Single
single series all timeline

This exercise covers the exploitation of the Struts S2-052 vulnerability
Pentester Lab: S2-052
15 Sep 2017
 by 
Pentester Lab
ellipsis

This course details the exploitation of a weakness in the authentication of a PHP website. The website uses Cipher Block Chaining (CBC) to encrypt information provided by users and use this information to ensure authentication. The application also leaks if the padding is valid when decrypting the information. We will see how this behaviour can impact the authentication and how it can be exploited.

Source: https://pentesterlab.com/exercises/padding_oracle/course

more...
Pentester Lab: Padding Oracle
9 Dec 2016
 by 
Pentester Lab
ellipsis

This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanism

more...
Pentester Lab: Play XML Entities
7 Apr 2015
 by 
Pentester Lab
ellipsis

Quickly created an exercise for cve-2014-6271:

Source: https://twitter.com/PentesterLab/status/515079459284594688

more...
Pentester Lab: CVE-2014-6271: ShellShock
25 Sep 2014
 by 
Pentester Lab
ellipsis

Difficulty

Beginner

Details

This exercise covers the exploitation of a session injection in the Play framework

What you will learn?

  • Session injection
  • Play framework
  • Play's cookies
more...
Pentester Lab: Play Session Injection
14 Jul 2014
 by 
Pentester Lab
ellipsis

Difficulty

Beginner

Details

This exercise covers the exploitation of CVE-2008-1760. This vulnerability allows an attacker to gain access to unaccessible pages using crafted requests. This is a common trick that a lot of testers miss.

What you will learn?

  • Tomcat
  • Java WebShell
  • Exploitation of CVE-2008-1760
more...
Pentester Lab: CVE-2007-1860: mod_jk double-decoding
17 Apr 2014
 by 
Pentester Lab
ellipsis

Difficulty

Beginner

Details

This exercise explains how you can use a Cross-Site Scripting vulnerability to get access to an administrator's cookies. Then how you can use his/her session to gain access to the administration to find a SQL injection and gain code execution using it.

What you will learn?

  • Cross-Site Scripting exploitation
  • MySQL injection with FILE privilege
more...
Pentester Lab: XSS and MySQL FILE
29 Jan 2014
 by 
Pentester Lab
ellipsis

Difficulty

Beginner

Details

This exercise explains how you can tamper with an encrypted cookies to access another user's account.

What you will learn?

  • Weakness in ECB encryption
  • Cookie tampering
more...
Pentester Lab: Electronic CodeBook (ECB)
18 Nov 2013
 by 
Pentester Lab
ellipsis

Difficulty

Beginner

Details

This exercise is a set of the most common web vulnerabilities:

What you will learn?

  • SQL injections
  • Authentication issues
  • Captcha issues
  • Authorization issues
  • Mass Assignment attacks
  • Randomness Issues
  • MongoDB injections
more...
Pentester Lab: Web For Pentester II
15 Jul 2013
 by 
Pentester Lab
ellipsis

Difficulty

Intermediate

Details

This exercise explains how you can, from a blind SQL injection, gain access to the administration console. Then in the administration console, how you can run commands on the system.

What you will learn?

Blind SQL injection exploitation using time-based exploitation Gaining code execution using a PHP webshell

more...
Pentester Lab: From SQL injection to Shell II
12 Jun 2013
 by 
Pentester Lab
ellipsis

Difficulty

Advanced

Details

This exercise explains how you can exploit CVE-2012-6081 to gain code execution. This vulnerability was exploited to compromise Debian's wiki and Python documentation website

What you will learn?

  • Exploiting CVE-2012-6081
  • Basics of the tar file format
  • Python code execution
more...
Pentester Lab: CVE-2012-6081: MoinMoin code exec
24 Apr 2013
 by 
Pentester Lab
ellipsis

Difficulty

Beginner

Details

This exercise is a set of the most common web vulnerabilities:

What you will learn?

  • Basics of Web
  • Basics of HTTP
  • Detection of common web vulnerabilities:
  • Cross-Site Scripting
  • SQL injections
  • Directory traversal
  • Command injection
  • Code injection
  • XML attacks
  • LDAP attacks
  • File upload
  • Basics of fingerprinting
more...
Pentester Lab: Web For Pentester
26 Mar 2013
 by 
Pentester Lab
ellipsis
This website uses 'cookies' to give you the best, most relevant experience. Using this website means you're happy with this. You can find out more about the cookies used by clicking this link (or by clicking the 'Privacy Policy' link at the top of any page).