White Badge

3754 Completed
6 Exercises
Easy image for CVE-2014-6271/Shellshock

CVE-2014-6271/Shellshock

  • This exercise covers the exploitation of a Bash vulnerability through a CGI.
  • 1 video
  • Completed by 6274 students
  • Takes Less than an hour on average
  • CGI/Apache/Bash
Easy image for JSON Web Token

JSON Web Token

  • This exercise covers the exploitation of a signature weakness in a JWT library.
  • 2 videos
  • Completed by 6830 students
  • Takes Less than an hour on average
  • PHP/Apache/Mysql
  • jwt,
Easy image for From SQL Injection to Shell

From SQL Injection to Shell

  • This exercise explains how you can, from a SQL injection, gain access to the administration console, then in the administration console, how you can run commands on the system.
  • 1 video
  • Completed by 5742 students
  • Takes Less than an hour on average
  • PHP/Apache/Mysql
  • SQL Injection,
Easy image for CVE-2007-1860: mod_jk double-decoding

CVE-2007-1860: mod_jk double-decoding

  • This exercise covers the exploitation of CVE-2007-1860. This vulnerability allows an attacker to gain access to inaccessible pages using crafted requests. This is a common trick that a lot of testers miss.
  • 2 videos
  • Completed by 4322 students
  • Takes Between 1 and 2 hours on average
  • Tomcat/Apache
Easy image for Pickle Code Execution

Pickle Code Execution

  • This exercise covers the exploitation of Python's pickle when used to deserialize untrusted data
  • 2 videos
  • Completed by 4477 students
  • Takes Less than an hour on average
  • Python
Medium image for Electronic Code Book

Electronic Code Book

  • This exercise explains how you can tamper with an encrypted cookies to access another user's account.
  • 2 videos
  • Completed by 4109 students
  • Takes Between 1 and 2 hours on average
  • PHP/Apache
  • crypto,