AzmiJO
✦ Legend ✦
Live Ranking
#5
Best: #1
Total Points
1350
Total Earned
Labs Completed
110
112 User • 16 Root
Modules
38
Validated
First Bloods
2
First to Complete
Best Streak
10
Days
Skills Acquired
Technical skills practiced through completed labs
Web SecurityHTMLBrowser DevToolsClient-Side SecuritySource Code AnalysisPassword CrackingLinux SecurityJohn the RipperhashcatCryptographyWeb EnumerationSSHPrivilege EscalationCVE ExploitationWindows SecurityNTLMHashcatHash AnalysisOffice SecurityHash ExtractionGitVersion ControlReconnaissanceFile DiscoveryInformation GatheringPHPType JugglingAuthentication BypassHash CrackingPassword AnalysisSecurity ToolsSQL InjectionDatabase SecurityInput ValidationPenetration TestingJavaScriptDeobfuscationCode AnalysisHTTP ProtocolRequest SmugglingNetwork ForensicsTraffic AnalysisPacket AnalysisEmail ForensicsHeader AnalysisPhishing DetectionBase64 DecodingOSINTDigital InvestigationSSRFURL ManipulationInternal Network AccessProtocol BypassSteganographyClassical CiphersImage AnalysisPolyalphabetic CiphersDirectory TraversalPath InjectionFile System SecurityPath ManipulationFile AccessWeb Application SecuritySSTIFlask SecuritySSH Brute ForceDatabase EnumerationYAML DeserializationPyYAML ExploitationConfiguration InjectionPython SecurityUnsafe DeserializationRemote Code ExecutionFile Processing SecurityWebDAV ExploitationFile UploadRemote File AccessHTTP MethodsWeb Server SecurityFile System EnumerationPrototype PollutionNode.js SecurityAPI SecurityJavaScript ExploitationObject ManipulationInput Validation BypassModern Web VulnerabilitiesIDORParameter ManipulationAuthorization BypassHTTP HeadersSecurity BypassClient-Side ManipulationDirectory EnumerationWeb ReconnaissanceAdministrative Panel DiscoverySecurity AssessmentLocal File InclusionFilter BypassApache AuthenticationJWTCookie ManipulationPython PickleEnterprise DeserializationCorporate Backup SystemsDisaster Recovery ExploitationConfiguration Import AttacksEnterprise SecurityCRLF InjectionRedis Command InjectionCache PoisoningProtocol ManipulationCSRFCross-Site Request ForgerySession SecuritySocial EngineeringForm SecurityHTTP SecurityState ManagementFlaskDebug ModePythonMemory AnalysisNetwork AnalysisDNSData ExfiltrationSession ManagementAuthenticationAlgorithm ConfusionRS256HS256Token ForgeryUser-Agent Log PoisoningApache SecuritySystem AdministrationLog AnalysisXXEXML SecurityFile DisclosureExternal EntityVulnerability AssessmentWebCTF BasicsDOM ManipulationGraphQLSchema IntrospectionInjectionCommand InjectionFilter EvasionDNS AnalysisIP SpoofingAccess Control BypassSUID BinariesBinary ExploitationFrequency AnalysisPattern RecognitionDocker Registry APIContainer SecurityAPI ManipulationRegistry ExploitationNoSQL InjectionMongoDBDocument DatabasesWeb ExploitationService DiscoveryNetwork SecurityIncident ResponseCommand Line ToolsForensicsAttack DetectionLDAP InjectionDirectory ServicesJWT ManipulationSSH ExploitationLog InjectionServer-Side Template InjectionJinja2 ExploitationWireless SecurityWEP CrackingRC4 AnalysisCryptographic AttacksLegacy Protocol ExploitationHistorical CryptanalysisWiFi SecurityWPA CrackingDictionary AttacksWireless Penetration TestingDigital ForensicsWindows RegistryPersistence AnalysisMalware AnalysisMD5 CrackingPassword AttacksGit ForensicsVersion Control SecurityRepository AnalysisSecret RecoveryZIP Password CrackingfcrackzipBrute ForceArchive SecurityKeePass 4.x SecurityDirect Brute ForcePassword Manager AssessmentModern CryptographySecurity Tool LimitationsJinja2Web Application TestingCode InjectionPDF SecurityDocument SecurityBrute Force AttacksShell CommandsHTTP Parameter ManipulationVisibility ControlsSecurity TestingOperator ExploitationBypass TechniquesWeb ShellsPost ExploitationLinux Privilege EscalationFile PermissionsServer-Side Request ForgeryAWS MetadataCloud SecurityIAM CredentialsAWS EC2XSSCross-Site ScriptingStored XSSSession HijackingClaims ManipulationTime-Based AttacksSignature CrackingBlind SQLiTime-based SQLiBoolean-based SQLiToken AuthenticationLogic FlawPath TraversalCGITransposition CipherRail FenceAudio AnalysisLSBPDF ForensicsFile AnalysisMetadataHidden DataForensic ToolsBlockchain AnalysisBitcoinOP_RETURNHex DecodingData ExtractionForensic AnalysisLFIFile InclusionCryptanalysisClassical CryptoData EncodingJenkinsCI/CDDevOpsPentestAutomationNetwork ReconnaissanceDatabase ForensicsCLI UsageData RecoveryBase64Hex EncodingRedisMemory ForensicsBinary AnalysisTool UsageROT13 EncodingWeb HackingLogic FlawsToken ManipulationBase64 EncodingQR Code AnalysisWeb InspectionHTML AnalysisHex EditorsData StructuresReverse EngineeringMD5Rainbow TablesWeb DevelopmentPacket CaptureWiresharkProtocol AnalysisHexadecimalFile Upload BypassPHP SecurityWeb Shell ExploitationWEBIDOR ExploitationZip Slip VulnerabilityInternal Service DiscoveryBackup Service ExploitationSudo Vim ExploitationLearning PathTELNETJSNetworkingCommand LineWeb ServicesLinux CapabilitiesReverse ShellSystem EnumerationAdvanced ReconnaissanceAndroid Reverse EngineeringSCADA ExploitationApache TomcatWAR DeploymentDefault CredentialsLinuxSudoGITWPMYSQLIRCEFTP ExploitationBackdoor DetectionNetwork ServicesRemote ShellSystem ExploitationIP SPOOFINGFTP
Completed Modules
Educational modules successfully validated
Nmap Mastery: Dominate Network Scanning
4 modulesInstalling Nmap
Advanced Techniques
Introduction to Nmap
Essential Nmap Scanning
HTTP Header Manipulation: IP Spoofing
3 modulesRemediate
Techniques for IP Spoofing in HTTP Headers
Manipulating Headers
Password Cracking: Advanced Techniques for Security Assessment
8 modulesRainbow Tables and Precomputed Attacks
Wireless Network Password Attacks
PDF Password Cracking and Document Security
Linux Password Cracking (Shadow Files)
Brute Force and Hybrid Attack Techniques
Password Security Fundamentals
Dictionary Attacks and Wordlist Optimization
Windows System Password Recovery
HDNA Ethical Hacking Course
5 modules1. Legal & Compliance
2. Network Protocols and Security
4. Network Scanning
3. Reconnaissance
Course Summary
Web Application Security: Exploitation and Defense
12 modulesCross-Site Request Forgery
XML External Entity Injection
Server-Side Request Forgery
Local and Remote File Inclusion
Course Introduction
Server-Side Template Injection
Deserialization Attacks
File Upload Exploitation
Cross-Site Scripting
Authentication Bypass
SQL Injection
Command Injection
JWT Ethical Hacking: Token Takeover Tactics
3 modulesIntroduction to JWT Tokens
Claims Manipulation and Time-Based Attacks
Secret Key Brute Forcing
Remote Code Execution (RCE)
3 modulesShellshock (CVE-2014-6271)
RCE: Introduction
RCE in PHP
Completed Labs & Challenges
Hands-on cybersecurity challenges successfully completed
Secrets in Source 2
Very Easy
Web SecurityHTMLBrowser DevToolsClient-Side SecuritySource Code Analysis
Shadow Cracker
Challenge
Password CrackingLinux SecurityJohn the RipperhashcatCryptography
TechNova Infiltration
Medium
Web EnumerationSSHPassword CrackingPrivilege EscalationLinux SecurityCVE Exploitation
Windows Password Cracker
Challenge
Password CrackingWindows SecurityNTLMHashcatJohn the RipperHash Analysis
Office Password Cracker
Challenge
Password CrackingOffice SecurityHash ExtractionJohn the RipperHashcat
Git Exposed
Challenge
GitVersion ControlSource Code AnalysisReconnaissanceWeb Security
Backup Hunter
Challenge
Web EnumerationFile DiscoveryReconnaissanceInformation Gathering
Type Juggling Bypass
Challenge
Web SecurityPHPType JugglingAuthentication BypassHash Analysis
Crack SHA1 Hash
Challenge
CryptographyHash CrackingPassword AnalysisSecurity Tools
SQL Injection Test
Challenge
SQL InjectionWeb SecurityDatabase SecurityAuthentication BypassInput ValidationPenetration Testing
Hack This Site
Challenge
JavaScriptDeobfuscationClient-Side SecurityBrowser DevToolsCode AnalysisAuthentication Bypass
HTTP Smuggling
Challenge
HTTP ProtocolRequest SmugglingNetwork ForensicsTraffic AnalysisWeb SecurityPacket Analysis
Email Header Forensics
Challenge
Email ForensicsHeader AnalysisPhishing DetectionBase64 DecodingOSINTDigital Investigation
SSRF Validator
Challenge
SSRFWeb SecurityURL ManipulationInternal Network AccessProtocol Bypass
Vigenere Stego Hunt
Challenge
CryptographySteganographyClassical CiphersImage AnalysisPolyalphabetic Ciphers
Simple Directory Traversal
Challenge
Directory TraversalPath InjectionFile System SecurityWeb SecurityInput ValidationPath ManipulationFile Access
FortiPy
Hard
Web Application SecuritySSTIFlask SecuritySSH Brute ForceDatabase EnumerationHash CrackingPrivilege Escalation
YAML Bomb
Challenge
YAML DeserializationPyYAML ExploitationConfiguration InjectionPython SecurityUnsafe DeserializationRemote Code ExecutionFile Processing Security
WebDAV Explorer
Challenge
WebDAV ExploitationFile UploadDirectory TraversalRemote File AccessHTTP MethodsWeb Server SecurityFile System Enumeration
Prototype Pollution Hunter
Challenge
Prototype PollutionNode.js SecurityAPI SecurityJavaScript ExploitationObject ManipulationInput Validation BypassModern Web Vulnerabilities
IDOR Explorer
Challenge
IDORParameter ManipulationWeb Application SecurityAuthorization Bypass
Header Hijacker
Challenge
HTTP HeadersSecurity BypassWeb Application SecurityClient-Side Manipulation
Corporate Directory Hunt
Challenge
Directory EnumerationWeb ReconnaissanceAdministrative Panel DiscoverySecurity Assessment
File Include Bypass
Challenge
Local File InclusionFilter BypassApache AuthenticationPassword Cracking
Cookie Forge
Challenge
JWTCookie ManipulationAuthentication BypassPrivilege Escalation
Corporate Backup Deserializer
Challenge
Python PickleEnterprise DeserializationCorporate Backup SystemsDisaster Recovery ExploitationConfiguration Import AttacksEnterprise Security
Redis Cache Poisoner
Challenge
CRLF InjectionRedis Command InjectionCache PoisoningProtocol ManipulationWeb Security
CSRF Bank Transfer
Challenge
CSRFCross-Site Request ForgerySession SecurityWeb SecuritySocial EngineeringForm SecurityHTTP SecurityState Management
Flask Error
Challenge
FlaskDebug ModePythonWeb SecurityMemory Analysis
DNS Exfil
Challenge
Network AnalysisDNSPacket AnalysisData ExfiltrationBase64 Decoding
Session Switch
Challenge
Web SecuritySession ManagementAuthenticationPrivilege EscalationPHP
JWT Algo Confusion
Challenge
JWTAlgorithm ConfusionRS256HS256Token ForgeryWeb Security
LFI Log Poison
Challenge
Local File InclusionUser-Agent Log PoisoningRemote Code ExecutionDirectory TraversalWeb SecurityApache SecuritySystem AdministrationLog Analysis
XXE Exposed
Challenge
XXEXML SecurityFile DisclosureExternal EntityWeb SecurityVulnerability Assessment
Stego Hunt
Challenge
SteganographyImage AnalysisWebCTF Basics
Button Activator
Challenge
JavaScriptBrowser DevToolsDOM ManipulationClient-Side Security
GraphQL Gateway
Challenge
GraphQLAPI SecuritySchema IntrospectionAuthorization BypassInjection
RCE Playground
Medium
Command InjectionInput Validation BypassRemote Code ExecutionFilter EvasionWeb Security
DNS Tunneling Detective
Challenge
Network ForensicsDNS AnalysisData ExfiltrationTraffic Analysis
IP Spoofing Admin
Challenge
Web SecurityHTTP HeadersIP SpoofingAccess Control BypassInformation Gathering
SUID Privilege Hunter
Challenge
SUID BinariesPrivilege EscalationCommand InjectionLinux SecurityBinary Exploitation
Caesar Shift Decoder
Challenge
CryptographyClassical CiphersFrequency AnalysisPattern Recognition
Registry Hijacker
Challenge
Docker Registry APIAuthentication BypassContainer SecurityAPI ManipulationRegistry Exploitation
MongoDB Injector
Challenge
NoSQL InjectionMongoDBAuthentication BypassDocument DatabasesWeb Security
Ping Pwn
Challenge
Command InjectionWeb ExploitationService DiscoveryNetwork Security
Log Hunter
Challenge
Log AnalysisWeb SecurityIncident ResponsePattern RecognitionFile DiscoveryCommand Line ToolsForensicsHTTP ProtocolAttack DetectionSecurity Assessment
LDAP Injector
Challenge
LDAP InjectionAuthentication BypassDirectory ServicesEnterprise SecurityWeb Security
Infiltrator
Easy
JWT ManipulationSSH ExploitationLog InjectionPrivilege EscalationWeb SecurityLinux Security
Template Injector
Challenge
Server-Side Template InjectionFlask SecurityJinja2 ExploitationRemote Code ExecutionWeb Security
WEP Cracker
Challenge
Wireless SecurityWEP CrackingRC4 AnalysisPacket AnalysisCryptographic AttacksLegacy Protocol Exploitation
Book Cipher Challenge
Challenge
CryptographyClassical CiphersPattern RecognitionHistorical Cryptanalysis
WiFi Password Cracker
Challenge
WiFi SecurityWPA CrackingDictionary AttacksWireless Penetration TestingNetwork SecurityPacket Analysis
Registry Hunter
Challenge
Digital ForensicsWindows RegistryPersistence AnalysisBase64 DecodingIncident ResponseMalware Analysis
Admin Portal Breach
Challenge
Client-Side SecurityMD5 CrackingSource Code AnalysisWeb Application SecurityPassword AttacksAuthentication Bypass
Git Secrets Hunter
Challenge
Git ForensicsVersion Control SecurityRepository AnalysisPenetration TestingSecret RecoveryOSINT
ZIP Cracker
Challenge
ZIP Password CrackingJohn the RipperfcrackzipDictionary AttacksBrute ForceArchive Security
KeePass Breaker
Challenge
KeePass 4.x SecurityDirect Brute ForcePassword Manager AssessmentModern CryptographySecurity Tool Limitations
Template Injection
Challenge
Server-Side Template InjectionJinja2Flask SecurityWeb Application TestingCode InjectionPrivilege Escalation
PDF Password Cracker
Challenge
PDF SecurityPassword CrackingDictionary AttacksDigital ForensicsDocument SecurityBrute Force Attacks
Shell Command Scanner
Challenge
Command InjectionWeb SecurityShell CommandsSystem AdministrationHTTP Parameter ManipulationSecurity Assessment
NoSQL Injection
Challenge
NoSQL InjectionMongoDBVisibility ControlsAccess Control BypassSecurity TestingOperator Exploitation
File Upload Bypass
Challenge
File UploadWeb SecurityBypass TechniquesPHPWeb ShellsInput ValidationSocial EngineeringPost Exploitation
Alpwned
Medium
SQL InjectionAuthentication BypassSSHLinux Privilege EscalationFile PermissionsWeb Application Security
URL Scanner
Challenge
SSRFServer-Side Request ForgeryAWS MetadataCloud SecurityIAM CredentialsNetwork SecurityWeb SecurityAWS EC2
XSS Playground
Challenge
XSSCross-Site ScriptingStored XSSSession HijackingJavaScriptWeb SecurityClient-Side SecurityDOM Manipulation
JWT Claims Manipulation
Challenge
JWTClaims ManipulationPrivilege EscalationAuthentication BypassTime-Based AttacksSignature Cracking
SQL Injection
Challenge
SQL InjectionDatabase SecurityWeb SecurityBlind SQLiTime-based SQLiBoolean-based SQLiDatabase EnumerationVulnerability Assessment
JWT Bypass
Challenge
JWTWeb SecurityToken AuthenticationCryptography
Auth Bypass
Challenge
SQL InjectionAuthentication BypassWeb SecurityDatabase Security
API Logic Flaw
Challenge
API SecurityLogic FlawAuthentication BypassParameter ManipulationPHPWeb Security
Path Traversal
Challenge
Path TraversalCGIWeb SecurityFile AccessDirectory TraversalInput Validation
Rail Fence
Challenge
CryptographyTransposition CipherRail FencePattern RecognitionPython
Sonic Cipher
Challenge
SteganographyAudio AnalysisLSBForensicsPython
Pixel Puzzler
Challenge
SteganographyImage AnalysisLSBForensicsPython
PDF Trap
Challenge
PDF ForensicsFile AnalysisMetadataHidden DataForensic Tools
Blockchain Secrets
Challenge
Blockchain AnalysisBitcoinOP_RETURNHex DecodingData ExtractionForensic Analysis
Corporate Breach 2
Challenge
Web SecurityPHPLFIPath ManipulationFile Inclusion
Corporate Breach
Challenge
Web SecurityPHPLFIPassword CrackingAuthentication BypassDirectory Traversal
Crypto Cipher
Challenge
CryptanalysisClassical CryptoPattern RecognitionData Encoding
Snapchat Exposed
Challenge
JenkinsCI/CDDevOpsWeb SecurityPentestAutomation
Red is Dead
Challenge
Network ReconnaissanceService DiscoveryDatabase ForensicsData EncodingCLI UsageData RecoveryIncident ResponseBase64Hex EncodingRedis
Memory Forensics
Challenge
Memory ForensicsBinary AnalysisDigital ForensicsPattern RecognitionIncident ResponseTool UsageData RecoveryROT13 Encoding
API Breaker
Challenge
API SecurityWeb HackingLogic FlawsPrivilege EscalationToken ManipulationBase64 EncodingAuthorization Bypass
QR Code Quest
Challenge
QR Code AnalysisImage AnalysisData ExtractionSteganographyDigital Forensics
Base64 Detective
Challenge
Base64Web InspectionBrowser DevToolsData EncodingHTML Analysis
Binary Secrets
Challenge
Binary AnalysisHex EditorsData StructuresReverse EngineeringFile Analysis
Get the Password
Challenge
JavaScriptMD5Rainbow TablesWeb DevelopmentBrowser DevTools
Packet Pursuit
Challenge
Network AnalysisPacket CaptureWiresharkProtocol Analysis
Hex Hunt
Challenge
JavaScriptWeb DevelopmentHexadecimalBrowser DevTools
FiPloit
Easy
Local File InclusionFile Upload BypassPHP SecurityDirectory TraversalWeb Shell ExploitationPrivilege EscalationLog Analysis
AlVault
Medium
WEB
Broken Chain
Hard
IDOR ExploitationZip Slip VulnerabilityServer-Side Template InjectionInternal Service DiscoveryBackup Service ExploitationPrivilege EscalationSudo Vim Exploitation
Hack the Cookie
Very Easy
WEBLearning Path
Nmap Lab 102
Very Easy
TELNETLearning Path
Hack the Login
Very Easy
JSLearning Path
Learning Lab 101
Very Easy
NetworkingReconnaissanceCommand LineWeb ServicesLearning Path
Cronpocalypse
Easy
SSH
Internal
Hard
Command InjectionLinux CapabilitiesPrivilege EscalationReverse ShellWeb Application SecuritySystem EnumerationNetwork Reconnaissance
Compromised 2
Hard
Advanced ReconnaissanceAndroid Reverse EngineeringSCADA ExploitationCVE ExploitationAuthentication BypassPrivilege Escalation
Compromised 1
Medium
Apache TomcatWeb Application SecurityWAR DeploymentDefault CredentialsPrivilege EscalationLinuxSudoWeb Shells
Traversed
Medium
GIT
WP Ultimate
Hard
WP
Matsudo
Medium
SSHBrute ForcePrivilege EscalationLinuxSudoNetwork ReconnaissancePenetration Testing
Query Quake
Medium
MYSQLIRCE
Beyond Echo
Medium
PHPRCE
Anonymous 2
Easy
FTP ExploitationBackdoor DetectionNetwork ServicesRemote ShellSystem Exploitation
Spoof!
Easy
IP SPOOFING
Anonymous
Easy
FTP
Include me
Easy
PHPLFI
Secrets in Source
Very Easy
HTMLLearning Path
Courses Progress
Your learning paths and modules