Pro

3xpl0it3r

✦ Legend ✦

It's the story of the moon and the ocean. It begins where it ends.

#2 Live Ranking

16530 Total XP

123 Labs Completed 19 First Bloods 1 Streak 8 Best

+400 this month

Activity

182 active days in the last year

Less More

Rank Progress

✦ Legend ✦

Max Rank

Achievements

First Blood

Blood Hunter

Streak Starter

Streak Master

Lab Rat

Lab Expert

Lab Master

Scholar

Writer

Top 10

Pro Member

Web ExploitationHeadless CMSAPI EnumerationInformation DisclosureRevision HistoryToken AbusePrivilege EscalationPythonPickle DeserializationRCELinuxIDORAPI SecurityPath TraversalAccess ControlOAuth 2.0JWTWeb ReconConfiguration ExploitsHost Header InjectionPassword Reset PoisoningCommand InjectionHTTP HeadersCSSMedia QueriesWeb ForensicsSource AnalysisDevToolsUnicodeSteganographyText AnalysisSSHFile EnumerationCron JobsConfiguration AnalysisCommand LineFile System NavigationHidden FilesgrepfindDirectory FuzzingX-Forwarded-For SpoofingBruteforceffufNewline InjectionWeb SecurityLinux EnumerationSUID ExploitationBuffer OverflowARM64 ROPStatic Binary AnalysisBinary ExploitationpwntoolsropperGDBWeb EnumerationAuthenticationClient-Side SecuritySecurity Through ObscurityBrowser DevToolsView SourceBroken Access ControlHTMLPassword CrackingLinux SecurityJohn the RipperhashcatCryptographyCVE ExploitationWindows SecurityNTLMHashcatHash AnalysisSQL InjectionRegex BypassInput ValidationWeb Application SecuritySQLiteUNION-Based SQLiOffice SecurityHash ExtractionGitVersion ControlSource Code AnalysisReconnaissanceSSRFURL ManipulationInternal Network AccessProtocol BypassEmail ForensicsHeader AnalysisPhishing DetectionBase64 DecodingOSINTDigital InvestigationClassical CiphersImage AnalysisPolyalphabetic CiphersHTTP ProtocolRequest SmugglingNetwork ForensicsTraffic AnalysisPacket AnalysisJavaScriptDeobfuscationCode AnalysisAuthentication BypassDirectory TraversalPath InjectionFile System SecurityPath ManipulationFile AccessSSTIFlask SecuritySSH Brute ForceDatabase EnumerationHash CrackingPHPType JugglingPassword AnalysisSecurity ToolsDatabase SecurityPenetration TestingFile DiscoveryInformation GatheringYAML DeserializationPyYAML ExploitationConfiguration InjectionPython SecurityUnsafe DeserializationRemote Code ExecutionFile Processing SecurityWebDAV ExploitationFile UploadRemote File AccessHTTP MethodsWeb Server SecurityFile System EnumerationRace ConditionsTiming AttacksConcurrent ExploitationPrototype PollutionNode.js SecurityJavaScript ExploitationObject ManipulationInput Validation BypassModern Web VulnerabilitiesParameter ManipulationAuthorization BypassSecurity BypassClient-Side ManipulationDirectory EnumerationWeb ReconnaissanceAdministrative Panel DiscoverySecurity AssessmentLocal File InclusionFilter BypassApache AuthenticationCookie ManipulationCRLF InjectionRedis Command InjectionCache PoisoningProtocol ManipulationDOM ManipulationGraphQLSchema IntrospectionInjectionDNS AnalysisData ExfiltrationIP SpoofingAccess Control BypassSUID BinariesFrequency AnalysisPattern RecognitionDocker Registry APIContainer SecurityAPI ManipulationRegistry ExploitationFilter EvasionNoSQL InjectionMongoDBDocument DatabasesLDAP InjectionDirectory ServicesEnterprise SecurityJWT ManipulationSSH ExploitationLog InjectionServer-Side Template InjectionJinja2 ExploitationWireless SecurityWEP CrackingRC4 AnalysisCryptographic AttacksLegacy Protocol ExploitationDigital ForensicsWindows RegistryPersistence AnalysisIncident ResponseMalware AnalysisWiFi SecurityWPA CrackingDictionary AttacksWireless Penetration TestingNetwork SecurityPython PickleEnterprise DeserializationCorporate Backup SystemsDisaster Recovery ExploitationConfiguration Import AttacksHistorical CryptanalysisMD5 CrackingPassword AttacksGit ForensicsVersion Control SecurityRepository AnalysisSecret RecoveryZIP Password CrackingfcrackzipBrute ForceArchive SecurityKeePass 4.x SecurityDirect Brute ForcePassword Manager AssessmentModern CryptographySecurity Tool LimitationsJinja2Web Application TestingCode InjectionPDF SecurityDocument SecurityBrute Force AttacksUser-Agent Log PoisoningApache SecuritySystem AdministrationLog AnalysisShell CommandsHTTP Parameter ManipulationVisibility ControlsSecurity TestingOperator ExploitationCSRFCross-Site Request ForgerySession SecuritySocial EngineeringForm SecurityHTTP SecurityState ManagementLinux Privilege EscalationFile PermissionsBypass TechniquesWeb ShellsPost ExploitationServer-Side Request ForgeryAWS MetadataCloud SecurityIAM CredentialsAWS EC2XSSCross-Site ScriptingStored XSSSession HijackingClaims ManipulationTime-Based AttacksSignature CrackingBlind SQLiTime-based SQLiBoolean-based SQLiVulnerability AssessmentXXEXML SecurityFile DisclosureExternal EntityAlgorithm ConfusionRS256HS256Token ForgeryToken AuthenticationService DiscoveryCommand Line ToolsForensicsAttack DetectionLogic FlawCGIFlaskDebug ModeMemory AnalysisTransposition CipherRail FenceAudio AnalysisLSBPDF ForensicsFile AnalysisMetadataHidden DataForensic ToolsBlockchain AnalysisBitcoinOP_RETURNHex DecodingData ExtractionForensic AnalysisLFIFile InclusionNetwork AnalysisDNSCryptanalysisClassical CryptoData EncodingSession ManagementJenkinsCI/CDDevOpsPentestAutomationNetwork ReconnaissanceDatabase ForensicsCLI UsageData RecoveryBase64Hex EncodingRedisMemory ForensicsBinary AnalysisTool UsageROT13 EncodingWeb HackingLogic FlawsToken ManipulationBase64 EncodingQR Code AnalysisWeb InspectionHTML AnalysisHex EditorsData StructuresReverse EngineeringMD5Rainbow TablesWeb DevelopmentWebCTF BasicsPacket CaptureWiresharkProtocol AnalysisHexadecimalFile Upload BypassPHP SecurityWeb Shell ExploitationWEBAdvanced ReconnaissanceAndroid Reverse EngineeringSCADA ExploitationIDOR ExploitationZip Slip VulnerabilityInternal Service DiscoveryBackup Service ExploitationSudo Vim ExploitationLinux CapabilitiesReverse ShellSystem EnumerationWPApache TomcatWAR DeploymentDefault CredentialsSudoMYSQLIGITFTP ExploitationBackdoor DetectionNetwork ServicesRemote ShellSystem ExploitationFTPBroken AuthenticationDeveloper ToolsLearning PathCapture The FlagCTFFlag SubmissionUUIDGetting StartedCyber Security FundamentalsNmapNmap CommandsTelnetPort ScanningCookie PoisoningSession TamperingIP SPOOFINGView Source Code

Mythos Leak - Headless CMS Draft Exposure Medium

400 XP Jun 10, 2026

Pickle Jar Medium

400 XP Apr 12, 2026

ClearDesk Medium

400 XP Mar 12, 2026

Token Trust Challenge

50 XP Mar 10, 2026

Host Hijack Medium

400 XP Mar 10, 2026

Fine Print Challenge

50 XP Feb 26, 2026

Phantom Text Challenge

50 XP Feb 10, 2026

Scheduled Sabotage Easy

200 XP Jan 28, 2026

Linux Fundamentals Practice Challenge

50 XP Jan 02, 2026

Hack the Box Hard

700 XP Dec 16, 2025

Hidden CMS Breach Medium

400 XP Dec 01, 2025

Secrets in Source 2: Bypass Security Through Obscurity Very Easy

50 XP Nov 20, 2025

Shadow Cracker Challenge

50 XP Nov 12, 2025

TechNova Infiltration Medium

400 XP Nov 10, 2025

Windows Password Cracker Challenge

50 XP Nov 10, 2025

Regex Bypass to SQLi Challenge

50 XP Oct 30, 2025

Office Password Cracker Challenge

50 XP Oct 30, 2025

Git Exposed Challenge

50 XP Oct 29, 2025

SSRF Validator Challenge

50 XP Oct 20, 2025

Email Header Forensics Challenge

50 XP Oct 18, 2025

Vigenere Stego Hunt Challenge

50 XP Oct 18, 2025

HTTP Smuggling Challenge

50 XP Oct 18, 2025

Hack This Site Challenge

50 XP Oct 18, 2025

Simple Directory Traversal Challenge

50 XP Oct 18, 2025

FortiPy Hard

700 XP Oct 18, 2025

Type Juggling Bypass Challenge

50 XP Oct 17, 2025

Crack SHA1 Hash Challenge

50 XP Oct 17, 2025

SQL Injection Test Challenge

50 XP Oct 17, 2025

Backup Hunter Challenge

50 XP Oct 17, 2025

YAML Bomb Challenge

50 XP Sep 26, 2025

WebDAV Explorer Challenge

50 XP Sep 25, 2025

Race Condition Hunter Challenge

50 XP Sep 25, 2025

Prototype Pollution Hunter Challenge

50 XP Sep 24, 2025

IDOR Explorer Challenge

50 XP Sep 22, 2025

Header Hijacker Challenge

50 XP Sep 19, 2025

Corporate Directory Hunt Challenge

50 XP Sep 18, 2025

File Include Bypass Challenge

50 XP Sep 17, 2025

Cookie Forge Challenge

50 XP Sep 16, 2025

Redis Cache Poisoner Challenge

50 XP Sep 15, 2025

Button Activator Challenge

50 XP Sep 15, 2025

GraphQL Gateway Challenge

50 XP Sep 12, 2025

DNS Tunneling Detective Challenge

50 XP Sep 11, 2025

IP Spoofing Admin Challenge

50 XP Sep 10, 2025

SUID Privilege Hunter Challenge

50 XP Sep 10, 2025

Caesar Shift Decoder Challenge

50 XP Sep 10, 2025

Registry Hijacker Challenge

50 XP Sep 09, 2025

RCE Playground Medium

200 XP Sep 08, 2025

MongoDB Injector Challenge

50 XP Sep 05, 2025

LDAP Injector Challenge

50 XP Sep 03, 2025

Infiltrator Easy

200 XP Sep 01, 2025

Template Injector Challenge

50 XP Aug 29, 2025

WEP Cracker Challenge

50 XP Aug 27, 2025

Registry Hunter Challenge

50 XP Aug 26, 2025

WiFi Password Cracker Challenge

50 XP Aug 26, 2025

Corporate Backup Deserializer Challenge

50 XP Aug 25, 2025

Book Cipher Challenge Challenge

50 XP Aug 22, 2025

Admin Portal Breach Challenge

50 XP Aug 22, 2025

Git Secrets Hunter Challenge

50 XP Aug 21, 2025

ZIP Cracker Challenge

50 XP Aug 18, 2025

KeePass Breaker Challenge

50 XP Aug 15, 2025

Template Injection Challenge

50 XP Aug 14, 2025

PDF Password Cracker Challenge

50 XP Aug 13, 2025

LFI Log Poison Challenge

50 XP Aug 12, 2025

Shell Command Scanner Challenge

50 XP Aug 12, 2025

NoSQL Injection Challenge

50 XP Aug 08, 2025

CSRF Bank Transfer Challenge

50 XP Aug 07, 2025

Alpwned Medium

400 XP Aug 07, 2025

File Upload Bypass Challenge

50 XP Aug 07, 2025

URL Scanner Challenge

50 XP Aug 06, 2025

XSS Playground Challenge

50 XP Aug 04, 2025

JWT Claims Manipulation Challenge

50 XP Jul 31, 2025

SQL Injection Challenge

50 XP Jul 30, 2025

XXE Exposed Challenge

50 XP Jul 30, 2025

JWT Algo Confusion Challenge

50 XP Jul 29, 2025

JWT Bypass Challenge

50 XP Jul 25, 2025

Ping Pwn Challenge

50 XP Jul 24, 2025

Auth Bypass Challenge

50 XP Jul 24, 2025

Log Hunter Challenge

50 XP Jul 22, 2025

API Logic Flaw Challenge

50 XP Jul 21, 2025

Path Traversal Challenge

50 XP Jul 18, 2025

Flask Error Challenge

50 XP Jul 17, 2025

Rail Fence Challenge

50 XP Jul 16, 2025

Sonic Cipher Challenge

50 XP Jul 15, 2025

Pixel Puzzler Challenge

50 XP Jul 14, 2025

PDF Trap Challenge

50 XP Jul 11, 2025

Blockchain Secrets Challenge

50 XP Jul 10, 2025

Corporate Breach 2 Challenge

50 XP Jul 09, 2025

Corporate Breach Challenge

50 XP Jul 08, 2025

DNS Exfil Challenge

50 XP Jul 07, 2025

Crypto Cipher Challenge

50 XP Jul 04, 2025

Session Switch Challenge

50 XP Jul 03, 2025

Snapchat Exposed Challenge

50 XP Jul 02, 2025

Red is Dead Challenge

50 XP Jun 30, 2025

Memory Forensics Challenge

50 XP Jun 27, 2025

API Breaker Challenge

50 XP Jun 25, 2025

QR Code Quest Challenge

50 XP Jun 25, 2025

Base64 Detective Challenge

50 XP Jun 24, 2025

Binary Secrets Challenge

50 XP Jun 23, 2025

Get the Password Challenge

50 XP Jun 20, 2025

Stego Hunt Challenge

50 XP Jun 19, 2025

Packet Pursuit Challenge

50 XP Jun 19, 2025

Hex Hunt Challenge

50 XP Jun 17, 2025

FiPloit Easy

200 XP Jun 01, 2025

AlVault Medium

400 XP May 09, 2025

Compromised 2 Hard

700 XP May 04, 2025

Broken Chain Hard

700 XP May 01, 2025

Internal Hard

700 XP Apr 24, 2025

WP Ultimate Hard

700 XP Apr 21, 2025

Compromised 1 Medium

400 XP Apr 13, 2025

Query Quake Medium

400 XP Apr 10, 2025

Matsudo Medium

400 XP Apr 07, 2025

Traversed Medium

400 XP Apr 06, 2025

Beyond Echo Medium

200 XP Apr 05, 2025

Cronpocalypse Easy

200 XP Apr 05, 2025

Anonymous 2 Easy

100 XP Apr 03, 2025

Anonymous Easy

100 XP Apr 03, 2025

Hack the Login Very Easy

50 XP Apr 02, 2025

Capture the Flag 101: Find and Submit Your First Flag Very Easy

50 XP Apr 02, 2025

Nmap Commands Lab: Port Scanning to Privilege Escalation Very Easy

100 XP Apr 02, 2025

Hack the Cookie: Cookie Poisoning Attack Very Easy

50 XP Apr 02, 2025

Spoof! Easy

100 XP Feb 17, 2025

Include me Easy

100 XP Feb 17, 2025

Secrets in Source: View Source Code to Find the Flag Very Easy

50 XP Feb 16, 2025

Nmap Mastery: Dominate Network Scanning 4

Installing Nmap 1 XP Apr 20, 2025

Advanced Techniques 1 XP Apr 24, 2025

Introduction to Nmap 1 XP Apr 20, 2025

Essential Nmap Scanning 1 XP Apr 24, 2025

HTTP Header Manipulation: IP Spoofing 3

Remediate 1 XP Apr 11, 2025

Techniques for IP Spoofing in HTTP Headers 1 XP Apr 11, 2025

Manipulating Headers 1 XP Apr 04, 2025

Password Cracking 10

Rainbow tables 1 XP Sep 05, 2025

Wireless cracking 1 XP Nov 10, 2025

PDF cracking 1 XP Sep 05, 2025

Linux hash cracking 1 XP Nov 14, 2025

Office Documents cracking 1 XP Nov 10, 2025

ZIP cracking 1 XP Oct 30, 2025

Brute force attacks 1 XP Sep 05, 2025

Password fundamentals 1 XP Aug 22, 2025

Dictionary attacks 1 XP Aug 22, 2025

Windows hash cracking 1 XP Nov 10, 2025

Linux Privilege Escalation 1

Linux privesc fundamentals 1 XP Jan 15, 2026

Network Pentesting 10

Active reconnaissance 1 XP Dec 22, 2025

Post-exploitation 1 XP Jan 03, 2026

Pivoting 1 XP Jan 03, 2026

Service exploitation 1 XP Dec 25, 2025

Pentest reporting 1 XP Jan 03, 2026

Password attacks 1 XP Jan 03, 2026

MITM attacks 1 XP Jan 03, 2026

Vulnerability scanning 1 XP Dec 25, 2025

Network fundamentals 1 XP Dec 21, 2025

Service enumeration 1 XP Dec 25, 2025

HDNA Ethical Hacking Course 5

1. Legal & Compliance 1 XP Apr 11, 2025

2. Network Protocols and Security 1 XP Apr 20, 2025

4. Network Scanning 1 XP Apr 20, 2025

3. Reconnaissance 1 XP Apr 20, 2025

Course Summary 1 XP Apr 04, 2025

Web App Attacks 12

CSRF Attacks 1 XP Aug 08, 2025

XXE Injection 1 XP Aug 13, 2025

SSRF 1 XP Aug 12, 2025

File Inclusion 1 XP Aug 12, 2025

Web Security Intro 1 XP Aug 08, 2025

SSTI 1 XP Aug 15, 2025

Deserialization 1 XP Aug 16, 2025

File Upload Attacks 1 XP Aug 12, 2025

XSS Attacks 1 XP Aug 08, 2025

Auth Bypass 1 XP Aug 12, 2025

SQL Injection 1 XP Aug 08, 2025

Command Injection 1 XP Aug 13, 2025

JWT Attacks 4

JWT Basics 1 XP Aug 08, 2025

JWT Tampering 1 XP Aug 08, 2025

JWT Cracking 1 XP Aug 08, 2025

Algorithm Confusion 1 XP Aug 08, 2025

Remote Code Execution (RCE) 3

Shellshock (CVE-2014-6271) 1 XP Apr 04, 2025

RCE: Introduction 1 XP Apr 04, 2025

RCE in PHP 1 XP Apr 04, 2025

Active for 1 days

3 days ago

Flag Found - Mythos Leak - Headless CMS Draft Exposure +200 XP

1 week ago

Flag Found - Mythos Leak - Headless CMS Draft Exposure +200 XP

1 week ago

Active for 3 days

2 weeks ago

Flag Found - Pickle Jar +200 XP

2 months ago

Flag Found - Pickle Jar +200 XP

2 months ago

Active for 9 days

2 months ago

Flag Found - ClearDesk +200 XP

3 months ago

Flag Found - ClearDesk +200 XP

3 months ago

Flag Found - Token Trust +50 XP

3 months ago

Flag Found - Host Hijack +200 XP

3 months ago

Flag Found - Host Hijack +200 XP

3 months ago

Active for 4 days

3 months ago

Flag Found - Fine Print +50 XP

3 months ago

Active for 1 days

4 months ago

Flag Found - Phantom Text +50 XP

4 months ago

Active for 4 days

4 months ago

Flag Found - Scheduled Sabotage +100 XP

4 months ago

Flag Found - Scheduled Sabotage +100 XP

4 months ago

Active for 9 days

4 months ago

Chapter Completed - Linux privesc fundamentals +1 XP

5 months ago

Active for 3 days

5 months ago

Chapter Completed - Pentest reporting +1 XP

5 months ago

Chapter Completed - Post-exploitation +1 XP

5 months ago

Your Certificate is Ready!

View and share your Certificate of Achievement

View Certificate