Hacking Labs

Practice your skills on real vulnerable machines

Start Hacking Real Servers

Create a free account to track your progress, start lab machines, and compete on the global leaderboard.

Start Hacking Free
Recommended Lab
6780 players 5 XP
Lab Icon
Capture the Flag 101: Find and Submit Your First Flag
Very Easy
First Blood: Zero404
Players: 6780
Start Lab
Difficulty
Name Attack Terminal Difficulty XP Players Rate Date
Lab Icon
Pwnify - Web Application Penetration Testing
Web Application SecurityMass AssignmentCommand InjectionHash CrackingPassword ReuseLinux Privilege EscalationLinux CapabilitiesPenetration Testing
Yes
Hard
70
2
50%
06 Jun 2026
Lab Icon
Mythos Leak - Headless CMS Draft Exposure
Web ExploitationHeadless CMSAPI EnumerationInformation DisclosureRevision HistoryToken AbusePrivilege Escalation
Yes
Medium
40
66
20%
14 Apr 2026
Lab Icon
Pickle Jar
PythonPickle DeserializationRCEPrivilege EscalationLinux
Yes
Medium
40
83
42%
17 Mar 2026
Lab Icon
ClearDesk
IDORAPI SecurityPath TraversalAccess ControlPrivilege Escalation
Yes
Medium
40
138
80%
10 Mar 2026
Lab Icon
Host Hijack
Host Header InjectionPassword Reset PoisoningCommand InjectionPrivilege EscalationHTTP Headers
Yes
Medium
40
48
40%
03 Mar 2026
Lab Icon
Hack the Box
Directory FuzzingX-Forwarded-For SpoofingBruteforceffufCommand InjectionNewline InjectionWeb SecurityLinux EnumerationSUID ExploitationBuffer OverflowARM64 ROPStatic Binary AnalysisBinary ExploitationpwntoolsropperGDB
Yes
Hard
70
153
14%
15 Dec 2025
Lab Icon
Hidden CMS Breach
Web EnumerationWeb SecurityAuthenticationRCEPrivilege EscalationLinux
Yes
Medium
40
116
41%
01 Dec 2025
Lab Icon
Secrets in Source 2: Bypass Security Through Obscurity
Client-Side SecuritySecurity Through ObscurityBrowser DevToolsView SourceInformation DisclosureBroken Access ControlWeb SecurityHTML
No
Very Easy
5
1061
74%
17 Nov 2025
Lab Icon
TechNova Infiltration
Web EnumerationSSHPassword CrackingPrivilege EscalationLinux SecurityCVE Exploitation
Yes
Medium
40
92
34%
10 Nov 2025
Lab Icon
FortiPy
Web Application SecuritySSTIFlask SecuritySSH Brute ForceDatabase EnumerationHash CrackingPrivilege Escalation
Yes
Hard
70
69
39%
01 Oct 2025
Lab Icon
Alpwned
SQL InjectionAuthentication BypassSSHLinux Privilege EscalationFile PermissionsWeb Application Security
Yes
Medium
40
96
42%
01 Aug 2025
Lab Icon
AlVault
WEB
Yes
Medium
40
198
37%
30 Apr 2025
Lab Icon
Hack the Cookie: Cookie Poisoning Attack
Cookie PoisoningSession TamperingBase64 EncodingPrivilege EscalationBrowser DevToolsClient-Side SecurityWeb Exploitation
No
Very Easy
5
2521
57%
01 Apr 2025
Lab Icon
Hack the Login
Authentication BypassBroken AuthenticationClient-Side SecurityWeb SecurityDeveloper ToolsLearning Path
No
Very Easy
5
5319
63%
25 Mar 2025
Lab Icon
Nmap Commands Lab: Port Scanning to Privilege Escalation
NmapNmap CommandsTelnetPort ScanningNetwork ReconnaissancePrivilege Escalation
Yes
Very Easy
10
1930
47%
09 Mar 2025
Lab Icon
Cronpocalypse
SSH
Yes
Easy
20
508
35%
01 Mar 2025
Lab Icon
Capture the Flag 101: Find and Submit Your First Flag
Capture The FlagCTFCTF BasicsFlag SubmissionUUIDGetting StartedCyber Security Fundamentals
No
Very Easy
5
5985
76%
10 Feb 2025
Lab Icon
Compromised 1
Apache TomcatWeb Application SecurityWAR DeploymentDefault CredentialsPrivilege EscalationLinuxSudoWeb Shells
Yes
Medium
40
114
51%
11 Nov 2024
Lab Icon
Traversed
GIT
Yes
Medium
40
126
55%
25 Sep 2024
Lab Icon
WP Ultimate
WP
Yes
Hard
70
68
32%
05 Jun 2024
Lab Icon
Query Quake
MYSQLIRCE
Yes
Medium
40
105
39%
28 May 2024
Lab Icon
Spoof!
IP SPOOFING
Yes
Easy
10
535
70%
27 Apr 2024
Lab Icon
Beyond Echo
PHPRCE
Yes
Medium
20
247
48%
05 Apr 2024
Lab Icon
Secrets in Source: View Source Code to Find the Flag
View Source CodeHTMLBrowser DevToolsInformation DisclosureBroken Access ControlSource Code AnalysisWeb Security
No
Very Easy
5
3387
70%
04 Apr 2024
Lab Icon
Anonymous
FTP
Yes
Easy
10
630
77%
29 Mar 2024
Lab Icon
Include me
PHPLFI
Yes
Easy
10
836
62%
27 Mar 2024
Lab Icon
Scheduled Sabotage
LinuxSSHFile EnumerationCron JobsPrivilege EscalationConfiguration Analysis
Yes
Easy
20
87
46%
24 Jan 2026
Lab Icon
RCE Playground
Command InjectionInput Validation BypassRemote Code ExecutionFilter EvasionWeb Security
Yes
Medium
20
31
45%
02 Sep 2025
Lab Icon
Infiltrator
JWT ManipulationSSH ExploitationLog InjectionPrivilege EscalationWeb SecurityLinux Security
Yes
Easy
20
160
19%
01 Sep 2025
Lab Icon
FiPloit
Local File InclusionFile Upload BypassPHP SecurityDirectory TraversalWeb Shell ExploitationPrivilege EscalationLog Analysis
Yes
Easy
20
433
27%
01 Jun 2025
Lab Icon
Broken Chain
IDOR ExploitationZip Slip VulnerabilityServer-Side Template InjectionInternal Service DiscoveryBackup Service ExploitationPrivilege EscalationSudo Vim Exploitation
Yes
Hard
70
149
17%
01 Apr 2025
Lab Icon
Internal
Command InjectionLinux CapabilitiesPrivilege EscalationReverse ShellWeb Application SecuritySystem EnumerationNetwork Reconnaissance
Yes
Hard
70
76
34%
01 Feb 2025
Lab Icon
Compromised 2
Advanced ReconnaissanceAndroid Reverse EngineeringSCADA ExploitationCVE ExploitationAuthentication BypassPrivilege Escalation
Yes
Hard
70
45
38%
01 Jan 2025
Lab Icon
Matsudo
SSHBrute ForcePrivilege EscalationLinuxSudoNetwork ReconnaissancePenetration Testing
Yes
Medium
40
159
61%
16 May 2024
Lab Icon
Anonymous 2
FTP ExploitationBackdoor DetectionNetwork ServicesRemote ShellSystem Exploitation
Yes
Easy
10
480
55%
01 May 2024
No labs match your filters
12,000+ Hackers 100+ Labs & Courses Free
Start Hacking Free