Penetration Testing, Security Code Review and Web App Security Exercises

Free PRO CVE Easy Medium Hard XSS Code Review API SSRF HTTP RECON CSRF SQLi

Exercise	Avg. Time	Solved by	Tier
SAML: Comment Injection II This exercise covers the exploitation of a comment injection vulnerability in SAML	< 1 Hr.	650	PRO
Recon 24 In this challenge, you need to look for a file named key.txt in the place used to serve the assets for the main website	< 1 Hr.	5433	FREE
Recon 25 In this challenge, you need to look for a file named key2.txt in the place used to serve the assets for the main website	1-2 Hr.	3303	FREE
Recon 26 In this challenge, you need to look for a key in the JavaScript used by the website	< 1 Hr.	5137	FREE
SSRF via FFMPEG This exercise covers how you can read arbitrary files when an application uses ffmpeg to render videos from a video you provide	< 1 Hr.	257	PRO
SAML: Signature Wrapping II This exercise covers how to use Signature Wrapping to become an arbitrary user	< 1 Hr.	493	PRO
RCE via argument injection This exercise covers a remote command execution vulnerability via argument injection	2-4 Hr.	60	PRO
Code Review 16 This exercise is one of our challenges to help you learn how to review real source code	< 1 Hr.	531	PRO
Code Review 17 This exercise is one of our challenges to help you learn how to review real source code	1-2 Hr.	410	PRO
SAML: Signature Wrapping This exercise covers how to use Signature Wrapping to become an arbitrary user	< 1 Hr.	597	PRO
Recon 20 In this challenge, you need to look at the branches in repo3	< 1 Hr.	5469	FREE
Recon 21 In this challenge, you need to look at the information in the branches for repo4	< 1 Hr.	5341	FREE
Recon 22 In this challenge, you need to look in repo9 for deleted files	< 1 Hr.	5137	FREE
Recon 23 In this challenge, you need to look for sensitive information in commit messages	< 1 Hr.	5117	FREE
SAML: SAMLResponse forwarding This exercise covers how to pass the SAMLResponse from one Service Provider to another	< 1 Hr.	534	PRO
CGI and Signature This exercise covers the exploitation of a vulnerable CGI.	< 1 Hr.	235	PRO
Recon 17 In this challenge, you need to look at the name of the developer used in the repository test1	< 1 Hr.	5810	FREE
Recon 18 In this challenge, you need to look at the public repository of the developers in the organisation	< 1 Hr.	5498	FREE
Recon 19 In this challenge, you need to look at the email addresses used for commits in the repository repo7	< 1 Hr.	5179	FREE
Code Review 15 This exercise is one of our challenges to help you learn how to review real source code	< 1 Hr.	504	PRO
Code Review 14 This exercise is one of our challenges to help you learn how to review real source code	< 1 Hr.	531	PRO
CVE-2020-14343: PyYAML unsafe loader This exercise covers how you can gain code execution when an application use a vulnerable version of PyYAML and relies on load()	< 1 Hr.	341	PRO
OAuth2: State Fixation This exercise covers the exploitation of a state fixation in an OAuth2 Client	1-2 Hr.	418	PRO
Code Review 13 This exercise is one of our challenges to help you learn how to review real source code	1-2 Hr.	438	PRO
CVE-2020-7115: Aruba Clearpass RCE This exercise covers a remote command execution issue on Aruba Clearpass RCE	< 1 Hr.	223	PRO
Code Review 12 This exercise is one of our challenges to help you learn how to review real source code	< 1 Hr.	569	PRO
OAuth2: Predictable State II This exercise covers the exploitation of a predictable state in an OAuth2 Client	1-2 Hr.	280	PRO
Recon 13 In this challenge, you need to find the TXT record linked to key.z.hackycorp.com	< 1 Hr.	6791	FREE
Recon 14 In this challenge, you need to find a TXT record by doing a zone transfer on z.hackycorp.com	< 1 Hr.	6100	FREE
Recon 15 In this challenge, you need to find a TXT record by doing a zone transfer on the internal zone "int"	< 1 Hr.	5549	FREE

‹ 1 … 12 13 14 15 16 17 18 … 25 ›

Showing 421–450 of 734 exercises