Brown Badge

18 Exercises

image for Signing Oracle

Signing Oracle

This exercise covers how a signing oracle can be used to bypass authorization in place
2 videos
Completed by 235 students
Takes Less than an hour on average

image for SSRF in PDF generation

SSRF in PDF generation

This exercise covers how you can read arbitrary files when an application generates pdf from a link you provide
1 video
Completed by 255 students
Takes Less than an hour on average

image for JS Prototype Pollution

JS Prototype Pollution

This exercise covers how to exploit Prototype Pollution against a JavaScript application
1 video
Completed by 198 students
Takes Less than an hour on average

image for JSON Web Encryption

JSON Web Encryption

This exercise covers how you can create your own JWE if you have access to the public key used by the se rver
2 videos
Completed by 149 students
Takes Less than an hour on average

Coming soon

Easy

TBD

TBD
Completed by 0 student
Takes -- on average

image for Apache Pluto RCE

Apache Pluto RCE

This exercise covers how you can gain code execution in Apache Pluto 3.0.0 due to an issue in the authorisation logic
1 video
Completed by 138 students
Takes Less than an hour on average

image for Unicode and Uppercase

Unicode and Uppercase

This exercise covers how you can use unicode to gain access to an admin account.
1 video
Completed by 163 students
Takes Less than an hour on average

image for Unicode and Downcase

Unicode and Downcase

This exercise covers how you can use unicode to gain access to an admin account.
1 video
Completed by 127 students
Takes Less than an hour on average

image for Zip symlink

Zip symlink

This exercise covers how you can create a malicious Zip file and use it to gain access to sensitive files.
1 video
Completed by 117 students
Takes Less than an hour on average

image for PHP phar://

PHP phar://

This exercise covers how the PHP phar:// handler can be used to gain code execution using PHP unserialize.
1 video
Completed by 99 students
Takes Less than an hour on average

image for Spring Actuators

Spring Actuators

This exercise covers how you can gain code execution using Spring Actuators when Spring Cloud is used.
1 video
Completed by 73 students
Takes Between 1 and 2 hours on average

image for From SQL injection to Shell III: PostgreSQL Edition

From SQL injection to Shell III: PostgreSQL Edition

This exercise covers how to gain access to an administration interface using SQL injection followed by how to get command execution using Ghostscript
Completed by 37 students
Takes Between 2 and 4 hours on average
Ruby-on-Rails

image for Unicode and NFKC

Unicode and NFKC

This exercise covers how can leverage unicode to get exploit a directory traversal
Completed by 35 students
Takes Less than an hour on average

image for EDDSA vulnerability in Monocypher

EDDSA vulnerability in Monocypher

This exercise covers the exploitation of a vulnerability impacting Monocypher.
Completed by 6 students
Takes Between 2 and 4 hours on average

Coming soon

Medium

image for CGI and Signature

CGI and Signature

This exercise covers the exploitation of a vulnerable CGI.
Completed by 0 student
Takes -- on average

Coming soon

Medium

image for CVE-2020-7115: Aruba Clearpass RCE

CVE-2020-7115: Aruba Clearpass RCE

This exercise covers a remote command execution issue on Aruba Clearpass RCE
Completed by 0 student
Takes -- on average

image for CVE-2020-8163: Rails local name RCE

CVE-2020-8163: Rails local name RCE

This exercise details the exploitation of CVE-2020-8163 to gain code execution
2 videos
Completed by 30 students
Takes More than 4 hours on average

Coming soon

Hard

image for RCE via argument injection

RCE via argument injection

This exercise covers a remote command execution vulnerability in which an attacker can only inject arguments
Completed by 0 student
Takes -- on average