Potato is another vm designed to train to OSWE exam! VM name : Potato Type: Boot to Root DHCP : Enabled Difficulty : Easy to medium Goal: 2 flags (user.txt and root.txt) This VM has been tested w...
Secure Code is a OSWE-like machine from VulnHub. I will try to explore this box in order to prepare myself to the OSWE exam. I enjoyed this box a lot because it really trained me for OSWE, we got ...
This is an intentionally vulnerable web application. There are 3 steps to complete the challenge, and multiple ways to complete each step. You must gain access to either user1, or user2's account ...
Oder is a small app written in Python (Flask) and PostgreSQL to practice blind SQLi in the ORDER BY clause. Comes with a dockerfile, so it is easy to set up locally to practice yourself. Github O...
Testr is an invite-only web-based IDE for Python, created with the purpose of practicing web-app vulnerabilities. Specifically XSS and Code injecetion / Filter bypassing. There is a cronjob which ...
A small web app writen in Node.JS to practice NoSQLi and deserialization exploits. I got it from bmdyy. It’s a preparation for OSWE exam. We’ll cover here the code analysis and exploitation of thi...
BankRobber is a very interesting and useful box when you are trying to get some XSS and SQLInjection to train on. Not so hard the first shell, I think the most difficult part of it is the privilege...
Patents was a good box. Not the best I did, but a good practice. It has a web page where you can upload a docx file. It’s being parsed, so you can get XEE with it and read files in the server. Afte...
Unattended box was a MEDIUM box from HackTheBox, but in my opinion it would be harder or even insane. We got some good points to play with on the web page, the first shell we got with a blind SQLI ...
Magic was a good box. It’s Linux and Medium, from HackTheBox. We got two normal paths in HackTheBox. One SQLInjection to bypass the login and a file upload to get RCE. The first shell is as www-da...