will find all the offline free labs you have access to. You will need to run those labs on your own computer using a virtualisation software
Web for Pentester
Not completedThis exercise is a set of the most common web vulnerabilities.
- 1 video
- Takes -- on average
- PHP/Apache/MySQL
- CWE-80,CWE-89,CWE-35,CWE-94,CWE-78,cwe-98
Web for Pentester II
Not completedThis exercise is a set of the most common web vulnerabilities.
- Takes -- on average
- Ruby/Rack
From SQL Injection to Shell
Not completedThis exercise demonstrates how to leverage a SQL injection to gain access to the admin console, and from there, how to execute commands on the underlying system
- 2 videos
- Completed by 7807 students
- Takes < 1 Hr. on average
- PHP/Apache/Mysql
- SQL Injection
- CWE-89
PHP Include And Post Exploitation
Not completedThis exercise describes the exploitation of a local file include with limited access. Once code execution is gained, you will see some post exploitation tricks.
- Takes -- on average
- PHP/Apache/Mysql
CVE-2012-1823: PHP CGI
Not completedThis exercise explains how you can exploit CVE-2012-1823 to retrieve the source code of an application and gain code execution.
- Takes -- on average
- PHP/Apache
- CWE-20
Linux Host Review
Not completedThis exercise explains how to perform a Linux host review, what and how you can check the configuration of a Linux server to ensure it is securely configured. The reviewed system is a traditional Linux-Apache-Mysql-PHP (LAMP) server used to host a blog.
- Takes -- on average
- Linux
This exercise explains how you can exploit CVE-2008-1930 to gain access to the administration interface of a Wordpress installation.
- 1 video
- Completed by 10 students
- Takes < 1 Hr. on average
- PHP/Apache/Mysql
- CWE-287
Axis2 Web service and Tomcat Manager
Not completedThis exercise explains the interactions between Tomcat and Apache, then it shows how to call and attack an Axis2 Web service. Using information retrieved from this attack, you will be able to gain access to the Tomcat Manager and deploy a WebShell to gain command execution.
- Takes -- on average
- Tomcat/Axis2
From SQL Injection to Shell II
Not completedThis exercise explains how you can, from a blind SQL injection, gain access to the administration console. Then once in the administration console, how you can run commands on the system.
- Completed by 1 student
- Takes -- on average
- PHP/Apache/Mysql
- SQL Injection
- CWE-89
Electronic Code Book
Not completedThis exercise explains how you can tamper with encrypted cookies to access another user's account
CVE-2007-1860: mod_jk double-decoding
Not completedThis exercise covers the exploitation of CVE-2007-1860. This vulnerability allows an attacker to gain access to inaccessible pages using crafted requests. This is a common trick that a lot of testers miss.
- 4 videos
- Completed by 5813 students
- Takes 1-2 Hrs. on average
- Tomcat/Apache
- CWE-22
Introduction to code review
Not completedThis exercise covers the different ways to perform code review. It also contains a simple application to review to help you get started.
- Takes -- on average
- PHP