Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
CVE-2016-0792
This exercise covers the exploitation of an Xstream vulnerability in Jenkins
|
< 1 Hr. |  |
4880 | PRO |
|
ObjectInputStream
This exercise covers the exploitation of a call to readObject in a Spring application
|
< 1 Hr. | |
4377 | PRO |
|
|
XMLDecoder
This exercise covers the exploitation of an application using XMLDecoder
|
< 1 Hr. | |
5477 | PRO |
|
|
Intercept 03
This exercise covers how to intercept an HTTPs connection with hostname verification.
|
< 1 Hr. | |
1517 | PRO |
|
|
Intercept 02
This exercise covers how to intercept an HTTPs connection.
|
< 1 Hr. | |
1669 | PRO |
|
|
Struts devMode
This exercise covers how to get code execution when a Struts application is running in devMode
|
-- | |
0 | PRO |
|
|
Cross-Origin Resource Sharing
This exercise covers Cross-Origin Resource Sharing and how it can be used to bypass CSRF protection if it's misconfigured
|
-- | |
0 | PRO |
|
|
Pickle Code Execution
This exercise covers the exploitation of Python's pickle when used to deserialize untrusted data
|
< 1 Hr. | |
6530 | PRO |
|
|
Play XML Entities
This exercise covers the exploitation of XML entities in the Play framework
|
1-2 Hr. | |
2309 | FREE |
|
|
Play Session Injection
This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanism
|
< 1 Hr. | |
2968 | FREE |
|
|
CVE-2007-1860: mod_jk double-decoding
This exercise covers the exploitation of CVE-2007-1860. This vulnerability allows an attacker to gain access to inaccessible pages using crafted requests. This is a common trick that a lot of testers miss.
|
1-2 Hr. | |
6198 | FREE |
|
XSS and MySQL FILE
XSS
This exercise explains how to exploit a Cross-Site Scripting vulnerability to obtain an administrator's cookies, and how you can use their session to gain access to the administration panel, and find a SQL injection to gain code execution
|
-- | |
0 | FREE |
|
|
Electronic Code Book
Crypto
This exercise explains how you can tamper with encrypted cookies to access another user's account
|
1-2 Hr. | |
5956 | FREE |
|
|
From SQL Injection to Shell II
SQL Injection
This exercise explains how you can, from a blind SQL injection, gain access to the administration console. Then once in the administration console, how you can run commands on the system.
|
1-2 Hr. | |
47 | FREE |
|
|
Axis2 Web service and Tomcat Manager
This exercise explains the interactions between Tomcat and Apache, then it shows how to call and attack an Axis2 Web service. Using information retrieved from this attack, you will be able to gain access to the Tomcat Manager and deploy a WebShell to gain command execution.
|
-- | |
0 | FREE |
|
|
CVE-2008-1930: WordPress Cookie Integrity Flaw
This exercise explains how you can exploit CVE-2008-1930 to gain access to the administration interface of a Wordpress installation.
|
< 1 Hr. | |
29 | FREE |
|
|
From SQL Injection to Shell: PostgreSQL edition
SQL Injection
This exercise explains how you can from a SQL injection gain access to the administration console, and from there, how you can run commands on the underlying system
|
< 1 Hr. | |
22 | FREE |
|
|
CVE-2012-1823: PHP CGI
This exercise explains how you can exploit CVE-2012-1823 to retrieve the source code of an application and gain code execution.
|
-- | |
1 | FREE |
|
|
PHP Include And Post Exploitation
This exercise describes the exploitation of a local file include with limited access. Once code execution is gained, you will see some post exploitation tricks.
|
-- | |
1 | FREE |
|
|
From SQL Injection to Shell
SQL Injection
This exercise demonstrates how to leverage a SQL injection to gain access to the admin console, and from there, how to execute commands on the underlying system
|
< 1 Hr. | |
8318 | FREE |
Showing 241–260 of 260 exercises
Free Labs of the Month
