captainB
Grandmaster
Classement
#5
Meilleur: #2
Points Totaux
1437
Total Gagné
Labs Terminés
111
113 User • 18 Root
Modules
42
Validés
Premiers Sangs
0
Premier à Terminer
Meilleure Série
9
Jours
Compétences Acquises
Compétences techniques pratiquées à travers les labs terminés
Directory FuzzingX-Forwarded-For SpoofingBruteforceffufCommand InjectionNewline InjectionWeb SecurityLinux EnumerationSUID ExploitationBuffer OverflowARM64 ROPStatic Binary AnalysisBinary ExploitationpwntoolsropperGDBWeb EnumerationAuthenticationRCEPrivilege EscalationLinuxHTMLBrowser DevToolsClient-Side SecuritySource Code AnalysisLearning PathPassword CrackingLinux SecurityJohn the RipperhashcatCryptographyWindows SecurityNTLMHashcatHash AnalysisSSHCVE ExploitationGitVersion ControlReconnaissancePHPType JugglingAuthentication BypassHash CrackingPassword AnalysisSecurity ToolsSQL InjectionDatabase SecurityInput ValidationPenetration TestingJavaScriptDeobfuscationCode AnalysisHTTP ProtocolRequest SmugglingNetwork ForensicsTraffic AnalysisPacket AnalysisEmail ForensicsHeader AnalysisPhishing DetectionBase64 DecodingOSINTDigital InvestigationSSRFURL ManipulationInternal Network AccessProtocol BypassWeb Application SecuritySSTIFlask SecuritySSH Brute ForceDatabase EnumerationSteganographyClassical CiphersImage AnalysisPolyalphabetic CiphersDirectory TraversalPath InjectionFile System SecurityPath ManipulationFile AccessWebDAV ExploitationFile UploadRemote File AccessHTTP MethodsWeb Server SecurityFile System EnumerationYAML DeserializationPyYAML ExploitationConfiguration InjectionPython SecurityUnsafe DeserializationRemote Code ExecutionFile Processing SecurityRace ConditionsTiming AttacksConcurrent ExploitationPrototype PollutionNode.js SecurityAPI SecurityJavaScript ExploitationObject ManipulationInput Validation BypassModern Web VulnerabilitiesIDORParameter ManipulationAuthorization BypassHTTP HeadersSecurity BypassClient-Side ManipulationDirectory EnumerationWeb ReconnaissanceAdministrative Panel DiscoverySecurity AssessmentLocal File InclusionFilter BypassApache AuthenticationNetwork AnalysisPacket CaptureWiresharkProtocol AnalysisShell CommandsSystem AdministrationHTTP Parameter ManipulationUser-Agent Log PoisoningApache SecurityLog AnalysisBypass TechniquesWeb ShellsSocial EngineeringPost ExploitationJWTToken AuthenticationLogic FlawFlaskDebug ModePythonMemory AnalysisCryptanalysisClassical CryptoPattern RecognitionData EncodingJenkinsCI/CDDevOpsPentestAutomationMemory ForensicsBinary AnalysisDigital ForensicsIncident ResponseTool UsageData RecoveryROT13 EncodingNetwork ReconnaissanceService DiscoveryDatabase ForensicsCLI UsageBase64Hex EncodingRedisQR Code AnalysisData ExtractionWeb InspectionHTML AnalysisHex EditorsData StructuresReverse EngineeringFile AnalysisMD5Rainbow TablesWeb DevelopmentWebCTF BasicsHexadecimalDOM ManipulationCookie ManipulationGraphQLSchema IntrospectionInjectionDNS AnalysisData ExfiltrationFrequency AnalysisDocker Registry APIContainer SecurityAPI ManipulationRegistry ExploitationJWT ManipulationSSH ExploitationLog InjectionSUID BinariesNoSQL InjectionMongoDBDocument DatabasesCRLF InjectionRedis Command InjectionCache PoisoningProtocol ManipulationLDAP InjectionDirectory ServicesEnterprise SecurityServer-Side Template InjectionJinja2 ExploitationFilter EvasionWiFi SecurityWPA CrackingDictionary AttacksWireless Penetration TestingNetwork SecurityIP SpoofingAccess Control BypassInformation GatheringWireless SecurityWEP CrackingRC4 AnalysisCryptographic AttacksLegacy Protocol ExploitationWindows RegistryPersistence AnalysisMalware AnalysisHistorical CryptanalysisMD5 CrackingPassword AttacksGit ForensicsVersion Control SecurityRepository AnalysisSecret RecoveryPython PickleEnterprise DeserializationCorporate Backup SystemsDisaster Recovery ExploitationConfiguration Import AttacksKeePass 4.x SecurityDirect Brute ForcePassword Manager AssessmentModern CryptographySecurity Tool LimitationsZIP Password CrackingfcrackzipBrute ForceArchive SecurityJinja2Web Application TestingCode InjectionPath TraversalCGIPDF SecurityDocument SecurityBrute Force AttacksVisibility ControlsSecurity TestingOperator ExploitationServer-Side Request ForgeryAWS MetadataCloud SecurityIAM CredentialsAWS EC2CSRFCross-Site Request ForgerySession SecurityForm SecurityHTTP SecurityState ManagementLinux Privilege EscalationFile PermissionsXSSCross-Site ScriptingStored XSSSession HijackingClaims ManipulationTime-Based AttacksSignature CrackingBlind SQLiTime-based SQLiBoolean-based SQLiVulnerability AssessmentXXEXML SecurityFile DisclosureExternal EntityAlgorithm ConfusionRS256HS256Token ForgeryWeb ExploitationFile DiscoveryCommand Line ToolsForensicsAttack DetectionTransposition CipherRail FenceAudio AnalysisLSBPDF ForensicsMetadataHidden DataForensic ToolsBlockchain AnalysisBitcoinOP_RETURNHex DecodingForensic AnalysisLFIFile InclusionDNSMYSQLISession ManagementLinux CapabilitiesReverse ShellSystem EnumerationIDOR ExploitationZip Slip VulnerabilityInternal Service DiscoveryBackup Service ExploitationSudo Vim ExploitationWPAdvanced ReconnaissanceAndroid Reverse EngineeringSCADA ExploitationSudoFile Upload BypassPHP SecurityWeb Shell ExploitationWeb HackingLogic FlawsToken ManipulationBase64 EncodingGITIP SPOOFINGApache TomcatWAR DeploymentDefault CredentialsWEBFTP ExploitationBackdoor DetectionNetwork ServicesRemote ShellSystem ExploitationFTPTELNETNetworkingCommand LineWeb Services
Modules Terminés
Modules éducatifs validés avec succès
Nmap Mastery: Dominate Network Scanning
4 modulesInstalling Nmap
Advanced Techniques
Introduction to Nmap
Essential Nmap Scanning
HTTP Header Manipulation: IP Spoofing
3 modulesRemediate
Techniques for IP Spoofing in HTTP Headers
Manipulating Headers
Cassage de Mots de Passe
10 modulesRainbow tables
Cassage sans fil
Cassage de PDF
Cassage de hashes Linux
Cassage de Documents Office
Cassage de ZIP
Attaques par force brute
Fondamentaux des mots de passe
Attaques par dictionnaire
Cassage de hashes Windows
Pentest Réseau
1 modulesFondamentaux réseau
HDNA Ethical Hacking Course
5 modules1. Legal & Compliance
2. Network Protocols and Security
4. Network Scanning
3. Reconnaissance
Course Summary
Attaques Web
12 modulesAttaques CSRF
Injection XXE
SSRF
Inclusion de Fichiers
Intro Sécurité Web
SSTI
Désérialisation
Attaques File Upload
Attaques XSS
Bypass Auth
Injection SQL
Injection de Commandes
Attaques JWT
4 modulesBases du JWT
Falsification JWT
Craquage JWT
Confusion d'Algorithme
Remote Code Execution (RCE)
3 modulesShellshock (CVE-2014-6271)
RCE: Introduction
RCE in PHP
Labs & Défis Terminés
Défis pratiques de cybersécurité terminés avec succès
Hack the Box
Difficile
Directory FuzzingX-Forwarded-For SpoofingBruteforceffufCommand InjectionNewline InjectionWeb SecurityLinux EnumerationSUID ExploitationBuffer OverflowARM64 ROPStatic Binary AnalysisBinary ExploitationpwntoolsropperGDB
Hidden CMS Breach
Moyen
Web EnumerationWeb SecurityAuthenticationRCEPrivilege EscalationLinux
Secrets in Source 2
Très Facile
Web SecurityHTMLBrowser DevToolsClient-Side SecuritySource Code AnalysisLearning Path
Shadow Cracker
Défi
Password CrackingLinux SecurityJohn the RipperhashcatCryptography
Windows Password Cracker
Défi
Password CrackingWindows SecurityNTLMHashcatJohn the RipperHash Analysis
TechNova Infiltration
Moyen
Web EnumerationSSHPassword CrackingPrivilege EscalationLinux SecurityCVE Exploitation
Git Exposed
Défi
GitVersion ControlSource Code AnalysisReconnaissanceWeb Security
Type Juggling Bypass
Défi
Web SecurityPHPType JugglingAuthentication BypassHash Analysis
Crack SHA1 Hash
Défi
CryptographyHash CrackingPassword AnalysisSecurity Tools
SQL Injection Test
Défi
SQL InjectionWeb SecurityDatabase SecurityAuthentication BypassInput ValidationPenetration Testing
Hack This Site
Défi
JavaScriptDeobfuscationClient-Side SecurityBrowser DevToolsCode AnalysisAuthentication Bypass
HTTP Smuggling
Défi
HTTP ProtocolRequest SmugglingNetwork ForensicsTraffic AnalysisWeb SecurityPacket Analysis
Email Header Forensics
Défi
Email ForensicsHeader AnalysisPhishing DetectionBase64 DecodingOSINTDigital Investigation
SSRF Validator
Défi
SSRFWeb SecurityURL ManipulationInternal Network AccessProtocol Bypass
FortiPy
Difficile
Web Application SecuritySSTIFlask SecuritySSH Brute ForceDatabase EnumerationHash CrackingPrivilege Escalation
Vigenere Stego Hunt
Défi
CryptographySteganographyClassical CiphersImage AnalysisPolyalphabetic Ciphers
Simple Directory Traversal
Défi
Directory TraversalPath InjectionFile System SecurityWeb SecurityInput ValidationPath ManipulationFile Access
WebDAV Explorer
Défi
WebDAV ExploitationFile UploadDirectory TraversalRemote File AccessHTTP MethodsWeb Server SecurityFile System Enumeration
YAML Bomb
Défi
YAML DeserializationPyYAML ExploitationConfiguration InjectionPython SecurityUnsafe DeserializationRemote Code ExecutionFile Processing Security
Race Condition Hunter
Défi
Race ConditionsTiming AttacksConcurrent ExploitationWeb Application Security
Prototype Pollution Hunter
Défi
Prototype PollutionNode.js SecurityAPI SecurityJavaScript ExploitationObject ManipulationInput Validation BypassModern Web Vulnerabilities
IDOR Explorer
Défi
IDORParameter ManipulationWeb Application SecurityAuthorization Bypass
Header Hijacker
Défi
HTTP HeadersSecurity BypassWeb Application SecurityClient-Side Manipulation
Corporate Directory Hunt
Défi
Directory EnumerationWeb ReconnaissanceAdministrative Panel DiscoverySecurity Assessment
File Include Bypass
Défi
Local File InclusionFilter BypassApache AuthenticationPassword Cracking
Packet Pursuit
Défi
Network AnalysisPacket CaptureWiresharkProtocol Analysis
Shell Command Scanner
Défi
Command InjectionWeb SecurityShell CommandsSystem AdministrationHTTP Parameter ManipulationSecurity Assessment
LFI Log Poison
Défi
Local File InclusionUser-Agent Log PoisoningRemote Code ExecutionDirectory TraversalWeb SecurityApache SecuritySystem AdministrationLog Analysis
File Upload Bypass
Défi
File UploadWeb SecurityBypass TechniquesPHPWeb ShellsInput ValidationSocial EngineeringPost Exploitation
JWT Bypass
Défi
JWTWeb SecurityToken AuthenticationCryptography
API Logic Flaw
Défi
API SecurityLogic FlawAuthentication BypassParameter ManipulationPHPWeb Security
Flask Error
Défi
FlaskDebug ModePythonWeb SecurityMemory Analysis
Crypto Cipher
Défi
CryptanalysisClassical CryptoPattern RecognitionData Encoding
Snapchat Exposed
Défi
JenkinsCI/CDDevOpsWeb SecurityPentestAutomation
Memory Forensics
Défi
Memory ForensicsBinary AnalysisDigital ForensicsPattern RecognitionIncident ResponseTool UsageData RecoveryROT13 Encoding
Red is Dead
Défi
Network ReconnaissanceService DiscoveryDatabase ForensicsData EncodingCLI UsageData RecoveryIncident ResponseBase64Hex EncodingRedis
QR Code Quest
Défi
QR Code AnalysisImage AnalysisData ExtractionSteganographyDigital Forensics
Base64 Detective
Défi
Base64Web InspectionBrowser DevToolsData EncodingHTML Analysis
Binary Secrets
Défi
Binary AnalysisHex EditorsData StructuresReverse EngineeringFile Analysis
Get the Password
Défi
JavaScriptMD5Rainbow TablesWeb DevelopmentBrowser DevTools
Stego Hunt
Défi
SteganographyImage AnalysisWebCTF Basics
Hex Hunt
Défi
JavaScriptWeb DevelopmentHexadecimalBrowser DevTools
Button Activator
Défi
JavaScriptBrowser DevToolsDOM ManipulationClient-Side Security
Cookie Forge
Défi
JWTCookie ManipulationAuthentication BypassPrivilege Escalation
GraphQL Gateway
Défi
GraphQLAPI SecuritySchema IntrospectionAuthorization BypassInjection
DNS Tunneling Detective
Défi
Network ForensicsDNS AnalysisData ExfiltrationTraffic Analysis
Caesar Shift Decoder
Défi
CryptographyClassical CiphersFrequency AnalysisPattern Recognition
Registry Hijacker
Défi
Docker Registry APIAuthentication BypassContainer SecurityAPI ManipulationRegistry Exploitation
Infiltrator
Facile
JWT ManipulationSSH ExploitationLog InjectionPrivilege EscalationWeb SecurityLinux Security
SUID Privilege Hunter
Défi
SUID BinariesPrivilege EscalationCommand InjectionLinux SecurityBinary Exploitation
MongoDB Injector
Défi
NoSQL InjectionMongoDBAuthentication BypassDocument DatabasesWeb Security
Redis Cache Poisoner
Défi
CRLF InjectionRedis Command InjectionCache PoisoningProtocol ManipulationWeb Security
LDAP Injector
Défi
LDAP InjectionAuthentication BypassDirectory ServicesEnterprise SecurityWeb Security
Template Injector
Défi
Server-Side Template InjectionFlask SecurityJinja2 ExploitationRemote Code ExecutionWeb Security
RCE Playground
Moyen
Command InjectionInput Validation BypassRemote Code ExecutionFilter EvasionWeb Security
WiFi Password Cracker
Défi
WiFi SecurityWPA CrackingDictionary AttacksWireless Penetration TestingNetwork SecurityPacket Analysis
IP Spoofing Admin
Défi
Web SecurityHTTP HeadersIP SpoofingAccess Control BypassInformation Gathering
WEP Cracker
Défi
Wireless SecurityWEP CrackingRC4 AnalysisPacket AnalysisCryptographic AttacksLegacy Protocol Exploitation
Registry Hunter
Défi
Digital ForensicsWindows RegistryPersistence AnalysisBase64 DecodingIncident ResponseMalware Analysis
Book Cipher Challenge
Défi
CryptographyClassical CiphersPattern RecognitionHistorical Cryptanalysis
Admin Portal Breach
Défi
Client-Side SecurityMD5 CrackingSource Code AnalysisWeb Application SecurityPassword AttacksAuthentication Bypass
Git Secrets Hunter
Défi
Git ForensicsVersion Control SecurityRepository AnalysisPenetration TestingSecret RecoveryOSINT
Corporate Backup Deserializer
Défi
Python PickleEnterprise DeserializationCorporate Backup SystemsDisaster Recovery ExploitationConfiguration Import AttacksEnterprise Security
KeePass Breaker
Défi
KeePass 4.x SecurityDirect Brute ForcePassword Manager AssessmentModern CryptographySecurity Tool Limitations
ZIP Cracker
Défi
ZIP Password CrackingJohn the RipperfcrackzipDictionary AttacksBrute ForceArchive Security
Template Injection
Défi
Server-Side Template InjectionJinja2Flask SecurityWeb Application TestingCode InjectionPrivilege Escalation
Path Traversal
Défi
Path TraversalCGIWeb SecurityFile AccessDirectory TraversalInput Validation
PDF Password Cracker
Défi
PDF SecurityPassword CrackingDictionary AttacksDigital ForensicsDocument SecurityBrute Force Attacks
NoSQL Injection
Défi
NoSQL InjectionMongoDBVisibility ControlsAccess Control BypassSecurity TestingOperator Exploitation
URL Scanner
Défi
SSRFServer-Side Request ForgeryAWS MetadataCloud SecurityIAM CredentialsNetwork SecurityWeb SecurityAWS EC2
CSRF Bank Transfer
Défi
CSRFCross-Site Request ForgerySession SecurityWeb SecuritySocial EngineeringForm SecurityHTTP SecurityState Management
Alpwned
Moyen
SQL InjectionAuthentication BypassSSHLinux Privilege EscalationFile PermissionsWeb Application Security
XSS Playground
Défi
XSSCross-Site ScriptingStored XSSSession HijackingJavaScriptWeb SecurityClient-Side SecurityDOM Manipulation
JWT Claims Manipulation
Défi
JWTClaims ManipulationPrivilege EscalationAuthentication BypassTime-Based AttacksSignature Cracking
SQL Injection
Défi
SQL InjectionDatabase SecurityWeb SecurityBlind SQLiTime-based SQLiBoolean-based SQLiDatabase EnumerationVulnerability Assessment
XXE Exposed
Défi
XXEXML SecurityFile DisclosureExternal EntityWeb SecurityVulnerability Assessment
JWT Algo Confusion
Défi
JWTAlgorithm ConfusionRS256HS256Token ForgeryWeb Security
Auth Bypass
Défi
SQL InjectionAuthentication BypassWeb SecurityDatabase Security
Ping Pwn
Défi
Command InjectionWeb ExploitationService DiscoveryNetwork Security
Log Hunter
Défi
Log AnalysisWeb SecurityIncident ResponsePattern RecognitionFile DiscoveryCommand Line ToolsForensicsHTTP ProtocolAttack DetectionSecurity Assessment
Rail Fence
Défi
CryptographyTransposition CipherRail FencePattern RecognitionPython
Sonic Cipher
Défi
SteganographyAudio AnalysisLSBForensicsPython
Pixel Puzzler
Défi
SteganographyImage AnalysisLSBForensicsPython
PDF Trap
Défi
PDF ForensicsFile AnalysisMetadataHidden DataForensic Tools
Blockchain Secrets
Défi
Blockchain AnalysisBitcoinOP_RETURNHex DecodingData ExtractionForensic Analysis
Corporate Breach 2
Défi
Web SecurityPHPLFIPath ManipulationFile Inclusion
Corporate Breach
Défi
Web SecurityPHPLFIPassword CrackingAuthentication BypassDirectory Traversal
DNS Exfil
Défi
Network AnalysisDNSPacket AnalysisData ExfiltrationBase64 Decoding
Query Quake
Moyen
MYSQLIRCE
Session Switch
Défi
Web SecuritySession ManagementAuthenticationPrivilege EscalationPHP
Internal
Difficile
Command InjectionLinux CapabilitiesPrivilege EscalationReverse ShellWeb Application SecuritySystem EnumerationNetwork Reconnaissance
Broken Chain
Difficile
IDOR ExploitationZip Slip VulnerabilityServer-Side Template InjectionInternal Service DiscoveryBackup Service ExploitationPrivilege EscalationSudo Vim Exploitation
WP Ultimate
Difficile
WP
Compromised 2
Difficile
Advanced ReconnaissanceAndroid Reverse EngineeringSCADA ExploitationCVE ExploitationAuthentication BypassPrivilege Escalation
Matsudo
Moyen
SSHBrute ForcePrivilege EscalationLinuxSudoNetwork ReconnaissancePenetration Testing
FiPloit
Facile
Local File InclusionFile Upload BypassPHP SecurityDirectory TraversalWeb Shell ExploitationPrivilege EscalationLog Analysis
Hack the Login
Très Facile
WebAuthenticationClient-Side SecurityLearning Path
API Breaker
Défi
API SecurityWeb HackingLogic FlawsPrivilege EscalationToken ManipulationBase64 EncodingAuthorization Bypass
Traversed
Moyen
GIT
Spoof!
Facile
IP SPOOFING
Compromised 1
Moyen
Apache TomcatWeb Application SecurityWAR DeploymentDefault CredentialsPrivilege EscalationLinuxSudoWeb Shells
AlVault
Moyen
WEB
Beyond Echo
Moyen
PHPRCE
Cronpocalypse
Facile
SSH
Anonymous 2
Facile
FTP ExploitationBackdoor DetectionNetwork ServicesRemote ShellSystem Exploitation
Include me
Facile
PHPLFI
Anonymous
Facile
FTP
Nmap Lab 102
Très Facile
TELNETLearning Path
Onboarding Lab: Access and Flags
Très Facile
NetworkingReconnaissanceCommand LineWeb ServicesLearning Path
Secrets in Source
Très Facile
HTMLLearning Path
Hack the Cookie
Très Facile
WEBLearning Path
Progression des Cours
Vos parcours d'apprentissage et modules