10010101 101110 11001 001 101 0111 101101 01101

WE WILL HELP YOU GET TO THE NEXT LEVEL!

TRY OUR FREE EXERCISES OR GO PRO

FILTER

	EXERCISE	AVERAGE TIME TO COMPLETE	# OF USERS COMPLETED

	CVE-2022-26xx9	< 1 Hr.	3
	Python Snippet #07	< 1 Hr.	33
	Python Snippet #08	< 1 Hr.	21
	Python Snippet #09	< 1 Hr.	35
	Mongo IDOR	< 1 Hr.	62
	CVE-2008-5x8x_ii	< 1 Hr.	25
	CVE-2005-2x8x	< 1 Hr.	24
	Python Snippet #06	< 1 Hr.	87
	Golang Snippet #01	< 1 Hr.	53
	Java Snippet #06	2-4 Hr.	30
	CVE-2022-21449	< 1 Hr.	20
	CVE-2021-33564 Argument Injection in Ruby Dragonfly	< 1 Hr.	26
	CVE-2021-45xx9	< 1 Hr.	36
	PHP Snippet #07	< 1 Hr.	119
	PHP Snippet #08	< 1 Hr.	89
	PHP Snippet #09	< 1 Hr.	93
	Python Snippet #03	< 1 Hr.	134
	Python Snippet #04	< 1 Hr.	117
	Python Snippet #05	< 1 Hr.	135
	CVE-2021-39x3x	< 1 Hr.	42
	CVE-2022-21724: JDBC RCE PostgreSQL	< 1 Hr.	34
	Java Snippet #04	< 1 Hr.	129
	Java Snippet #05	< 1 Hr.	114
	Ox Remote Code Execution II	> 4 Hr.	5
	CVE-2009-3x8x	< 1 Hr.	51
	HTTP 41	< 1 Hr.	509
	HTTP 42	< 1 Hr.	514
	HTTP 43	< 1 Hr.	498
	CVE-2021-381xx	< 1 Hr.	60
	H2 RCE	< 1 Hr.	19
	TypeScript Snippet #04	< 1 Hr.	80
	TypeScript Snippet #05	< 1 Hr.	115
	TypeScript Snippet #06	1-2 Hr.	63
	TypeScript Snippet #07	< 1 Hr.	62
	TypeScript Snippet #08	< 1 Hr.	76
	TypeScript Snippet #09	< 1 Hr.	102
	CVE-2008-4x9x	< 1 Hr.	63
	Log4j RCE II	1-2 Hr.	61
	Log4j RCE	1-2 Hr.	173
	CVE-2021-4379x	< 1 Hr.	95
	API 08	< 1 Hr.	263
	JDBC RCE	2-4 Hr.	13
	CVE-2008-1x3x	< 1 Hr.	88
	Golang Snippet #12	< 1 Hr.	125
	Python Snippet #02	< 1 Hr.	226
	TypeScript Snippet #01	< 1 Hr.	178
	TypeScript Snippet #02	< 1 Hr.	155
	TypeScript Snippet #03	< 1 Hr.	160
	API 07	< 1 Hr.	321
	CVE-2021-40438	< 1 Hr.	117
	CVE-2021-41773	< 1 Hr.	220
	CVE-2021-41773 II	2-4 Hr.	57
	HTTP 36	< 1 Hr.	699
	HTTP 37	< 1 Hr.	682
	HTTP 38	< 1 Hr.	688
	HTTP 39	< 1 Hr.	668
	HTTP 40	< 1 Hr.	686
	CVE-2006-4xxx	< 1 Hr.	132
	CVE-2006-4xxx_ii	< 1 Hr.	91
	PHP Snippet #04	< 1 Hr.	294
	PHP Snippet #05	< 1 Hr.	249
	PHP Snippet #06	< 1 Hr.	300
	API 06	< 1 Hr.	366
	CVE-2021-37xxx	< 1 Hr.	84
	PHP Snippet #01	< 1 Hr.	534
	PHP Snippet #02	< 1 Hr.	427
	PHP Snippet #03	< 1 Hr.	307
	HTTP 31	< 1 Hr.	770
	HTTP 32	< 1 Hr.	762
	HTTP 35	< 1 Hr.	730
	HTTP 34	< 1 Hr.	734
	HTTP 33	< 1 Hr.	757
	API 05	< 1 Hr.	465
	API 04	< 1 Hr.	483
	Golang Snippet #1	< 1 Hr.	265
	Golang Snippet #02	< 1 Hr.	249
	Golang Snippet #03	< 1 Hr.	189
	Golang Snippet #04	< 1 Hr.	241
	Golang Snippet #05	< 1 Hr.	207
	Golang Snippet #06	< 1 Hr.	168
	Golang Snippet #07	< 1 Hr.	182
	Golang Snippet #08	< 1 Hr.	170
	Golang Snippet #09	< 1 Hr.	164
	Golang Snippet #10	< 1 Hr.	168
	Golang Snippet #11	< 1 Hr.	160
	Javascript Snippet #01	< 1 Hr.	371
	Javascript Snippet #02	< 1 Hr.	316
	Javascript Snippet #03	< 1 Hr.	319
	Javascript Snippet #04	< 1 Hr.	282
	Javascript Snippet #05	< 1 Hr.	294
	Javascript Snippet #06	< 1 Hr.	250
	Javascript Snippet #07	< 1 Hr.	277
	Python Snippet #01	< 1 Hr.	377
	Ruby Snippet #01	1-2 Hr.	93
	Ruby Snippet #02	< 1 Hr.	119
	Ruby Snippet #03	< 1 Hr.	135
	Ruby Snippet #04	< 1 Hr.	123
	Ruby Snippet #05	< 1 Hr.	125
	Ruby Snippet #06	< 1 Hr.	115
	Ruby Snippet #07	< 1 Hr.	100
	Ruby Snippet #08	< 1 Hr.	114
	Ruby Snippet #09	< 1 Hr.	108
	HTTP 26	< 1 Hr.	869
	HTTP 27	< 1 Hr.	857
	HTTP 28	< 1 Hr.	836
	HTTP 29	< 1 Hr.	807
	HTTP 30	< 1 Hr.	779
	CVE-2020-17xx7	< 1 Hr.	159
	Ox Remote Code Execution	2-4 Hr.	14
	CVE-2020-9x9x	< 1 Hr.	111
	HTTP 21	< 1 Hr.	945
	HTTP 22	< 1 Hr.	932
	HTTP 23	< 1 Hr.	918
	HTTP 24	< 1 Hr.	916
	HTTP 25	< 1 Hr.	915
	HTTP 16	< 1 Hr.	1011
	HTTP 20	< 1 Hr.	960
	HTTP 18	< 1 Hr.	994
	HTTP 19	< 1 Hr.	971
	HTTP 17	< 1 Hr.	1002
	CVE-2020-17xx8	< 1 Hr.	116
	CVE-2021-22204: Exiftool RCE	1-2 Hr.	77
	SSRF via FFMPEG II	1-2 Hr.	62
	API 03	< 1 Hr.	469
	CVE-2020-11xxx	< 1 Hr.	130
	OAuth2: Authorization Server XSS II	< 1 Hr.	120
	HTTP 11	< 1 Hr.	1133
	HTTP 15	< 1 Hr.	1080
	HTTP 12	< 1 Hr.	1117
	HTTP 13	< 1 Hr.	1095
	HTTP 14	< 1 Hr.	1084
	API 02	< 1 Hr.	814
	Express Local File Read	< 1 Hr.	138
	OAuth2: Authorization Server XSS	1-2 Hr.	157
	HTTP 10	< 1 Hr.	1201
	HTTP 09	< 1 Hr.	1225
	HTTP 07	< 1 Hr.	1300
	HTTP 06	< 1 Hr.	1310
	HTTP 08	< 1 Hr.	1245
	HTTP 03	< 1 Hr.	1482
	HTTP 04	< 1 Hr.	1431
	HTTP 05	< 1 Hr.	1405
	HTTP 02	< 1 Hr.	1538
	HTTP 01	< 1 Hr.	1647
	API 01	< 1 Hr.	1085
	JSON Web Token XIII	< 1 Hr.	66
	SAML: Comment Injection II	< 1 Hr.	253
	Recon 24	< 1 Hr.	1451
	Recon 25	1-2 Hr.	935
	Recon 26	< 1 Hr.	1478
	SSRF via FFMPEG	1-2 Hr.	128
	SAML: Signature Wrapping II	< 1 Hr.	186
	RCE via argument injection	2-4 Hr.	17
	Code Review 16	< 1 Hr.	56
	SAML: Signature Wrapping	< 1 Hr.	242
	Recon 20	< 1 Hr.	1651
	Recon 21	< 1 Hr.	1632
	Recon 22	< 1 Hr.	1526
	Recon 23	< 1 Hr.	1540
	SAML: SAMLResponse forwarding	< 1 Hr.	221
	CGI and Signature	< 1 Hr.	90
	Recon 17	< 1 Hr.	1788
	Recon 18	< 1 Hr.	1689
	Recon 19	< 1 Hr.	1545
	Code Review 15	< 1 Hr.	56
	Code Review 14	< 1 Hr.	62
	CVE-2020-14343: PyYAML unsafe loader	< 1 Hr.	150
	OAuth2: State Fixation	1-2 Hr.	201
	Code Review 13	2-4 Hr.	46
	CVE-2020-7115: Aruba Clearpass RCE	1-2 Hr.	98
	Code Review 12	< 1 Hr.	91
	OAuth2: Predictable State II	1-2 Hr.	136
	Recon 13	< 1 Hr.	2211
	Recon 14	< 1 Hr.	2013
	Recon 15	< 1 Hr.	1678
	Recon 16	< 1 Hr.	1852
	EDDSA vulnerability in Monocypher	1-2 Hr.	48
	Code Review 11	2-4 Hr.	26
	OAuth2: Predictable State	2-4 Hr.	149
	Code Review 10	< 1 Hr.	74
	Recon 11	< 1 Hr.	1925
	Recon 12	< 1 Hr.	2259
	Unicode and NFKC	< 1 Hr.	145
	SAML: Trusted Embedded Key	< 1 Hr.	220
	Recon 06	< 1 Hr.	3769
	Recon 07	< 1 Hr.	3305
	Recon 08	< 1 Hr.	2945
	CVE-2020-8163: Rails local name RCE	2-4 Hr.	123
	SAML: Known Key	1-2 Hr.	207
	Code Review 09	1-2 Hr.	63
	Recon 04	< 1 Hr.	4932
	Recon 05	< 1 Hr.	3743
	Recon 01	< 1 Hr.	6398
	OAuth2: Client Server XSS	1-2 Hr.	197
	Zip symlink	< 1 Hr.	354
	Code Review 08	1-2 Hr.	63
	SAML: Comment Injection	< 1 Hr.	973
	Unicode and Downcase	< 1 Hr.	371
	Code Review 07	1-2 Hr.	84
	Java Serialize 01	< 1 Hr.	212
	Unicode and Uppercase	< 1 Hr.	420
	Code Review 06	2-4 Hr.	36
	Cross-Site Leak	2-4 Hr.	394
	From SQL injection to Shell III: PostgreSQL Edition	2-4 Hr.	102
	OAuth2: Client CSRF II	2-4 Hr.	306
	XSS Include	< 1 Hr.	905
	OAuth2: Client CSRF	< 1 Hr.	650
	Code Review 05	2-4 Hr.	64
	Code Review 04	1-2 Hr.	164
	JS Prototype Pollution	< 1 Hr.	559
	OAuth2: Authorization Server CSRF	1-2 Hr.	763
	Code Review 03	2-4 Hr.	69
	SSRF in PDF generation	< 1 Hr.	579
	OAuth2: Github HTTP HEAD	1-2 Hr.	303
	SVG XSS	< 1 Hr.	1216
	Apache Pluto RCE	< 1 Hr.	343
	JSON Cross-Site Request Forgery	< 1 Hr.	1082
	Cross-Site Request Forgery	< 1 Hr.	1191
	Code Review 02	1-2 Hr.	190
	postMessage() IV	< 1 Hr.	669
	Spring Actuators	1-2 Hr.	179
	postMessage() III	1-2 Hr.	689
	postMessage() II	< 1 Hr.	757
	PHP phar://	< 1 Hr.	230
	Signing Oracle	< 1 Hr.	535
	Length Extension Attack	1-2 Hr.	474
	JSON Web Encryption	< 1 Hr.	340
	postMessage()	< 1 Hr.	858
	CVE-2019-5418	1-2 Hr.	325
	Cross-Site WebSocket Hijacking	< 1 Hr.	799
	JWT XII	1-2 Hr.	434
	Cross-Origin Resource Sharing II	< 1 Hr.	744
	JWT XI	1-2 Hr.	428
	cve-2019-5420 II	1-2 Hr.	368
	OAuth2: Client OpenRedirect	< 1 Hr.	596
	CVE-2019-5420	2-4 Hr.	585
	JWT X	< 1 Hr.	491
	GraphQL: SQL Injection	1-2 Hr.	872
	OAuth2: Authorization Server OpenRedirect	< 1 Hr.	683
	JWT IX	< 1 Hr.	572
	Gogs RCE II	< 1 Hr.	389
	JWT VIII	1-2 Hr.	617
	SAML: Signature Stripping	< 1 Hr.	1367
	GraphQL Introspection	< 1 Hr.	1567
	Gogs RCE	1-2 Hr.	443
	Android 07	1-2 Hr.	957
	Android 06	< 1 Hr.	1128
	Android 05	1-2 Hr.	1342
	Ruby 2.x Universal RCE Deserialization Gadget Chain	< 1 Hr.	973
	CVE-2018-10933: LibSSH auth bypass	--	0
	Android 04	< 1 Hr.	1713
	Android 03	< 1 Hr.	2313
	From SQL injection to Shell III	1-2 Hr.	742
	Android 02	< 1 Hr.	2530
	IDOR to Shell	1-2 Hr.	709
	Android 01	< 1 Hr.	2703
	Introduction to CSP	< 1 Hr.	1922
	CVE-2018-11235: Git Submodule RCE	2-4 Hr.	364
	Git Information Leak II	< 1 Hr.	1877
	Git Information Leak	< 1 Hr.	2476
	JWT VII	< 1 Hr.	2357
	CVE-2016-5386: HTTPoxy/Golang HTTProxy namespace conflict	< 1 Hr.	661
	Unix 31	< 1 Hr.	10637
	Unix 30	< 1 Hr.	10667
	Unix 25	< 1 Hr.	11158
	Unix 32	< 1 Hr.	10622
	Unix 34	< 1 Hr.	10571
	Unix 33	< 1 Hr.	10603
	Unix 27	< 1 Hr.	11023
	Unix 29	< 1 Hr.	10969
	Unix 28	< 1 Hr.	10983
	Unix 26	< 1 Hr.	11084
	CBC-MAC II	1-2 Hr.	1271
	JWT VI	< 1 Hr.	1831
	CVE-2018-6574: go get RCE	< 1 Hr.	649
	Unix 11	< 1 Hr.	14677
	Unix 12	< 1 Hr.	14290
	Unix 13	< 1 Hr.	13708
	Unix 14	< 1 Hr.	13403
	Unix 15	< 1 Hr.	12301
	Unix 16	< 1 Hr.	12052
	Unix 17	< 1 Hr.	12244
	Unix 18	< 1 Hr.	12187
	Unix 19	< 1 Hr.	12112
	Unix 20	< 1 Hr.	11371
	Unix 21	< 1 Hr.	11506
	Unix 22	< 1 Hr.	11395
	Unix 23	< 1 Hr.	11216
	Unix 24	< 1 Hr.	11160
	JWT V	< 1 Hr.	2184
	CVE-2018-0114	2-4 Hr.	1335
	JWT IV	< 1 Hr.	1936
	CBC-MAC	1-2 Hr.	1234
	JWT III	1-2 Hr.	2076
	Code Execution 09	< 1 Hr.	8123
	Server Side Template Injection 02	< 1 Hr.	6371
	MongoDB Injection 02	1-2 Hr.	6430
	Authorization 06	< 1 Hr.	10939
	Code Execution 08	< 1 Hr.	8239
	Authorization 04	< 1 Hr.	11815
	Authorization 05	< 1 Hr.	11388
	Command Execution 03	< 1 Hr.	8459
	Server Side Template Injection 01	< 1 Hr.	6375
	Code Execution 05	< 1 Hr.	9382
	Code Execution 06	< 1 Hr.	9193
	Code Execution 07	< 1 Hr.	8992
	Introduction to code review	--	0
	S2-052	< 1 Hr.	1908
	SQL Injection 06	< 1 Hr.	6912
	XML Attacks 01	< 1 Hr.	6713
	XML Attacks 02	< 1 Hr.	6400
	SQL Injection 04	< 1 Hr.	7302
	SQL Injection 05	< 1 Hr.	7247
	SQL Injection 01	< 1 Hr.	8057
	SQL Injection 02	< 1 Hr.	7817
	SQL Injection 03	< 1 Hr.	7637
	Code Execution 02	< 1 Hr.	10375
	Authorization 03	< 1 Hr.	12596
	Command Execution 01	< 1 Hr.	8802
	Command Execution 02	< 1 Hr.	8559
	Server Side Request Forgery 04	< 1 Hr.	7231
	Open Redirect 01	< 1 Hr.	7423
	Open Redirect 02	< 1 Hr.	7195
	MongoDB Injection 01	< 1 Hr.	7585
	SAML: Introduction	< 1 Hr.	1867
	Server Side Request Forgery 02	< 1 Hr.	7503
	Server Side Request Forgery 03	< 1 Hr.	7479
	Server Side Request Forgery 01	< 1 Hr.	7633
	XSS 09	< 1 Hr.	6753
	XSS 10	< 1 Hr.	6280
	Directory Traversal 01	< 1 Hr.	8888
	Directory Traversal 02	< 1 Hr.	8763
	Directory Traversal 03	< 1 Hr.	8681
	XSS 02	< 1 Hr.	7942
	XSS 03	< 1 Hr.	7676
	XSS 04	< 1 Hr.	7295
	XSS 05	< 1 Hr.	7099
	XSS 06	< 1 Hr.	7079
	XSS 07	< 1 Hr.	6960
	XSS 08	< 1 Hr.	6844
	File Upload 01	< 1 Hr.	6939
	File Upload 02	< 1 Hr.	6862
	XSS 01	< 1 Hr.	8220
	Authentication 05	< 1 Hr.	12865
	Code Execution 03	< 1 Hr.	9899
	Code Execution 04	< 1 Hr.	9726
	File Include 01	< 1 Hr.	8301
	File Include 02	< 1 Hr.	8128
	LDAP 01	< 1 Hr.	8058
	LDAP 02	< 1 Hr.	7736
	Authentication 04	< 1 Hr.	13493
	Authentication 01	< 1 Hr.	14625
	Authentication 02	< 1 Hr.	14133
	Authentication 03	< 1 Hr.	13732
	Authorization 01	< 1 Hr.	13030
	Authorization 02	< 1 Hr.	12786
	Code Execution 01	< 1 Hr.	10971
	CVE-2016-10033: PHPMailer RCE	< 1 Hr.	2906
	Cipher block chaining	1-2 Hr.	2209
	Struts s2-045	< 1 Hr.	2149
	CVE-2016-2098	< 1 Hr.	2787
	CVE-2014-4511: Gitlist RCE	--	0
	ECDSA	2-4 Hr.	297
	Werkzeug DEBUG	< 1 Hr.	1285
	Padding Oracle	1-2 Hr.	716
	Unickle	1-2 Hr.	575
	CVE-2015-3224	< 1 Hr.	1289
	Luhn	2-4 Hr.	519
	CVE-2013-0156: Rails Object Injection	< 1 Hr.	3216
	JSON Web Token II	1-2 Hr.	2765
	CVE-2016-0792	< 1 Hr.	3775
	ObjectInputStream	< 1 Hr.	3461
	XMLDecoder	< 1 Hr.	4218
	CVE-2014-1266	1-2 Hr.	990
	CVE-2011-0228	1-2 Hr.	1144
	Intercept 03	< 1 Hr.	1397
	Intercept 02	< 1 Hr.	1526
	Intercept 01	1-2 Hr.	1672
	Struts devMode	--	0
	JSON Web Token	< 1 Hr.	7860
	Cross-Origin Resource Sharing	--	0
	API to Shell	2-4 Hr.	2752
	Pickle Code Execution	< 1 Hr.	5141
	Play XML Entities	1-2 Hr.	1744
	CVE-2014-6271/Shellshock	< 1 Hr.	7165
	Play Session Injection	< 1 Hr.	2194
	CVE-2007-1860: mod_jk double-decoding	1-2 Hr.	4949
	XSS and MySQL FILE	--	0
	Electronic Code Book	1-2 Hr.	4714
	Web for Pentester II	--	0
	From SQL Injection to Shell II	--	0
	CVE-2012-6081: MoinMoin code execution	--	0
	Web for Pentester	--	0
	Axis2 Web service and Tomcat Manager	--	0
	CVE-2008-1930: Wordpress 2.5 Cookie Integrity Protection Vulnerability	--	0
	From SQL Injection to Shell: PostgreSQL edition	--	0
	Rack Cookies and Commands injection	--	0
	Linux Host Review	--	0
	CVE-2012-2661: ActiveRecord SQL injection	--	0
	CVE-2012-1823: PHP CGI	--	0
	PHP Include And Post Exploitation	--	0
	From SQL Injection to Shell	< 1 Hr.	6553
	Code Review 01	1-2 Hr.	305
	Introduction 01	< 1 Hr.	21456
	Recon 00	< 1 Hr.	6383
	Introduction 02	< 1 Hr.	21211
	Recon 02	< 1 Hr.	5317
	Introduction 03	< 1 Hr.	20784
	Recon 03	< 1 Hr.	4753
	Introduction 00	< 1 Hr.	22133
	Recon 10	< 1 Hr.	2092
	Recon 09	< 1 Hr.	3344
	Code Review 17	1-2 Hr.	24
	Unix 00	< 1 Hr.	18783
	Unix 01	< 1 Hr.	18361
	Unix 02	< 1 Hr.	18203
	Unix 03	< 1 Hr.	17987
	Unix 04	< 1 Hr.	17759
	Unix 05	< 1 Hr.	16927
	Unix 06	< 1 Hr.	16262
	Unix 07	< 1 Hr.	16016
	Unix 08	< 1 Hr.	15779
	Unix 09	< 1 Hr.	15311
	Unix 10	< 1 Hr.	14930
	PCAP 01	< 1 Hr.	5740
	PCAP 02	< 1 Hr.	5610
	PCAP 03	< 1 Hr.	5532
	PCAP 04	< 1 Hr.	5315
	PCAP 05	< 1 Hr.	5225
	PCAP 06	< 1 Hr.	5146
	PCAP 07	< 1 Hr.	5097
	PCAP 08	< 1 Hr.	5059
	PCAP 09	< 1 Hr.	5036
	PCAP 10	< 1 Hr.	4761
	PCAP 11	< 1 Hr.	4747
	PCAP 12	< 1 Hr.	4736
	PCAP 13	< 1 Hr.	4788
	Java Snippet #01	< 1 Hr.	264
	PCAP 14	< 1 Hr.	4775
	Java Snippet #02	< 1 Hr.	239
	PCAP 15	< 1 Hr.	4763
	Java Snippet #03	< 1 Hr.	217
	PCAP 16	< 1 Hr.	4741
	PCAP 17	< 1 Hr.	4689
	PCAP 18	< 1 Hr.	4683
	PCAP 19	< 1 Hr.	4662
	PCAP 20	< 1 Hr.	4579
	PCAP 21	< 1 Hr.	4534
	PCAP 22	< 1 Hr.	4515
	PCAP 23	< 1 Hr.	4509
	PCAP 24	< 1 Hr.	4499
	PCAP 25	< 1 Hr.	4502
	PCAP 26	< 1 Hr.	4500
	PCAP 27	< 1 Hr.	4450
	PCAP 28	< 1 Hr.	4435
	PCAP 29	< 1 Hr.	4426
	PCAP 30	< 1 Hr.	4401
	PCAP 31	< 1 Hr.	4387
	PCAP 32	< 1 Hr.	4328
	CVE-2021-4xx50	< 1 Hr.	164
	PCAP 33	< 1 Hr.	4255
	PCAP 34	< 1 Hr.	4301
	PCAP 35	< 1 Hr.	4360
	Android 08	1-2 Hr.	906
No search results found...