- Multiple choice-based source code review
| Machines | Difficulty | Write-up | Vulnerabilities |
|---|---|---|---|
| Luke | Medium | Read | |
| SwagShop | Easy | Read | |
| JSON | Medium | Read | |
| Zetta | Hard | Read | |
| Scavenger | Hard | Read | Whois SQLi, Rootkit, Exim SMTP 4.8.9 Exploit |
| Postman | Easy | Read | Redis Service Abuse, Webmin CVE 2019-12840 |
| Registry | Hard | Read | Docker Registry API, Restic backups |
| Mango | Medium | Read | NoSQL Injection, SUID Abuse (GTFobins) |
| Obscurity | Medium | Read | Python Web Server |
| Forest | Easy | Read | AS-REP Roasting, Exchange AD Exploitation |
| Blunder | Easy | Read | Bludit CMS Exploit, Sudo Bypass |
| Cache | Medium | Read | OpenEMR, SQLi, Memcached, Doker |
| Mischief | Insane | Read | SNMP, IPv6, ICMP Info Leak, Systemd-run |
| Tabby | Easy | Read | LFI, Tomcat, zip2john, LXD, Container |
| Valentine | Easy | Read | OpenSSL, Heartbleed, Tmux |
| Bounty | Easy | Read | Web.config RCE, Juicy Potato |
| Frolic | Easy | Read | Frackzip, playSMS RCE, ret2libc |
| Previse | Easy | Read | PHP EAR Vulnerability, Command Injection, Path Injection Prevesc |
| Love | Easy | Read | SSRF, Voting System 1.0 RCE (Authenticated Upload Arbitrary FIle), AlwaysInstallElevated Registry Key Privesc |
| Web Challenge | Difficulty | |
|---|---|---|
| Emdee Five for Life | Easy | Write-up |
Protostar Walkthrough (Exploit Exercise)
| Module | Link | Note |
|---|---|---|
| Stack0 | Stack BOF Intro | Basic buffer overflow abusing gets() function |
| Stack1 | Stack BOF Basic1 | Basic buffer overflow abusing strcpy() function |
| Stack2 | Stack BOF Basic2 | Basic buffer overflow abusing strcpy() function |
| Stack3 | Stack BOF Basic3 | Basic buffer overflow abusing gets() function |
| Stack4 | Stack BOF Basic4 | Basic buffer overflow abusing gets() function |
| Stack5 | Stack BOF Shellcode | Stack-based buffer overflow to get a root shell |
| Stack6 | Stack BOF ret2libc | Stack-based bufferoverflow + ret2libc |
| Stack7 | Stack BOF ret2.text | Stack-based bufferoverflow + ret2.text |
| Format0 | Format String Exploit Intro | Intro to Format String vulnerability |
| Format1 | Format String Basic1 | Basic Format String Exploit |
| Format2 | Format String Basic2 | Basic Format String Exploit (4-byte Write) |
| Format3 | Format String Basic3 | Basic Format String Exploit (4/2/1-byte Write) |
| Format4 | Format String Exploit: GOT | Format String Exploit overwriting the entry of GOT |
| Series | Link | Command | Vulnerability | Note |
|---|---|---|---|---|
| Part 1 | Read | N/A | N/A | Lab Setup |
| Part 2 | Read | TRUN | EIP Overwrite | |
| Part 3 | Read | GMON | SEH Overwrite + Short JMP + Egghunter | |
| Part 4 | Read | KSTET | EIP Overwrite + Short JMP + Egghunter | |
| Part 5 | Read | HTER | EIP Overwrite + Restricted Characters + Manual Offset Finding | |
| Part 6 | Read | GTER | EIP Overwrite + Socket Reuse Exploit | |
| Part 7 | Read | LTER | SEH Overwrite + Restricted Characters + Encoded Payloads |
- https://github.com/roya0045/Pentest-practice (List of practice sites)
- https://securityscorecard.com/blog/common-web-application-vulnerabilities-explained (41 Web vuln explained)