Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
HTTP 19
This challenge covers how to send specific HTTP requests
|
< 1 Hr. |  |
3484 | PRO |
|
|
HTTP 12
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3756 | PRO |
|
|
HTTP 13
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3671 | PRO |
|
Express Local File Read
This exercise covers how an insecure call to render can be used to gain local files read with Express
|
< 1 Hr. | |
440 | PRO |
|
OAuth2: Authorization Server XSS
This exercise covers the exploitation of an XSS in an OAuth2 Authorization Server
|
< 1 Hr. | |
397 | PRO |
|
|
HTTP 09
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
3999 | PRO |
|
|
HTTP 02
This challenge covers how to send specific HTTP requests
|
< 1 Hr. | |
4774 | PRO |
|
|
SAML: Comment Injection II
This exercise covers the exploitation of a comment injection vulnerability in SAML
|
< 1 Hr. | |
650 | PRO |
|
Recon 24
In this challenge, you need to look for a file named key.txt in the place used to serve the assets for the main website
|
< 1 Hr. | |
5433 | FREE |
|
|
Recon 26
In this challenge, you need to look for a key in the JavaScript used by the website
|
< 1 Hr. | |
5137 | FREE |
|
SSRF via FFMPEG
This exercise covers how you can read arbitrary files when an application uses ffmpeg to render videos from a video you provide
|
< 1 Hr. | |
257 | PRO |
|
Code Review 17
This exercise is one of our challenges to help you learn how to review real source code
|
1-2 Hr. | |
410 | PRO |
|
|
Recon 22
In this challenge, you need to look in repo9 for deleted files
|
< 1 Hr. | |
5137 | FREE |
|
|
SAML: SAMLResponse forwarding
This exercise covers how to pass the SAMLResponse from one Service Provider to another
|
< 1 Hr. | |
534 | PRO |
|
|
CGI and Signature
This exercise covers the exploitation of a vulnerable CGI.
|
< 1 Hr. | |
235 | PRO |
|
|
Recon 17
In this challenge, you need to look at the name of the developer used in the repository test1
|
< 1 Hr. | |
5810 | FREE |
|
|
Recon 18
In this challenge, you need to look at the public repository of the developers in the organisation
|
< 1 Hr. | |
5498 | FREE |
|
|
Recon 19
In this challenge, you need to look at the email addresses used for commits in the repository repo7
|
< 1 Hr. | |
5179 | FREE |
|
|
Code Review 15
This exercise is one of our challenges to help you learn how to review real source code
|
< 1 Hr. | |
504 | PRO |
|
|
Code Review 14
This exercise is one of our challenges to help you learn how to review real source code
|
< 1 Hr. | |
531 | PRO |
|
CVE-2020-14343: PyYAML unsafe loader
This exercise covers how you can gain code execution when an application use a vulnerable version of PyYAML and relies on load()
|
< 1 Hr. | |
341 | PRO |
|
|
OAuth2: State Fixation
This exercise covers the exploitation of a state fixation in an OAuth2 Client
|
1-2 Hr. | |
418 | PRO |
|
|
CVE-2020-7115: Aruba Clearpass RCE
This exercise covers a remote command execution issue on Aruba Clearpass RCE
|
< 1 Hr. | |
223 | PRO |
|
|
Code Review 12
This exercise is one of our challenges to help you learn how to review real source code
|
< 1 Hr. | |
569 | PRO |
|
|
Recon 16
In this challenge, you need to find the version of Bind used
|
< 1 Hr. | |
5712 | FREE |
|
|
EDDSA vulnerability in Monocypher
Crypto
This exercise covers the exploitation of a vulnerability impacting Monocypher.
|
< 1 Hr. | |
191 | PRO |
|
|
Code Review 10
This exercise is one of our challenges to help you learn how to review real source code
|
< 1 Hr. | |
489 | PRO |
|
|
Unicode and NFKC
This exercise covers how to leverage unicode to exploit a directory traversal
|
< 1 Hr. | |
328 | PRO |
|
|
SAML: Trusted Embedded Key
This exercise covers the exploitation of a Service Provider (SP) that doesn't check the certificate provided in the SAMLResponse
|
< 1 Hr. | |
536 | PRO |
|
|
Recon 08
This exercise covers aliases in TLS certificates
|
< 1 Hr. | |
9971 | FREE |
Showing 121–150 of 260 exercises
Free Labs of the Month
