Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
Electronic Code Book
Crypto
This exercise explains how you can tamper with encrypted cookies to access another user's account
|
1-2 Hr. |  |
5956 | FREE |
|
|
Web for Pentester II
This exercise is a set of the most common web vulnerabilities.
|
-- |  |
0 | FREE |
|
From SQL Injection to Shell II
SQL Injection
This exercise explains how you can, from a blind SQL injection, gain access to the administration console. Then once in the administration console, how you can run commands on the system.
|
1-2 Hr. | |
47 | FREE |
|
CVE-2012-6081: MoinMoin code execution
This exercise explains how you can exploit CVE-2012-6081 to gain code execution. This vulnerability was exploited to compromise Debian's wiki and Python documentation website
|
-- |  |
0 | FREE |
|
|
Web for Pentester
This exercise is a set of the most common web vulnerabilities.
|
-- | |
0 | FREE |
|
|
Axis2 Web service and Tomcat Manager
This exercise explains the interactions between Tomcat and Apache, then it shows how to call and attack an Axis2 Web service. Using information retrieved from this attack, you will be able to gain access to the Tomcat Manager and deploy a WebShell to gain command execution.
|
-- | |
0 | FREE |
|
|
CVE-2008-1930: WordPress Cookie Integrity Flaw
This exercise explains how you can exploit CVE-2008-1930 to gain access to the administration interface of a Wordpress installation.
|
< 1 Hr. | |
29 | FREE |
|
|
From SQL Injection to Shell: PostgreSQL edition
SQL Injection
This exercise explains how you can from a SQL injection gain access to the administration console, and from there, how you can run commands on the underlying system
|
< 1 Hr. | |
22 | FREE |
|
|
Rack Cookies and Commands injection
After a short brute force introduction, this exercise explains the tampering of rack cookies and how you can even manage to modify a signed cookie (if the secret is trivial). Using this issue, you will be able to escalate your privileges and gain command execution
|
-- | |
1 | FREE |
|
|
Linux Host Review
This exercise explains how to perform a Linux host review, what and how you can check the configuration of a Linux server to ensure it is securely configured. The reviewed system is a traditional Linux-Apache-Mysql-PHP (LAMP) server used to host a blog.
|
-- | |
1 | FREE |
|
|
CVE-2012-2661: ActiveRecord SQL injection
This exercise explains how you can exploit CVE-2012-2661 to retrieve information from a database
|
-- | |
0 | FREE |
|
|
CVE-2012-1823: PHP CGI
This exercise explains how you can exploit CVE-2012-1823 to retrieve the source code of an application and gain code execution.
|
-- | |
1 | FREE |
|
|
PHP Include And Post Exploitation
This exercise describes the exploitation of a local file include with limited access. Once code execution is gained, you will see some post exploitation tricks.
|
-- | |
1 | FREE |
|
|
From SQL Injection to Shell
SQL Injection
This exercise demonstrates how to leverage a SQL injection to gain access to the admin console, and from there, how to execute commands on the underlying system
|
< 1 Hr. | |
8318 | FREE |
Showing 721–734 of 734 exercises
Free Labs of the Month
