Introduction Welcome to the Android App Security Lab: SQL Injection Challenge! Dive into the world of cybersecurity with our hands-on lab. This challenge is centered around a fictitious “Food Stor...

Introduction Welcome to the Remote Code Execution (RCE) Challenge! This lab provides a real-world scenario where you’ll explore vulnerabilities in popular software. Your mission is to exploit a pa...

Introduction Welcome to the Cyclic Scanner Challenge! This lab is designed to mimic real-world scenarios where vulnerabilities within Android services lead to exploitable situations. Participants ...

Introduction Welcome to the Config Editor Challenge! In this lab, you’ll dive into a realistic situation involving vulnerabilities in a widely-used third-party library. Your objective is to exploi...

Description The web application development company SecureSolaCoders has created their own intranet page. The developers are still very young and inexperienced, but they ensured their boss (Magnus...

Scanning Port scanning ┌──(root㉿kali)-[/home/kali/Desktop/mailing] └─# nmap mailing.htb Starting Nmap 7.94 ( https://nmap.org ) at 2024-06-30 19:04 EDT Stats: 0:01:38 elapsed; 0 hosts ...

First, We need to edit the host’s file. echo "10.10.192.152 internal.thm" | sudo tea -a /etc/hosts Scanning Port scanning root@ip-10-10-228-42:~# nmap internal.thm Starting Nmap 7.60 ( h...

Table of Contents JWT authentication bypass via unverified signature JWT authentication bypass via flawed signature verification JWT authentication bypass via weak signing key JWT authent...

Table of Contents Excessive trust in client-side controls High-level logic vulnerability Inconsistent security controls Flawed enforcement of business rules Low-level logic flaw Incon...

Table of Contents Unprotected admin functionality Unprotected admin functionality with unpredictable URL User role controlled by request parameter User role can be modified in user profil...