Brown Badge

18 Completed
37 Videos
26 Exercises

Exercises

Easy
Signing Oracle
  • This exercise covers how a signing oracle can be used to bypass authorization in place
  • 2 videos
  • Completed by 712 students
  • Takes < 1 Hr. on average

 

Easy
JS Prototype Pollution
  • This exercise covers how to exploit Prototype Pollution against a JavaScript application
  • 1 video
  • Completed by 778 students
  • Takes < 1 Hr. on average

 

Easy
CVE-2021-41773
  • This challenge covers how to read arbitrary files by leveraging CVE-2021-41773
  • 1 video
  • Completed by 427 students
  • Takes < 1 Hr. on average
  • Apache
  • CWE-23

 

Easy
JSON Web Encryption
  • This exercise covers how you can create your own JWE if you have access to the public key used by the se rver
  • 2 videos
  • Completed by 463 students
  • Takes < 1 Hr. on average

 

Easy
Apache Pluto RCE
  • This exercise covers how you can gain code execution in Apache Pluto 3.0.0 due to an issue in the authorisation logic
  • 1 video
  • Completed by 464 students
  • Takes < 1 Hr. on average
  • CWE-200

 

Easy
Unicode and Uppercase
  • This exercise covers how you can use unicode to gain access to an admin account.
  • 2 videos
  • Completed by 575 students
  • Takes < 1 Hr. on average

 

Easy
Unicode and Downcase
  • This exercise covers how you can use unicode to gain access to an admin account.
  • 2 videos
  • Completed by 515 students
  • Takes < 1 Hr. on average

 

Easy
Zip symlink
  • This exercise covers how you can create a malicious Zip file and use it to gain access to sensitive files.
  • 1 video
  • Completed by 506 students
  • Takes < 1 Hr. on average

 

Easy
CVE-2020-14343: PyYAML unsafe loader
  • This exercise covers how you can gain code execution when an application use a vulnerable version of PyYAML and relies on load()
  • 1 video
  • Completed by 255 students
  • Takes < 1 Hr. on average
  • CWE-20

 

Easy
Express Local File Read
  • This exercise covers how an insecure to render can be used to gain local file read with Express
  • 1 video
  • Completed by 307 students
  • Takes < 1 Hr. on average

 

Easy
CVE-2021-40438
  • This challenge covers how to trigger a Server-Side Request Forgery by leveraging CVE-2021-40438
  • 1 video
  • Completed by 258 students
  • Takes < 1 Hr. on average
  • Apache
  • CWE-918

 

Easy
GCM Nonce Reuse
  • This challenge covers the impact of nonce reuse on GCM
  • 2 videos
  • Completed by 110 students
  • Takes < 1 Hr. on average
  • Ruby

 

Medium
PHP phar://
  • This exercise covers how the PHP phar:// handler can be used to gain code execution using PHP unserialize.
  • 1 video
  • Completed by 298 students
  • Takes < 1 Hr. on average

 

Medium
Spring Actuators
  • This exercise covers how you can gain code execution using Spring Actuators when Spring Cloud is used.
  • 1 video
  • Completed by 244 students
  • Takes 1-2 Hrs. on average

 

Medium
From SQL injection to Shell III: PostgreSQL Edition
  • This exercise covers how to gain access to an administration interface using SQL injection followed by how to get command execution using Ghostscript
  • 2 videos
  • Completed by 180 students
  • Takes 2-4 Hrs. on average
  • Ruby-on-Rails
  • SQL Injection
  • CWE-89

 

Medium
Unicode and NFKC
  • This exercise covers how can leverage unicode to get exploit a directory traversal
  • 1 video
  • Completed by 243 students
  • Takes < 1 Hr. on average

 

Medium
EDDSA vulnerability in Monocypher
  • This exercise covers the exploitation of a vulnerability impacting Monocypher.
  • 1 video
  • Completed by 126 students
  • Takes 1-2 Hrs. on average
  • crypto

 

Medium
CGI and Signature
  • This exercise covers the exploitation of a vulnerable CGI.
  • 2 videos
  • Completed by 172 students
  • Takes < 1 Hr. on average

 

Medium
CVE-2020-7115: Aruba Clearpass RCE
  • This exercise covers a remote command execution issue on Aruba Clearpass RCE
  • 1 video
  • Completed by 161 students
  • Takes < 1 Hr. on average
  • CWE-306

 

Medium
CVE-2021-41773 II
  • This challenge covers how to gain code execution by leveraging CVE-2021-41773
  • 1 video
  • Completed by 138 students
  • Takes 1-2 Hrs. on average
  • Apache

 

Medium
CVE-2022-21449
  • This exercise covers the exploitation of CVE-2022-21449 against a Java Application relying on JWT
  • 4 videos
  • Completed by 96 students
  • Takes < 1 Hr. on average
  • Java
  • jwt

 

Hard
CVE-2020-8163: Rails local name RCE
  • This exercise details the exploitation of CVE-2020-8163 to gain code execution
  • 2 videos
  • Completed by 189 students
  • Takes 1-2 Hrs. on average
  • CWE-94

 

Hard
RCE via argument injection
  • This exercise covers a remote command execution vulnerability in which an attacker can only inject arguments
  • Completed by 35 students
  • Takes > 4 Hrs. on average

 

Hard
Ox Remote Code Execution
  • This exercise covers how you can gain code execution when an application using Ox to deserialize data and run on Ruby 2.3
  • 1 video
  • Completed by 51 students
  • Takes 2-4 Hrs. on average
  • Ruby

 

Hard
JSON Web Token XIII
  • This exercise covers the exploitation of algorithm confusion when no public key is available
  • 3 videos
  • Completed by 130 students
  • Takes < 1 Hr. on average
  • PHP
  • jwt
  • cwe-310

 

Hard
Ox Remote Code Execution II
  • This exercise covers how you can gain code execution when an application using Ox to deserialize data and run on Ruby 2.7
  • Completed by 22 students
  • Takes 2-4 Hrs. on average
  • Ruby