Summary

There are many injection vulnerabilities, the most famous ones being SQL injection, cross-site scripting, and command injection. While these are certainly the most common in real-world web applications, other not-very-known injection vulnerabilities exist. Since these injection vulnerabilities are generally less common and less known, developers are more likely not to be aware of them and, therefore, be oblivious to the mitigations against them. If we can find a website that utilizes XPath, LDAP, or PDF generation libraries, testing it against these attacks might allow us to move forward in our engagements.

In more detail, this module covers the following:

XPath Injection:
- Introduction to XPath Syntax
- Exploitation of XPath injection to bypass authentication
- Exploitation of XPath injection to exfiltrate data
- Exploitation of blind and time-based XPath injections to exfiltrate data
LDAP Injection:
- Introduction to LDAP syntax
- Exploitation of LDAP injection to bypass authentication
- Exploitation of LDAP injection to exfiltrate data
HTML Injection in PDF Generation Libraries
- Introduction to HTML injection in PDF generation libraries
- Exploitation of PDF generation vulnerabilities leading to Server-Side Request Forgery (SSRF)
- Exploitation of PDF generation vulnerabilities leading to Local File Inclusion (LFI)

CREST CCT APP-related Sections:

All sections

CREST CCT INF-related Sections:

All sections

This module is broken into sections with accompanying hands-on exercises to practice each of the tactics and techniques we cover. The module ends with a practical hands-on skills assessment to gauge your understanding of the various topic areas.

You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading", but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.

As you work through the module, you will see example commands and command output for the various topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts presented in each section. You can do this in the PwnBox provided in the interactive sections or your virtual machine.

A firm grasp of the following modules can be considered a prerequisite for the successful completion of this module:

Introduction to Web Applications
Introduction to Python 3

Introduction to Injection Attacks

Injection vulnerabilities have constantly been one of the most relevant and prevalent security issues. As such, they have been in the OWASP Top Ten every time since its first release in 2003. While some injection vulnerabilities are reasonably well known, for instance, SQL Injection, Command Injection, or Cross-Site Scripting (XSS), there are significantly more injection vulnerabilities, most of which are less well known. The more famous types of injection vulnerabilities are certainly more common, however, on the other hand, most developers are aware of them, and common web application frameworks by default prevent them effectively. Since there is less awareness of the less common injection vulnerabilities, defense mechanisms are often implemented incorrectly or not at all, leading to simple attack vectors that can be exploited without any need for security control bypasses or advanced exploitation techniques.

Injection Attacks

XPath Injection

XML Path Language (XPath) is a query language for Extensible Markup Language (XML) data, similar to how SQL is a query language for databases. As such, XPath is used to query data from XML documents. Web applications that need to retrieve data stored in an XML format thus rely on XPath to retrieve the required data. XPath Injection vulnerabilities arise when user input is inserted into XPath queries without proper sanitization. Like SQLi vulnerabilities, XPath injection jeopardizes the entire data as successfully exploiting XPath injection allows an attacker to retrieve the entire XML document.

LDAP Injection

Lightweight Directory Access Protocol (LDAP) is a protocol used to access directory servers such as Active Directory (AD). Web applications often use LDAP queries to enable integration with AD services. For instance, LDAP can enable AD users to authenticate to the web application. LDAP injection vulnerabilities arise when user input is inserted into search filters without proper sanitization. This can lead to authentication bypasses if LDAP authentication is incorrectly implemented. Additionally, LDAP injection can lead to loss of data.

HTML Injection in PDF Generators

Portable Document Format (PDF) files are commonly used for the distribution of documents. As such, many web applications implement functionality to convert data to a PDF format with the help of PDF generation libraries. These libraries read HTML code as input and generate a PDF file from it. This allows the web application to apply custom styles and formats to the generated PDF file by applying stylesheets to the input HTML code. Often, user input is directly included in these generated PDF files. If the user input is not sanitized correctly, it is possible to inject HTML code into the input of PDF generation libraries, which can lead to multiple vulnerabilities, including Server-Side Request Forgery (SSRF) and Local File Inclusion (LFI).

Sign Up / Log In to Unlock the Module

Please Sign Up or Log In to unlock the module and access the rest of the sections.

Sections

Introduction to Injection Attacks PREVIEW
Introduction to XPath Injection
XPath - Authentication Bypass
XPath - Data Exfiltration
XPath - Advanced Data Exfiltration
XPath - Blind Exploitation
XPath Injection Prevention & Tools
Introduction to LDAP Injection
LDAP - Authentication Bypass
LDAP - Data Exfiltration & Blind Exploitation
LDAP Injection Prevention
Introduction to PDF Generation Vulnerabilities
Exploitation of PDF Generation Vulnerabilities
Prevention of PDF Generation Vulnerabilities
Skills Assessment

Relevant Paths

This module progresses you towards the following Paths

CREST CCT INF Preparation

This is a skill path to prepare you for CREST's CCT INF exam. The following CCT INF syllabus areas (IDs) are covered: A1, A2, A3, A4, A5, A8, A9, A10, B1, B2, B4, B5, C1, C2, C3, C4, C6, C7, D1, D2, D5, D9, D10, D13, D14, D15, D18, D19, E1, E2, E3 E6, E7, E8, E9, E11, E13, E14, E15, E16, E17, E18, E19, E20, E25, E26, F1, F2, F3, F4, F5, F6, F7, F8, F9, F10, F11, F12, F13, F15, F16, G1, G2, G3, G4, G5, G6, G7, G8, H1, H2, H3, H4, H5, H6, H7, H8, H9, H10, H11, H12, H13, H14, H15, H16, H17, H19, H20, H21, H23, H24, H25, H26, H27, H28, H29, H30, H31, H32, H33, H34, H35, H36, H37, H38, H40, I1, I2, I3, I4, I6, K1, K2, K3, K4, N1, N2. Take your time to complete all related sections and when you are ready you can book your CREST exam through the following link. https://www.crest-approved.org/certification-careers/crest-certifications/crest-certified-infrastructure-tester/

Hard

956 Sections

Required: 11510

Reward: +2430

58 Modules included

Introduction to Networking

Fundamental

21 Sections

Reward: +10

As an information security professional, a firm grasp of networking fundamentals and the required components is necessary. Without a strong foundation in networking, it will be tough to progress in any area of information security. Understanding how a network is structured and how the communication between the individual hosts and servers takes place using the various protocols allows us to understand the entire network structure and its network traffic in detail and how different communication standards are handled. This knowledge is essential to create our tools and to interact with the protocols.

Web Requests

Fundamental

8 Sections

Reward: +10

This module introduces the topic of HTTP web requests and how different web applications utilize them to communicate with their backends.

Introduction to Web Applications

Fundamental

17 Sections

Reward: +10

In the Introduction to Web Applications module, you will learn all of the basics of how web applications work and begin to look at them from an information security perspective.

Linux Fundamentals

Fundamental

30 Sections

Reward: +10

This module covers the fundamentals required to work comfortably with the Linux operating system and shell.

Windows Fundamentals

Fundamental

14 Sections

Reward: +10

This module covers the fundamentals required to work comfortably with the Windows operating system.

Introduction to Windows Command Line

Easy

23 Sections

Reward: +10

As administrators and Pentesters, we may not always be able to utilize a graphical user interface for the actions we need to perform. Introduction to Windows Command Line aims to introduce students to the wide range of uses for Command Prompt and PowerShell within a Windows environment. We will cover basic usage of both key executables for administration, useful PowerShell cmdlets and modules, and different ways to leverage these tools to our benefit.

Intro to Network Traffic Analysis

Medium

15 Sections

Reward: +10

Network traffic analysis is used by security teams to monitor network activity and look for anomalies that could indicate security and operational issues. Offensive security practitioners can use network traffic analysis to search for sensitive data such as credentials, hidden applications, reachable network segments, or other potentially sensitive information "on the wire." Network traffic analysis has many uses for attackers and defenders alike.

Brief Intro to Hardware Attacks

Mini-Module

Medium

8 Sections

Reward: +10

This mini-module concisely introduces hardware attacks, covering Bluetooth risks and attacks, Cryptanalysis Side-Channel Attacks, and vulnerabilities like Spectre and Meltdown. It delves into both historical and modern Bluetooth hacking techniques, explores the principles of cryptanalysis and different side-channel attacks, and outlines microprocessor design, optimisation strategies and vulnerabilities, such as Spectre and Meltdown.

Penetration Testing Process

Fundamental

15 Sections

Reward: +10

This module teaches the penetration testing process broken down into each stage and discussed in detail. We will cover many aspects of the role of a penetration tester during a penetration test, explained and illustrated with detailed examples. The module also covers pre-engagement steps like the criteria for establishing a contract with a client for a penetration testing engagement.

Network Enumeration with Nmap

Easy

12 Sections

Reward: +10

Nmap is one of the most used networking mapping and discovery tools because of its accurate results and efficiency. The tool is widely used by both offensive and defensive security practitioners. This module covers fundamentals that will be needed to use the Nmap tool for performing effective network enumeration.

Footprinting

Medium

21 Sections

Reward: +20

This module covers techniques for footprinting the most commonly used services in almost all enterprise and business IT infrastructures. Footprinting is an essential phase of any penetration test or security audit to identify and prevent information disclosure. Using this process, we examine the individual services and attempt to obtain as much information from them as possible.

Information Gathering - Web Edition

Easy

19 Sections

Reward: +20

This module equips learners with essential web reconnaissance skills, crucial for ethical hacking and penetration testing. It explores both active and passive techniques, including DNS enumeration, web crawling, analysis of web archives and HTTP headers, and fingerprinting web technologies.

OSINT: Corporate Recon

Hard

23 Sections

Reward: +200

OSINT (Open-source Intelligence) is a crucial stage of the penetration testing process. A thorough examination of publicly available information can increase the chances of finding a vulnerable system, gaining valid credentials through password spraying, or gaining a foothold via social engineering. There is a vast amount of publicly available information from which relevant information needs to be selected.

Vulnerability Assessment

Easy

17 Sections

Reward: +10

This module introduces the concept of Vulnerability Assessments. We will review the differences between vulnerability assessments and penetration tests, how to carry out a vulnerability assessment, how to interpret the assessment results, and how to deliver an effective vulnerability assessment report.

File Transfers

Medium

10 Sections

Reward: +10

During an assessment, it is very common for us to transfer files to and from a target system. This module covers file transfer techniques leveraging tools commonly available across all versions of Windows and Linux systems.

Shells & Payloads

Medium

17 Sections

Reward: +10

Gain the knowledge and skills to identify and use shells & payloads to establish a foothold on vulnerable Windows & Linux systems. This module utilizes a fictitious scenario where the learner will place themselves in the perspective of a sysadmin trying out for a position on CAT5 Security's network penetration testing team.

Using the Metasploit Framework

Easy

15 Sections

Reward: +10

The Metasploit Framework is an open-source set of tools used for network enumeration, attacks, testing security vulnerabilities, evading detection, performing privilege escalation attacks, and performing post-exploitation.

Password Attacks

Medium

22 Sections

Reward: +10

Passwords are still the primary method of authentication in corporate networks. If strong password policies are not in place, users will often opt for weak, easy-to-remember passwords that can often be cracked offline and used to further our access. We will encounter passwords in many forms during our assessments. We must understand the various ways they are stored, how they can be retrieved, methods to crack weak passwords, ways to use hashes that cannot be cracked, and hunting for weak/default password usage.

Attacking Common Services

Medium

19 Sections

Reward: +20

Organizations regularly use a standard set of services for different purposes. It is vital to conduct penetration testing activities on each service internally and externally to ensure that they are not introducing security threats. This module will cover how to enumerate each service and test it against known vulnerabilities and exploits with a standard set of tools.

Cracking Passwords with Hashcat

Medium

14 Sections

Reward: +20

This module covers the fundamentals of password cracking using the Hashcat tool.

Introduction to Active Directory

Fundamental

16 Sections

Reward: +10

Active Directory (AD) is present in the majority of corporate environments. Due to its many features and complexity, it presents a vast attack surface. To be successful as penetration testers and information security professionals, we must have a firm understanding of Active Directory fundamentals, AD structures, functionality, common AD flaws, misconfigurations, and defensive measures.

Active Directory LDAP

Medium

12 Sections

Reward: +100

This module provides an overview of Active Directory (AD), introduces core AD enumeration concepts, and covers enumeration with built-in tools.

Active Directory PowerView

Medium

9 Sections

Reward: +100

This module covers AD enumeration focusing on the PowerView and SharpView tools. We will cover various techniques for enumerating key AD objects that will inform our attacks in later modules.

Active Directory BloodHound

Medium

14 Sections

Reward: +100

This module covers AD enumeration focusing on the BloodHound tool. We will cover various techniques for enumerating key AD objects that will inform our attacks in later modules.

Pivoting, Tunneling, and Port Forwarding

Medium

18 Sections

Reward: +20

Once a foothold is gained during an assessment, it may be in scope to move laterally and vertically within a target network. Using one compromised machine to access another is called pivoting and allows us to access networks and resources that are not directly accessible to us through the compromised host. Port forwarding accepts the traffic on a given IP address and port and redirects it to a different IP address and port combination. Tunneling is a technique that allows us to encapsulate traffic within another protocol so that it looks like a benign traffic stream.

Active Directory Enumeration & Attacks

Medium

36 Sections

Reward: +20

Active Directory (AD) is the leading enterprise domain management suite, providing identity and access management, centralized domain administration, authentication, and much more. Due to the many features and complexity of AD, it presents a large attack surface that is difficult to secure properly. To be successful as infosec professionals, we must understand AD architectures and how to secure our enterprise environments. As Penetration testers, having a firm grasp of what tools, techniques, and procedures are available to us for enumerating and attacking AD environments and commonly seen AD misconfigurations is a must.

Kerberos Attacks

Hard

23 Sections

Reward: +100

Kerberos is an authentication protocol that allows users to authenticate and access services on a potentially insecure network. Due to its prevalence throughout an Active Directory environment, it presents us with a significant attack surface when assessing internal networks. This module will explain how Kerberos works thoroughly and examines several scenarios to practice the most common attacks against it from multiple perspectives.

DACL Attacks I

Mini-Module

Hard

7 Sections

Reward: +100

Discretionary Access Control Lists (DACLs), found within security descriptors, are a fundamental component of the security model of Windows and Active Directory, defining and enforcing access to the various system resources. This mini-module will cover enumerating and attacking common DACL misconfigurations, allowing us to escalate our privileges horizontally and vertically and move laterally across an Active Directory network.

Using CrackMapExec

Medium

27 Sections

Reward: +100

Active Directory presents a vast attack surface and often requires us to use many different tools during an assessment. The CrackMapExec tool, known as a "Swiss Army Knife" for testing networks, facilitates enumeration, attacks, and post-exploitation that can be leveraged against most any domain using multiple network protocols. It is a versatile and highly customizable tool that should be in any penetration tester's toolbox.

Linux Privilege Escalation

Easy

28 Sections

Reward: +20

Privilege escalation is a crucial phase during any security assessment. During this phase, we attempt to gain access to additional users, hosts, and resources to move closer to the assessment's overall goal. There are many ways to escalate privileges. This module aims to cover the most common methods emphasizing real-world misconfigurations and flaws that we may encounter in a client environment. The techniques covered in this module are not an exhaustive list of all possibilities and aim to avoid extreme "edge-case" tactics that may be seen in a Capture the Flag (CTF) exercise.

Windows Privilege Escalation

Medium

33 Sections

Reward: +20

After gaining a foothold, elevating our privileges will provide more options for persistence and may reveal information stored locally that can further our access in the environment. Enumeration is the key to privilege escalation. When you gain initial shell access to the host, it is important to gain situational awareness and uncover details relating to the OS version, patch level, any installed software, our current privileges, group memberships, and more. Windows presents an enormous attack surface and, being that most companies run Windows hosts in some way, we will more often than not find ourselves gaining access to Windows machines during our assessments. This covers common methods while emphasizing real-world misconfigurations and flaws that we may encounter during an assessment. There are many additional "edge-case" possibilities not covered in this module. We will cover both modern and legacy Windows Server and Desktop versions that may be present in a client environment.

Stack-Based Buffer Overflows on Linux x86

Medium

13 Sections

Reward: +10

Buffer overflows are common vulnerabilities in software applications that can be exploited to achieve remote code execution (RCE) or perform a Denial-of-Service (DoS) attack. These vulnerabilities are caused by insecure coding, resulting in an attacker being able to overrun a program's buffer and overwrite adjacent memory locations, changing the program's execution path and resulting in unintended actions.

Stack-Based Buffer Overflows on Windows x86

Medium

11 Sections

Reward: +10

This module is your first step into Windows Binary Exploitation, and it will teach you how to exploit local and remote buffer overflow vulnerabilities on Windows machines.

Using Web Proxies

Easy

15 Sections

Reward: +20

Web application penetration testing frameworks are an essential part of any web penetration test. This module will teach you two of the best frameworks: Burp Suite and OWASP ZAP.

Attacking Web Applications with Ffuf

Easy

13 Sections

Reward: +10

This module covers the fundamental enumeration skills of web fuzzing and directory brute forcing using the Ffuf tool. The techniques learned in this module will help us in locating hidden pages, directories, and parameters when targeting web applications.

Easy

13 Sections

Reward: +20 NEW

The module contains an exploration of brute-forcing techniques, including the use of tools like Hydra and Medusa, and the importance of strong password practices. It covers various attack scenarios, such as targeting SSH, FTP, and web login forms.

Cross-Site Scripting (XSS)

Easy

10 Sections

Reward: +20

Cross-Site Scripting (XSS) vulnerabilities are among the most common web application vulnerabilities. An XSS vulnerability may allow an attacker to execute arbitrary JavaScript code within the target's browser and result in complete web application compromise if chained together with other vulnerabilities. This module will teach you how to identify XSS vulnerabilities and exploit them.

Session Security

Medium

14 Sections

Reward: +20

Maintaining and keeping track of a user's session is an integral part of web applications. It is an area that requires extensive testing to ensure it is set up robustly and securely. This module covers the most common attacks and vulnerabilities that can affect web application sessions, such as Session Hijacking, Session Fixation, Cross-Site Request Forgery, Cross-Site Scripting, and Open Redirects.

SQL Injection Fundamentals

Medium

17 Sections

Reward: +10

Databases are an important part of web application infrastructure and SQL (Structured Query Language) to store, retrieve, and manipulate information stored in them. SQL injection is a code injection technique used to take advantage of coding vulnerabilities and inject SQL queries via an application to bypass authentication, retrieve data from the back-end database, or achieve code execution on the underlying server.

SQLMap Essentials

Easy

11 Sections

Reward: +20

The SQLMap Essentials module will teach you the basics of using SQLMap to discover various types of SQL Injection vulnerabilities, all the way to the advanced enumeration of databases to retrieve all data of interest.

Blind SQL Injection

Hard

16 Sections

Reward: +100

In this module, we cover blind SQL injection attacks and MSSQL-specific attacks.

Advanced SQL Injections

Hard

12 Sections

Reward: +100

This module covers advanced SQL injection techniques with a focus on white-box testing, Java/Spring and PostgreSQL.

Introduction to NoSQL Injection

Medium

12 Sections

Reward: +100

In this module, we will look at exploiting NoSQL injection vulnerabilities, specifically MongoDB, with examples in Python, PHP, and Node.JS.

File Inclusion

Medium

11 Sections

Reward: +10

File Inclusion is a common web application vulnerability, which can be easily overlooked as part of a web application's functionality.

File Upload Attacks

Medium

11 Sections

Reward: +20

Arbitrary file uploads are among the most critical web vulnerabilities. These flaws enable attackers to upload malicious files, execute arbitrary commands on the back-end server, and even take control over the entire server and all web applications hosted on it and potentially gain access to sensitive data or cause a service disruption.

Command Injections

Medium

12 Sections

Reward: +20

Command injection vulnerabilities can be leveraged to compromise a hosting server and its entire network. This module will teach you how to identify and exploit command injection vulnerabilities and how to use various filter bypassing techniques to avoid security mitigations.

Broken Authentication

Medium

14 Sections

Reward: +20

Authentication is probably the most straightforward and prevalent measure used to secure access to resources, and it's the first line of defense against unauthorized access. Broken authentication is listed as #7 on the 2021 OWASP Top 10 Web Application Security Risks, falling under the broader category of Identification and Authentication failures. A vulnerability or misconfiguration at the authentication stage can impact an application's overall security.

Web Attacks

Medium

18 Sections

Reward: +20

This module covers three common web vulnerabilities, HTTP Verb Tampering, IDOR, and XXE, each of which can have a significant impact on a company's systems. We will cover how to identify, exploit, and prevent each of them through various methods.

HTTPs/TLS Attacks

Medium

15 Sections

Reward: +100

This module covers details on Transport Layer Security (TLS) and how it helps to make HTTP secure with the widely used HTTPS. That includes how TLS works, how TLS sessions are established, common TLS misconfigurations, as well as famous attacks on TLS. We will discuss how to identify, exploit, and prevent TLS attacks.

HTTP Attacks

Hard

18 Sections

Reward: +100

This module covers three HTTP vulnerabilities: CRLF Injection, HTTP Request Smuggling, and HTTP/2 Downgrading. These vulnerabilities can arise on the HTTP level in real-world deployment settings utilizing intermediary systems such as reverse proxies in front of the web server. We will cover how to identify, exploit, and prevent each of these vulnerabilities.

Injection Attacks

Medium

15 Sections

Reward: +100

This module covers three injection attacks: XPath injection, LDAP injection, and HTML injection in PDF generation libraries. While XPath and LDAP injection vulnerabilities can lead to authentication bypasses and data exfiltration, HTML injection in PDF generation libraries can lead to Server-Side Request Forgery (SSRF), Local File Inclusion (LFI), and other common web vulnerabilities. We will cover how to identify, exploit, and prevent each of these injection attacks.

Abusing HTTP Misconfigurations

Hard

20 Sections

Reward: +100

This module covers three common HTTP vulnerabilities: Web Cache Poisoning, Host Header Vulnerabilities, and Session Puzzling or Session Variable Overloading. These vulnerabilities can arise on the HTTP level due to web server misconfigurations, other systems that have to be considered during real-world deployment such as web caches, or coding mistakes in the web application. We will cover how to identify, exploit, and prevent each of these vulnerabilities.

Attacking Common Applications

Medium

33 Sections

Reward: +20

Penetration Testers can come across various applications, such as Content Management Systems, custom web applications, internal portals used by developers and sysadmins, and more. It's common to find the same applications across many different environments. While an application may not be vulnerable in one environment, it may be misconfigured or unpatched in the next. It is important as an assessor to have a firm grasp of enumerating and attacking the common applications discussed in this module. This knowledge will help when encountering other types of applications during assessments.

Web Service & API Attacks

Medium

13 Sections

Reward: +20

Web services and APIs are frequently exposed to provide certain functionalities in a programmatic way between heterogeneous devices and software components. Both web services and APIs can assist in integrating different applications or facilitate separation within a given application. This module covers how to identify the functionality a web service or API offers and exploit any security-related inefficiencies.

Hacking WordPress

Easy

16 Sections

Reward: +20

WordPress is an open-source Content Management System (CMS) that can be used for multiple purposes.

Documentation & Reporting

Easy

8 Sections

Reward: +20

Proper documentation is paramount during any engagement. The end goal of a technical assessment is the report deliverable which will often be presented to a broad audience within the target organization. We must take detailed notes and be very organized in our documentation, which will help us in the event of an incident during the assessment. This will also help ensure that our reports contain enough detail to illustrate the impact of our findings properly.

Secure Coding 101: JavaScript

Hard

17 Sections

Reward: +200

Learn how to improve your JavaScript code's security through Code Review, Static/Dynamic Analysis, Vulnerability Identification, and Patching.

Whitebox Attacks

Hard

15 Sections

Reward: +100

This module explores several web vulnerabilities from a whitebox approach: Prototype Pollution, Timing Attacks & Race Conditions, and those arising from Type Juggling. We will discuss how to identify, exploit, and prevent each vulnerability.

Senior Web Penetration Tester

The Senior Web Penetration Tester Job Role Path is designed for individuals who aim to develop skills in identifying advanced and hard-to-find web vulnerabilities using both black box and white box techniques. This path encompasses advanced-level training in web security, web penetration testing, and secure coding concepts. It also provides a deep understanding of the application debugging, source code review, and custom exploit development aspects of web security. Equipped with the necessary theoretical background, multiple practical exercises, and a proven methodology for web vulnerability identification, students will eventually be capable of performing professional security assessments against modern and highly secure web applications, as well as effectively reporting vulnerabilities found in code or arising from logical errors.

Hard

245 Sections

Required: 7500

Reward: +1500

15 Modules included

Injection Attacks

Medium

15 Sections

Reward: +100

Introduction to NoSQL Injection

Medium

12 Sections

Reward: +100

In this module, we will look at exploiting NoSQL injection vulnerabilities, specifically MongoDB, with examples in Python, PHP, and Node.JS.

Attacking Authentication Mechanisms

Medium

20 Sections

Reward: +100

Authentication plays an essential role in almost every web application. If a vulnerability arises in the application's authentication mechanism, it could result in unauthorized access, data loss, or potentially even remote code execution, depending on the application's functionality. This module will provide an overview of various access control methods, such as JWT, OAuth, and SAML, and potential attacks against each.

Advanced XSS and CSRF Exploitation

Medium

17 Sections

Reward: +100

Modern web browsers and applications utilize a variety of security measures to protect against CSRF and XSS vulnerabilities, rendering their exploitation more difficult. This module focuses on exploiting advanced CSRF and XSS vulnerabilities, identifying and bypassing weak and wrongly implemented defensive mechanisms.

HTTPs/TLS Attacks

Medium

15 Sections

Reward: +100

Abusing HTTP Misconfigurations

Hard

20 Sections

Reward: +100

HTTP Attacks

Hard

18 Sections

Reward: +100

Blind SQL Injection

Hard

16 Sections

Reward: +100

In this module, we cover blind SQL injection attacks and MSSQL-specific attacks.

Intro to Whitebox Pentesting

Hard

18 Sections

Reward: +100

Whitebox penetration testing enables thorough testing to identify various hard-to-find vulnerabilities. This module covers the process of whitebox pentesting and follows that with a practical demo by exploiting an advanced code injection vulnerability.

Modern Web Exploitation Techniques

Hard

18 Sections

Reward: +100

This module covers advanced web concepts and exploitation techniques, including performing DNS Rebinding to bypass faulty SSRF filters and the Same-Origin Policy, identifying and exploiting Second-Order vulnerabilities, and conducting common web attacks via WebSocket connections.

Introduction to Deserialization Attacks

Hard

15 Sections

Reward: +100

In this module, we will explore deserialization attacks with specific examples in Python and PHP.

Whitebox Attacks

Hard

15 Sections

Reward: +100

Advanced SQL Injections

Hard

12 Sections

Reward: +100

This module covers advanced SQL injection techniques with a focus on white-box testing, Java/Spring and PostgreSQL.

Advanced Deserialization Attacks

Hard

13 Sections

Reward: +100

This module focuses on developing custom exploits for .NET deserialization vulnerabilities from a whitebox perspective.

Parameter Logic Bugs

Hard

21 Sections

Reward: +100

This 'secure coding' module teaches how to identify logic bugs through code review and analysis, and covers three types of logic bugs caused by user input manipulation.