PRO

ObjectInputStream

  • Difficulty:

This exercise covers the exploitation of a call to readObject in a Spring application

  PRO

XMLDecoder

  • Difficulty:

This exercise covers the exploitation of an application using XMLDecoder

  PRO

Man-in-the-Middle V

  • Difficulty:

This exercise covers how to intercept an HTTPs connection..

  PRO

Man-in-the-Middle IV

  • Difficulty:

This exercise covers how to intercept an HTTPs connection..

  PRO

Man-in-the-Middle III

  • Difficulty:

This exercise covers how to intercept an HTTPs connection with hostname verification.

  PRO

Man-in-the-Middle II

  • Difficulty:

This exercise covers how to intercept an HTTPs connection.

  PRO

Man-in-the-Middle

  • Difficulty:

This exercise covers how to intercept an HTTP connection.

  • Offline
  • Tomcat/Struts
  PRO

Struts devMode

  • Difficulty:

This exercise covers how to get code execution when a Struts application is running in devMode

  PRO

JSON Web Token

  • Difficulty:

This exercise covers the exploitation of a signature weakness in a JWT library.

  • Offline
  • PHP/Apache/Mysql
  PRO

Cross-Origin Resource Sharing

  • Difficulty:

This exercise covers Cross-Origin Resource Sharing and how it can be used to bypass CSRF protection if misconfigured.

  PRO

API to Shell

  • Difficulty:

This exercise covers the exploitation of PHP type confusion to bypass a signature and the exploitation of unserialize.

  PRO

Pickle Code Execution

  • Difficulty:

This exercise covers the exploitation of Python's pickle when used to deserialized untrusted data

  • Offline
  • ISO (294MB)
  • Java/Play

Play XML Entities

  • Difficulty:

This exercise covers the exploitation of a XML entities in the Play framework.

CVE-2014-6271/Shellshock

  • Difficulty:

This exercise covers the exploitation of a Bash vulnerability through a CGI.

Play Session Injection

  • Difficulty:

This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanism

CVE-2007-1860: mod_jk double-decoding

  • Difficulty:

This exercise covers the exploitation of CVE-2007-1860. This vulnerability allows an attacker to gain access to unaccessible pages using crafted requests. This is a common trick that a lot of testers miss.

  • Offline
  • ISO (178MB)
  • PHP/Apache/Mysql

XSS and MySQL FILE

  • Difficulty:

This exercise explains how you can use a Cross-Site Scripting vulnerability to get access to an administrator's cookies. Then how you can use his/her session to gain access to the administration to find a SQL injection and gain code execution using it.

Electronic Code Book

  • Difficulty:

This exercise explains how you can tamper with an encrypted cookies to access another user's account.

  • Offline
  • ISO (353MB)
  • Ruby/Rack

Web for Pentester II

  • Difficulty:

This exercise is a set of the most common web vulnerabilities.

  • Offline
  • ISO (170MB)
  • PHP/Apache/Mysql

From SQL Injection to Shell II

  • Difficulty:

This exercise explains how you can, from a blind SQL injection, gain access to the administration console. Then in the administration console, how you can run commands on the system.

  • Offline
  • ISO (162MB)
  • Python

CVE-2012-6081: MoinMoin code execution

  • Difficulty:

This exercise explains how you can exploit CVE-2012-6081 to gain code execution. This vulnerability was exploited to compromise Debian's wiki and Python documentation website

Web for Pentester

  • Difficulty:

This exercise is a set of the most common web vulnerabilities.

  • Offline
  • ISO (221MB)
  • Tomcat/Axis2

Axis2 Web service and Tomcat Manager

  • Difficulty:

This exercice explains the interactions between Tomcat and Apache, then it will show you how to call and attack an Axis2 Web service. Using information retrieved from this attack, you will be able to gain access to the Tomcat Manager and deploy a WebShell to gain commands execution.

  • Offline
  • ISO (170MB)
  • PHP/Apache/Mysql

CVE-2008-1930: Wordpress 2.5 Cookie Integrity Protection Vulnerability

  • Difficulty:

This exercise explains how you can exploit CVE-2008-1930 to gain access to the administration interface of a Wordpress installation.

  • Offline
  • ISO (162MB)
  • PHP/PostgreSQL

From SQL Injection to Shell: PostgreSQL edition

  • Difficulty:

This exercise explains how you can from a SQL injection gain access to the administration console. Then in the administration console, how you can run commands on the system.

  • Offline
  • ISO (318MB)
  • Ruby/Rack

Rack Cookies and Commands injection

  • Difficulty:

After a short brute force introduction, this exercice explains the tampering of rack cookie and how you can even manage to modify a signed cookie (if the secret is trivial). Using this issue, you will be able to escalate your privileges and gain commands execution.

  • Offline
  • ISO (184MB)
  • Linux

Linux Host Review

  • Difficulty:

This exercice explains how to perform a Linux host review, what and how you can check the configuration of a Linux server to ensure it is securely configured. The reviewed system is a traditional Linux-Apache-Mysql-PHP (LAMP) server used to host a blog.

  • Offline
  • ISO (332MB)
  • Rails

CVE-2012-2661: ActiveRecord SQL injection

  • Difficulty:

This exercise explains how you can exploit CVE-2012-2661 to retrieve information from a database

  • Offline
  • ISO (172MB (64b))
  • PHP/Apache

CVE-2012-1823: PHP CGI

  • Difficulty:

This exercise explains how you can exploit CVE-2012-1823 to retrieve the source code of an application and gain code execution.

  • Offline
  • ISO (171MB)
  • PHP/Apache/Mysql

PHP Include And Post Exploitation

  • Difficulty:

This exercice describes the exploitation of a local file include with limited access. Once code execution is gained, you will see some post exploitation tricks.

From SQL Injection to Shell

  • Difficulty:

This exercise explains how you can, from a SQL injection, gain access to the administration console. Then in the administration console, how you can run commands on the system.