Penetration Testing, Security Code Review and Web App Security Exercises

Free PRO CVE Easy Medium Hard XSS Code Review API SSRF HTTP RECON CSRF SQLi

Exercise	Avg. Time	Solved by	Tier
Ruby 2.x Universal RCE Deserialization Gadget Chain This exercise covers how to get code execution by using a Ruby Universal Gadget when an attacker controls the data passed to Marshal.load()	< 1 Hr.	1434	PRO
CVE-2018-10933: LibSSH auth bypass This exercise covers how to bypass authentication on an SSH server based on libssh to gain a shell on the affected system	--	0	FREE
Android 04 This exercise will guide you through the process of reversing a simple Android code	< 1 Hr.	2601	PRO
Android 03 This exercise will guide you through the process of extracting simple information from an APK	< 1 Hr.	3442	PRO
From SQL injection to Shell III SQL Injection This exercise covers how to gain access to an administration interface using SQL injection followed by how to get command execution using ImageTragick	1-2 Hr.	1148	PRO
PCAP 21 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6219	PRO
PCAP 22 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6212	PRO
PCAP 23 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6198	PRO
PCAP 24 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6186	PRO
PCAP 25 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6185	PRO
Android 02 This exercise will guide you through the process of extracting data from a simple database used by an Android app	< 1 Hr.	3718	PRO
IDOR to Shell This exercise covers how to get code execution by chaining vulnerabilities in a Ruby-on-Rails application	1-2 Hr.	1083	PRO
Android 01 This exercise will guide you through the process of extracting simple information from an APK	< 1 Hr.	4034	PRO
Introduction to CSP This exercise details the exploitation of a XSS in a simple web application that uses Content Security Policy	< 1 Hr.	2544	PRO
CVE-2018-11235: Git Submodule RCE This exercise details the exploitation of a vulnerability in Git Sub module that can be used to get command execution	2-4 Hr.	531	PRO
Git Information Leak II This exercise details how to retrieve information from an exposed .git directory on a web server, provided directory listing is disabled	< 1 Hr.	2651	PRO
Git Information Leak This exercise details how to retrieve information from an exposed .git directory on a web server	< 1 Hr.	3579	PRO
PCAP 01 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	7920	PRO
PCAP 02 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	7685	PRO
PCAP 03 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	7588	PRO
PCAP 04 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	7315	PRO
PCAP 05 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	7208	PRO
PCAP 06 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	7069	PRO
PCAP 07 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	7001	PRO
PCAP 08 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6937	PRO
PCAP 09 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6900	PRO
PCAP 10 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6557	PRO
PCAP 11 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6551	PRO
PCAP 12 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6534	PRO
PCAP 13 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6575	PRO

‹ 1 … 16 17 18 19 20 21 22 … 25 ›

Showing 541–570 of 734 exercises