honkeyponkey
Grandmaster
Classement
#8
Meilleur: #8
Points Totaux
1230
Total Gagné
Labs Terminés
113
114 User • 16 Root
Modules
10
Validés
Premiers Sangs
0
Premier à Terminer
Meilleure Série
19
Jours
Compétences Acquises
Compétences techniques pratiquées à travers les labs terminés
Command InjectionInput Validation BypassRemote Code ExecutionFilter EvasionWeb SecurityLinuxSSHFile EnumerationCron JobsPrivilege EscalationConfiguration AnalysisJavaScriptWeb DevelopmentHexadecimalBrowser DevToolsSteganographyImage AnalysisWebCTF BasicsNetwork AnalysisPacket CaptureWiresharkProtocol AnalysisMD5Rainbow TablesBinary AnalysisHex EditorsData StructuresReverse EngineeringFile AnalysisQR Code AnalysisData ExtractionDigital ForensicsAPI SecurityWeb HackingLogic FlawsToken ManipulationBase64 EncodingAuthorization BypassMemory ForensicsPattern RecognitionIncident ResponseTool UsageData RecoveryROT13 EncodingNetwork ReconnaissanceService DiscoveryDatabase ForensicsData EncodingCLI UsageBase64Hex EncodingRedisJenkinsCI/CDDevOpsPentestAutomationSession ManagementAuthenticationPHPCryptanalysisClassical CryptoDNSPacket AnalysisData ExfiltrationBase64 DecodingLFIPassword CrackingAuthentication BypassDirectory TraversalPath ManipulationFile InclusionBlockchain AnalysisBitcoinOP_RETURNHex DecodingForensic AnalysisPDF ForensicsMetadataHidden DataForensic ToolsLSBForensicsPythonAudio AnalysisCryptographyTransposition CipherRail FenceFlaskDebug ModeMemory AnalysisPath TraversalCGIFile AccessInput ValidationLogic FlawParameter ManipulationLog AnalysisFile DiscoveryCommand Line ToolsHTTP ProtocolAttack DetectionSecurity AssessmentWeb ExploitationNetwork SecuritySQL InjectionDatabase SecurityJWTToken AuthenticationAlgorithm ConfusionRS256HS256Token ForgeryXXEXML SecurityFile DisclosureExternal EntityVulnerability AssessmentClaims ManipulationTime-Based AttacksSignature CrackingXSSCross-Site ScriptingStored XSSSession HijackingClient-Side SecurityDOM ManipulationCSRFCross-Site Request ForgerySession SecuritySocial EngineeringForm SecurityHTTP SecurityState ManagementBlind SQLiTime-based SQLiBoolean-based SQLiDatabase EnumerationSSRFServer-Side Request ForgeryAWS MetadataCloud SecurityIAM CredentialsAWS EC2File UploadBypass TechniquesWeb ShellsPost ExploitationNoSQL InjectionMongoDBVisibility ControlsAccess Control BypassSecurity TestingOperator ExploitationLocal File InclusionUser-Agent Log PoisoningApache SecuritySystem AdministrationPDF SecurityDictionary AttacksDocument SecurityBrute Force AttacksServer-Side Template InjectionJinja2Flask SecurityWeb Application TestingCode InjectionKeePass 4.x SecurityDirect Brute ForcePassword Manager AssessmentModern CryptographySecurity Tool LimitationsPython PickleEnterprise DeserializationCorporate Backup SystemsDisaster Recovery ExploitationConfiguration Import AttacksEnterprise SecurityGit ForensicsVersion Control SecurityRepository AnalysisPenetration TestingSecret RecoveryOSINTMD5 CrackingSource Code AnalysisWeb Application SecurityPassword AttacksClassical CiphersHistorical CryptanalysisJinja2 ExploitationWindows RegistryPersistence AnalysisMalware AnalysisLDAP InjectionDirectory ServicesCRLF InjectionRedis Command InjectionCache PoisoningProtocol ManipulationMYSQLIRCEWeb InspectionHTML AnalysisDocument DatabasesSUID BinariesLinux SecurityBinary ExploitationWireless SecurityWEP CrackingRC4 AnalysisCryptographic AttacksLegacy Protocol ExploitationDocker Registry APIContainer SecurityAPI ManipulationRegistry ExploitationFrequency AnalysisNetwork ForensicsDNS AnalysisTraffic AnalysisGraphQLSchema IntrospectionInjectionShell CommandsHTTP Parameter ManipulationFilter BypassApache AuthenticationHTTP HeadersSecurity BypassClient-Side ManipulationDirectory EnumerationWeb ReconnaissanceAdministrative Panel DiscoveryIDORRace ConditionsTiming AttacksConcurrent ExploitationPrototype PollutionNode.js SecurityJavaScript ExploitationObject ManipulationModern Web VulnerabilitiesWebDAV ExploitationRemote File AccessHTTP MethodsWeb Server SecurityFile System EnumerationYAML DeserializationPyYAML ExploitationConfiguration InjectionPython SecurityUnsafe DeserializationFile Processing SecurityPath InjectionFile System SecurityPolyalphabetic CiphersURL ManipulationInternal Network AccessProtocol BypassEmail ForensicsHeader AnalysisPhishing DetectionDigital InvestigationRequest SmugglingType JugglingHash AnalysisZIP Password CrackingJohn the RipperfcrackzipBrute ForceArchive SecurityIP SpoofingInformation GatheringCookie ManipulationWiFi SecurityWPA CrackingWireless Penetration TestingDeobfuscationCode AnalysisWeb EnumerationReconnaissanceGitVersion ControlRegex BypassSQLiteUNION-Based SQLiHash CrackingPassword AnalysisSecurity ToolsOffice SecurityHash ExtractionHashcatWindows SecurityNTLMLinux CapabilitiesReverse ShellSystem EnumerationCommand LineFile System NavigationHidden FilesgrepfindIDOR ExploitationZip Slip VulnerabilityInternal Service DiscoveryBackup Service ExploitationSudo Vim ExploitationSSTISSH Brute ForceDirectory FuzzingX-Forwarded-For SpoofingBruteforceffufNewline InjectionLinux EnumerationSUID ExploitationBuffer OverflowARM64 ROPStatic Binary AnalysispwntoolsropperGDBCVE ExploitationLinux Privilege EscalationFile PermissionsApache TomcatWAR DeploymentDefault CredentialsSudoFile Upload BypassPHP SecurityWeb Shell ExploitationFTP ExploitationBackdoor DetectionNetwork ServicesRemote ShellSystem ExploitationIP SPOOFINGFTPGITJWT ManipulationSSH ExploitationLog InjectionhashcatTELNETLearning PathHTMLWEBNetworkingWeb Services
Modules Terminés
Modules éducatifs validés avec succès
Cassage de Mots de Passe
10 modulesRainbow tables
Cassage sans fil
Cassage de PDF
Cassage de hashes Linux
Cassage de Documents Office
Cassage de ZIP
Attaques par force brute
Fondamentaux des mots de passe
Attaques par dictionnaire
Cassage de hashes Windows
Labs & Défis Terminés
Défis pratiques de cybersécurité terminés avec succès
RCE Playground
Moyen
Command InjectionInput Validation BypassRemote Code ExecutionFilter EvasionWeb Security
Scheduled Sabotage
Facile
LinuxSSHFile EnumerationCron JobsPrivilege EscalationConfiguration Analysis
Cronpocalypse
Facile
SSH
Hex Hunt
Défi
JavaScriptWeb DevelopmentHexadecimalBrowser DevTools
Stego Hunt
Défi
SteganographyImage AnalysisWebCTF Basics
Packet Pursuit
Défi
Network AnalysisPacket CaptureWiresharkProtocol Analysis
Get the Password
Défi
JavaScriptMD5Rainbow TablesWeb DevelopmentBrowser DevTools
Binary Secrets
Défi
Binary AnalysisHex EditorsData StructuresReverse EngineeringFile Analysis
QR Code Quest
Défi
QR Code AnalysisImage AnalysisData ExtractionSteganographyDigital Forensics
API Breaker
Défi
API SecurityWeb HackingLogic FlawsPrivilege EscalationToken ManipulationBase64 EncodingAuthorization Bypass
Memory Forensics
Défi
Memory ForensicsBinary AnalysisDigital ForensicsPattern RecognitionIncident ResponseTool UsageData RecoveryROT13 Encoding
Red is Dead
Défi
Network ReconnaissanceService DiscoveryDatabase ForensicsData EncodingCLI UsageData RecoveryIncident ResponseBase64Hex EncodingRedis
Snapchat Exposed
Défi
JenkinsCI/CDDevOpsWeb SecurityPentestAutomation
Session Switch
Défi
Web SecuritySession ManagementAuthenticationPrivilege EscalationPHP
Crypto Cipher
Défi
CryptanalysisClassical CryptoPattern RecognitionData Encoding
DNS Exfil
Défi
Network AnalysisDNSPacket AnalysisData ExfiltrationBase64 Decoding
Corporate Breach
Défi
Web SecurityPHPLFIPassword CrackingAuthentication BypassDirectory Traversal
Corporate Breach 2
Défi
Web SecurityPHPLFIPath ManipulationFile Inclusion
Blockchain Secrets
Défi
Blockchain AnalysisBitcoinOP_RETURNHex DecodingData ExtractionForensic Analysis
PDF Trap
Défi
PDF ForensicsFile AnalysisMetadataHidden DataForensic Tools
Pixel Puzzler
Défi
SteganographyImage AnalysisLSBForensicsPython
Sonic Cipher
Défi
SteganographyAudio AnalysisLSBForensicsPython
Rail Fence
Défi
CryptographyTransposition CipherRail FencePattern RecognitionPython
Flask Error
Défi
FlaskDebug ModePythonWeb SecurityMemory Analysis
Path Traversal
Défi
Path TraversalCGIWeb SecurityFile AccessDirectory TraversalInput Validation
API Logic Flaw
Défi
API SecurityLogic FlawAuthentication BypassParameter ManipulationPHPWeb Security
Log Hunter
Défi
Log AnalysisWeb SecurityIncident ResponsePattern RecognitionFile DiscoveryCommand Line ToolsForensicsHTTP ProtocolAttack DetectionSecurity Assessment
Ping Pwn
Défi
Command InjectionWeb ExploitationService DiscoveryNetwork Security
Auth Bypass
Défi
SQL InjectionAuthentication BypassWeb SecurityDatabase Security
JWT Bypass
Défi
JWTWeb SecurityToken AuthenticationCryptography
JWT Algo Confusion
Défi
JWTAlgorithm ConfusionRS256HS256Token ForgeryWeb Security
XXE Exposed
Défi
XXEXML SecurityFile DisclosureExternal EntityWeb SecurityVulnerability Assessment
JWT Claims Manipulation
Défi
JWTClaims ManipulationPrivilege EscalationAuthentication BypassTime-Based AttacksSignature Cracking
XSS Playground
Défi
XSSCross-Site ScriptingStored XSSSession HijackingJavaScriptWeb SecurityClient-Side SecurityDOM Manipulation
CSRF Bank Transfer
Défi
CSRFCross-Site Request ForgerySession SecurityWeb SecuritySocial EngineeringForm SecurityHTTP SecurityState Management
SQL Injection
Défi
SQL InjectionDatabase SecurityWeb SecurityBlind SQLiTime-based SQLiBoolean-based SQLiDatabase EnumerationVulnerability Assessment
URL Scanner
Défi
SSRFServer-Side Request ForgeryAWS MetadataCloud SecurityIAM CredentialsNetwork SecurityWeb SecurityAWS EC2
File Upload Bypass
Défi
File UploadWeb SecurityBypass TechniquesPHPWeb ShellsInput ValidationSocial EngineeringPost Exploitation
NoSQL Injection
Défi
NoSQL InjectionMongoDBVisibility ControlsAccess Control BypassSecurity TestingOperator Exploitation
LFI Log Poison
Défi
Local File InclusionUser-Agent Log PoisoningRemote Code ExecutionDirectory TraversalWeb SecurityApache SecuritySystem AdministrationLog Analysis
PDF Password Cracker
Défi
PDF SecurityPassword CrackingDictionary AttacksDigital ForensicsDocument SecurityBrute Force Attacks
Template Injection
Défi
Server-Side Template InjectionJinja2Flask SecurityWeb Application TestingCode InjectionPrivilege Escalation
KeePass Breaker
Défi
KeePass 4.x SecurityDirect Brute ForcePassword Manager AssessmentModern CryptographySecurity Tool Limitations
Corporate Backup Deserializer
Défi
Python PickleEnterprise DeserializationCorporate Backup SystemsDisaster Recovery ExploitationConfiguration Import AttacksEnterprise Security
Git Secrets Hunter
Défi
Git ForensicsVersion Control SecurityRepository AnalysisPenetration TestingSecret RecoveryOSINT
Admin Portal Breach
Défi
Client-Side SecurityMD5 CrackingSource Code AnalysisWeb Application SecurityPassword AttacksAuthentication Bypass
Book Cipher Challenge
Défi
CryptographyClassical CiphersPattern RecognitionHistorical Cryptanalysis
Template Injector
Défi
Server-Side Template InjectionFlask SecurityJinja2 ExploitationRemote Code ExecutionWeb Security
Registry Hunter
Défi
Digital ForensicsWindows RegistryPersistence AnalysisBase64 DecodingIncident ResponseMalware Analysis
LDAP Injector
Défi
LDAP InjectionAuthentication BypassDirectory ServicesEnterprise SecurityWeb Security
Redis Cache Poisoner
Défi
CRLF InjectionRedis Command InjectionCache PoisoningProtocol ManipulationWeb Security
Query Quake
Moyen
MYSQLIRCE
Base64 Detective
Défi
Base64Web InspectionBrowser DevToolsData EncodingHTML Analysis
MongoDB Injector
Défi
NoSQL InjectionMongoDBAuthentication BypassDocument DatabasesWeb Security
SUID Privilege Hunter
Défi
SUID BinariesPrivilege EscalationCommand InjectionLinux SecurityBinary Exploitation
WEP Cracker
Défi
Wireless SecurityWEP CrackingRC4 AnalysisPacket AnalysisCryptographic AttacksLegacy Protocol Exploitation
Registry Hijacker
Défi
Docker Registry APIAuthentication BypassContainer SecurityAPI ManipulationRegistry Exploitation
Caesar Shift Decoder
Défi
CryptographyClassical CiphersFrequency AnalysisPattern Recognition
DNS Tunneling Detective
Défi
Network ForensicsDNS AnalysisData ExfiltrationTraffic Analysis
GraphQL Gateway
Défi
GraphQLAPI SecuritySchema IntrospectionAuthorization BypassInjection
Shell Command Scanner
Défi
Command InjectionWeb SecurityShell CommandsSystem AdministrationHTTP Parameter ManipulationSecurity Assessment
File Include Bypass
Défi
Local File InclusionFilter BypassApache AuthenticationPassword Cracking
Header Hijacker
Défi
HTTP HeadersSecurity BypassWeb Application SecurityClient-Side Manipulation
Corporate Directory Hunt
Défi
Directory EnumerationWeb ReconnaissanceAdministrative Panel DiscoverySecurity Assessment
IDOR Explorer
Défi
IDORParameter ManipulationWeb Application SecurityAuthorization Bypass
Race Condition Hunter
Défi
Race ConditionsTiming AttacksConcurrent ExploitationWeb Application Security
Prototype Pollution Hunter
Défi
Prototype PollutionNode.js SecurityAPI SecurityJavaScript ExploitationObject ManipulationInput Validation BypassModern Web Vulnerabilities
WebDAV Explorer
Défi
WebDAV ExploitationFile UploadDirectory TraversalRemote File AccessHTTP MethodsWeb Server SecurityFile System Enumeration
YAML Bomb
Défi
YAML DeserializationPyYAML ExploitationConfiguration InjectionPython SecurityUnsafe DeserializationRemote Code ExecutionFile Processing Security
Simple Directory Traversal
Défi
Directory TraversalPath InjectionFile System SecurityWeb SecurityInput ValidationPath ManipulationFile Access
Vigenere Stego Hunt
Défi
CryptographySteganographyClassical CiphersImage AnalysisPolyalphabetic Ciphers
SSRF Validator
Défi
SSRFWeb SecurityURL ManipulationInternal Network AccessProtocol Bypass
Email Header Forensics
Défi
Email ForensicsHeader AnalysisPhishing DetectionBase64 DecodingOSINTDigital Investigation
HTTP Smuggling
Défi
HTTP ProtocolRequest SmugglingNetwork ForensicsTraffic AnalysisWeb SecurityPacket Analysis
Type Juggling Bypass
Défi
Web SecurityPHPType JugglingAuthentication BypassHash Analysis
ZIP Cracker
Défi
ZIP Password CrackingJohn the RipperfcrackzipDictionary AttacksBrute ForceArchive Security
Button Activator
Défi
JavaScriptBrowser DevToolsDOM ManipulationClient-Side Security
IP Spoofing Admin
Défi
Web SecurityHTTP HeadersIP SpoofingAccess Control BypassInformation Gathering
Cookie Forge
Défi
JWTCookie ManipulationAuthentication BypassPrivilege Escalation
WiFi Password Cracker
Défi
WiFi SecurityWPA CrackingDictionary AttacksWireless Penetration TestingNetwork SecurityPacket Analysis
Hack This Site
Défi
JavaScriptDeobfuscationClient-Side SecurityBrowser DevToolsCode AnalysisAuthentication Bypass
SQL Injection Test
Défi
SQL InjectionWeb SecurityDatabase SecurityAuthentication BypassInput ValidationPenetration Testing
Backup Hunter
Défi
Web EnumerationFile DiscoveryReconnaissanceInformation Gathering
Git Exposed
Défi
GitVersion ControlSource Code AnalysisReconnaissanceWeb Security
Regex Bypass to SQLi
Défi
SQL InjectionRegex BypassInput ValidationWeb Application SecuritySQLiteUNION-Based SQLi
Crack SHA1 Hash
Défi
CryptographyHash CrackingPassword AnalysisSecurity Tools
Office Password Cracker
Défi
Password CrackingOffice SecurityHash ExtractionJohn the RipperHashcat
Windows Password Cracker
Défi
Password CrackingWindows SecurityNTLMHashcatJohn the RipperHash Analysis
Internal
Difficile
Command InjectionLinux CapabilitiesPrivilege EscalationReverse ShellWeb Application SecuritySystem EnumerationNetwork Reconnaissance
Linux Fundamentals Practice
Défi
LinuxCommand LineFile System NavigationHidden Filesgrepfind
Broken Chain
Difficile
IDOR ExploitationZip Slip VulnerabilityServer-Side Template InjectionInternal Service DiscoveryBackup Service ExploitationPrivilege EscalationSudo Vim Exploitation
FortiPy
Difficile
Web Application SecuritySSTIFlask SecuritySSH Brute ForceDatabase EnumerationHash CrackingPrivilege Escalation
Hack the Box
Difficile
Directory FuzzingX-Forwarded-For SpoofingBruteforceffufCommand InjectionNewline InjectionWeb SecurityLinux EnumerationSUID ExploitationBuffer OverflowARM64 ROPStatic Binary AnalysisBinary ExploitationpwntoolsropperGDB
TechNova Infiltration
Moyen
Web EnumerationSSHPassword CrackingPrivilege EscalationLinux SecurityCVE Exploitation
Alpwned
Moyen
SQL InjectionAuthentication BypassSSHLinux Privilege EscalationFile PermissionsWeb Application Security
Compromised 1
Moyen
Apache TomcatWeb Application SecurityWAR DeploymentDefault CredentialsPrivilege EscalationLinuxSudoWeb Shells
Matsudo
Moyen
SSHBrute ForcePrivilege EscalationLinuxSudoNetwork ReconnaissancePenetration Testing
Beyond Echo
Moyen
PHPRCE
Hidden CMS Breach
Moyen
Web EnumerationWeb SecurityAuthenticationRCEPrivilege EscalationLinux
FiPloit
Facile
Local File InclusionFile Upload BypassPHP SecurityDirectory TraversalWeb Shell ExploitationPrivilege EscalationLog Analysis
Anonymous 2
Facile
FTP ExploitationBackdoor DetectionNetwork ServicesRemote ShellSystem Exploitation
Spoof!
Facile
IP SPOOFING
Anonymous
Facile
FTP
Traversed
Moyen
GIT
Infiltrator
Facile
JWT ManipulationSSH ExploitationLog InjectionPrivilege EscalationWeb SecurityLinux Security
Shadow Cracker
Défi
Password CrackingLinux SecurityJohn the RipperhashcatCryptography
Nmap Lab 102
Très Facile
TELNETLearning Path
Secrets in Source 2
Très Facile
Web SecurityHTMLBrowser DevToolsClient-Side SecuritySource Code AnalysisLearning Path
Hack the Cookie
Très Facile
WEBLearning Path
Hack the Login
Très Facile
WebAuthenticationClient-Side SecurityLearning Path
Onboarding Lab: Access and Flags
Très Facile
NetworkingReconnaissanceCommand LineWeb ServicesLearning Path
Include me
Facile
PHPLFI
Secrets in Source
Très Facile
HTMLLearning Path
Progression des Cours
Vos parcours d'apprentissage et modules