whoamilab
_
Labs
Leaderboard
Discord
Sign in
// challenges
15 labs across 3 difficulty tiers. Each runs in its own isolated container.
01
Beginner
3 labs
First Steps
SSH
Connect via SSH and find hidden files
86 clears
★☆☆☆☆
Profile Hacker
WEB
Exploit insecure direct object references
63 clears
★☆☆☆☆
Cookie Monster
WEB
Manipulate browser cookies for privilege escalation
61 clears
★☆☆☆☆
02
Intermediate
8 labs
Command Injection
WEB+SSH
Chain OS commands through a web interface
31 clears
★★☆☆☆
Database Bypass
WEB+SSH
Bypass authentication with SQL injection
33 clears
★★☆☆☆
Malicious Upload
WEB+SSH
Upload a web shell past file filters
18 clears
★★☆☆☆
XML Attack
WEB
Read server files through XML entity injection
24 clears
★★☆☆☆
Path Traversal
WEB+SSH
Traverse directories to read sensitive files
19 clears
★★☆☆☆
Script Kiddie
WEB+SSH
Inject JavaScript to steal credentials
12 clears
★★☆☆☆
Vault Cracker
WEB+SSH
Decode layered encoding to crack a vault
13 clears
★★☆☆☆
API Hacker
WEB+SSH
Exploit broken API access controls
13 clears
★★☆☆☆
03
Advanced
4 labs
Template Injection
WEB+SSH
Execute code through template engines
17 clears
★★★☆☆
Token Forger
WEB+SSH
Forge authentication tokens
4 clears
★★★☆☆
Root Access
SSH
Escalate from user to root via SUID
9 clears
★★★☆☆
Internal Access
WEB+SSH
Access internal services through SSRF
6 clears
★★★☆☆
Labs run inside Discord via the whoamibot
Join the server, type /welcome, and start hacking in 60 seconds
Join Discord