Hacking Labs
Practice your skills on real vulnerable machines
Start Hacking Real Servers
Create a free account to track your progress, start lab machines, and compete on the global leaderboard.
Recommended Lab
6735 players
5 XP
Name
Attack Terminal
Difficulty
XP
Players
Rate
Date
Mythos Leak - Headless CMS Draft Exposure
Web ExploitationHeadless CMSAPI EnumerationInformation DisclosureRevision HistoryToken AbusePrivilege Escalation
Yes
Medium
40
66
20%
14 Apr 2026
Yes
Medium
40
83
42%
17 Mar 2026
Yes
Medium
40
135
79%
10 Mar 2026
Host Hijack
Host Header InjectionPassword Reset PoisoningCommand InjectionPrivilege EscalationHTTP Headers
Yes
Medium
40
48
40%
03 Mar 2026
Hack the Box
Directory FuzzingX-Forwarded-For SpoofingBruteforceffufCommand InjectionNewline InjectionWeb SecurityLinux EnumerationSUID ExploitationBuffer OverflowARM64 ROPStatic Binary AnalysisBinary ExploitationpwntoolsropperGDB
Yes
Hard
70
153
14%
15 Dec 2025
Yes
Medium
40
113
41%
01 Dec 2025
Secrets in Source 2: Bypass Security Through Obscurity
Client-Side SecuritySecurity Through ObscurityBrowser DevToolsView SourceInformation DisclosureBroken Access ControlWeb SecurityHTML
No
Very Easy
5
1054
74%
17 Nov 2025
TechNova Infiltration
Web EnumerationSSHPassword CrackingPrivilege EscalationLinux SecurityCVE Exploitation
Yes
Medium
40
92
34%
10 Nov 2025
FortiPy
Web Application SecuritySSTIFlask SecuritySSH Brute ForceDatabase EnumerationHash CrackingPrivilege Escalation
Yes
Hard
70
69
38%
01 Oct 2025
Alpwned
SQL InjectionAuthentication BypassSSHLinux Privilege EscalationFile PermissionsWeb Application Security
Yes
Medium
40
96
42%
01 Aug 2025
Hack the Cookie: Cookie Poisoning Attack
Cookie PoisoningSession TamperingBase64 EncodingPrivilege EscalationBrowser DevToolsClient-Side SecurityWeb Exploitation
No
Very Easy
5
2509
57%
01 Apr 2025
Hack the Login
Authentication BypassBroken AuthenticationClient-Side SecurityWeb SecurityDeveloper ToolsLearning Path
No
Very Easy
5
5299
63%
25 Mar 2025
Nmap Commands Lab: Port Scanning to Privilege Escalation
NmapNmap CommandsTelnetPort ScanningNetwork ReconnaissancePrivilege Escalation
Yes
Very Easy
10
1918
47%
09 Mar 2025
Capture the Flag 101: Find and Submit Your First Flag
Capture The FlagCTFCTF BasicsFlag SubmissionUUIDGetting StartedCyber Security Fundamentals
No
Very Easy
5
5943
76%
10 Feb 2025
Compromised 1
Apache TomcatWeb Application SecurityWAR DeploymentDefault CredentialsPrivilege EscalationLinuxSudoWeb Shells
Yes
Medium
40
114
51%
11 Nov 2024
Secrets in Source: View Source Code to Find the Flag
View Source CodeHTMLBrowser DevToolsInformation DisclosureBroken Access ControlSource Code AnalysisWeb Security
No
Very Easy
5
3373
70%
04 Apr 2024
Yes
Easy
20
86
45%
24 Jan 2026
RCE Playground
Command InjectionInput Validation BypassRemote Code ExecutionFilter EvasionWeb Security
Yes
Medium
20
31
45%
02 Sep 2025
Infiltrator
JWT ManipulationSSH ExploitationLog InjectionPrivilege EscalationWeb SecurityLinux Security
Yes
Easy
20
159
19%
01 Sep 2025
FiPloit
Local File InclusionFile Upload BypassPHP SecurityDirectory TraversalWeb Shell ExploitationPrivilege EscalationLog Analysis
Yes
Easy
20
433
27%
01 Jun 2025
Broken Chain
IDOR ExploitationZip Slip VulnerabilityServer-Side Template InjectionInternal Service DiscoveryBackup Service ExploitationPrivilege EscalationSudo Vim Exploitation
Yes
Hard
70
149
17%
01 Apr 2025
Internal
Command InjectionLinux CapabilitiesPrivilege EscalationReverse ShellWeb Application SecuritySystem EnumerationNetwork Reconnaissance
Yes
Hard
70
76
34%
01 Feb 2025
Compromised 2
Advanced ReconnaissanceAndroid Reverse EngineeringSCADA ExploitationCVE ExploitationAuthentication BypassPrivilege Escalation
Yes
Hard
70
45
38%
01 Jan 2025
Yes
Medium
40
159
61%
16 May 2024
Yes
Easy
10
479
55%
01 May 2024
No labs match your filters