First Steps

SSH Connect via SSH and find hidden files

259 clears

★☆☆☆☆

Profile Hacker

WEB Exploit insecure direct object references

202 clears

★☆☆☆☆

Cookie Monster

WEB Manipulate browser cookies for privilege escalation

183 clears

★☆☆☆☆

Command Injection

WEB+SSH Chain OS commands through a web interface

109 clears

★★☆☆☆

Database Bypass

WEB+SSH Bypass authentication with SQL injection

95 clears

★★☆☆☆

Malicious Upload

WEB+SSH Upload a web shell past file filters

62 clears

★★☆☆☆

XML Attack

WEB Read server files through XML entity injection

52 clears

★★☆☆☆

Path Traversal

WEB+SSH Traverse directories to read sensitive files

50 clears

★★☆☆☆

Script Kiddie

WEB+SSH Inject JavaScript to steal credentials

38 clears

★★☆☆☆

Vault Cracker

WEB+SSH Decode layered encoding to crack a vault

40 clears

★★☆☆☆

API Hacker

WEB+SSH Exploit broken API access controls

41 clears

★★☆☆☆

Source Code

WEB+SSH Find secrets in exposed version control history

23 clears

★★☆☆☆

Param Tampering

WEB+SSH Exploit hidden form fields to escalate privileges

28 clears

★★☆☆☆

Template Injection

WEB+SSH Execute code through template engines

37 clears

★★★☆☆

Token Forger

WEB+SSH Forge authentication tokens

22 clears

★★★☆☆

Root Access

SSH Escalate from user to root via SUID

31 clears

★★★☆☆

Internal Access

WEB+SSH Access internal services through SSRF

21 clears

★★★☆☆

Hash Cracker

WEB+SSH Crack weak password hashes from an exposed database

18 clears

★★★☆☆

Blind Injection

WEB+SSH Extract data through boolean-based blind SQL injection

12 clears

★★★☆☆

Race the Clock

WEB Exploit a race condition to bypass purchase limits

11 clears

★★★☆☆

Object Injection

WEB+SSH Exploit PHP deserialization for remote code execution

15 clears

★★★★☆

Sign of Weakness

WEB Forge signed URLs by extending an MD5-based MAC

8 clears

★★★★☆