honkeyponkey
Grandmaster
Live Ranking
#8
Best: #8
Total Points
1230
Total Earned
Labs Completed
113
114 User • 16 Root
Modules
10
Validated
First Bloods
0
First to Complete
Best Streak
19
Days
Skills Acquired
Technical skills practiced through completed labs
Command InjectionInput Validation BypassRemote Code ExecutionFilter EvasionWeb SecurityLinuxSSHFile EnumerationCron JobsPrivilege EscalationConfiguration AnalysisJavaScriptWeb DevelopmentHexadecimalBrowser DevToolsSteganographyImage AnalysisWebCTF BasicsNetwork AnalysisPacket CaptureWiresharkProtocol AnalysisMD5Rainbow TablesBinary AnalysisHex EditorsData StructuresReverse EngineeringFile AnalysisQR Code AnalysisData ExtractionDigital ForensicsAPI SecurityWeb HackingLogic FlawsToken ManipulationBase64 EncodingAuthorization BypassMemory ForensicsPattern RecognitionIncident ResponseTool UsageData RecoveryROT13 EncodingNetwork ReconnaissanceService DiscoveryDatabase ForensicsData EncodingCLI UsageBase64Hex EncodingRedisJenkinsCI/CDDevOpsPentestAutomationSession ManagementAuthenticationPHPCryptanalysisClassical CryptoDNSPacket AnalysisData ExfiltrationBase64 DecodingLFIPassword CrackingAuthentication BypassDirectory TraversalPath ManipulationFile InclusionBlockchain AnalysisBitcoinOP_RETURNHex DecodingForensic AnalysisPDF ForensicsMetadataHidden DataForensic ToolsLSBForensicsPythonAudio AnalysisCryptographyTransposition CipherRail FenceFlaskDebug ModeMemory AnalysisPath TraversalCGIFile AccessInput ValidationLogic FlawParameter ManipulationLog AnalysisFile DiscoveryCommand Line ToolsHTTP ProtocolAttack DetectionSecurity AssessmentWeb ExploitationNetwork SecuritySQL InjectionDatabase SecurityJWTToken AuthenticationAlgorithm ConfusionRS256HS256Token ForgeryXXEXML SecurityFile DisclosureExternal EntityVulnerability AssessmentClaims ManipulationTime-Based AttacksSignature CrackingXSSCross-Site ScriptingStored XSSSession HijackingClient-Side SecurityDOM ManipulationCSRFCross-Site Request ForgerySession SecuritySocial EngineeringForm SecurityHTTP SecurityState ManagementBlind SQLiTime-based SQLiBoolean-based SQLiDatabase EnumerationSSRFServer-Side Request ForgeryAWS MetadataCloud SecurityIAM CredentialsAWS EC2File UploadBypass TechniquesWeb ShellsPost ExploitationNoSQL InjectionMongoDBVisibility ControlsAccess Control BypassSecurity TestingOperator ExploitationLocal File InclusionUser-Agent Log PoisoningApache SecuritySystem AdministrationPDF SecurityDictionary AttacksDocument SecurityBrute Force AttacksServer-Side Template InjectionJinja2Flask SecurityWeb Application TestingCode InjectionKeePass 4.x SecurityDirect Brute ForcePassword Manager AssessmentModern CryptographySecurity Tool LimitationsPython PickleEnterprise DeserializationCorporate Backup SystemsDisaster Recovery ExploitationConfiguration Import AttacksEnterprise SecurityGit ForensicsVersion Control SecurityRepository AnalysisPenetration TestingSecret RecoveryOSINTMD5 CrackingSource Code AnalysisWeb Application SecurityPassword AttacksClassical CiphersHistorical CryptanalysisJinja2 ExploitationWindows RegistryPersistence AnalysisMalware AnalysisLDAP InjectionDirectory ServicesCRLF InjectionRedis Command InjectionCache PoisoningProtocol ManipulationMYSQLIRCEWeb InspectionHTML AnalysisDocument DatabasesSUID BinariesLinux SecurityBinary ExploitationWireless SecurityWEP CrackingRC4 AnalysisCryptographic AttacksLegacy Protocol ExploitationDocker Registry APIContainer SecurityAPI ManipulationRegistry ExploitationFrequency AnalysisNetwork ForensicsDNS AnalysisTraffic AnalysisGraphQLSchema IntrospectionInjectionShell CommandsHTTP Parameter ManipulationFilter BypassApache AuthenticationHTTP HeadersSecurity BypassClient-Side ManipulationDirectory EnumerationWeb ReconnaissanceAdministrative Panel DiscoveryIDORRace ConditionsTiming AttacksConcurrent ExploitationPrototype PollutionNode.js SecurityJavaScript ExploitationObject ManipulationModern Web VulnerabilitiesWebDAV ExploitationRemote File AccessHTTP MethodsWeb Server SecurityFile System EnumerationYAML DeserializationPyYAML ExploitationConfiguration InjectionPython SecurityUnsafe DeserializationFile Processing SecurityPath InjectionFile System SecurityPolyalphabetic CiphersURL ManipulationInternal Network AccessProtocol BypassEmail ForensicsHeader AnalysisPhishing DetectionDigital InvestigationRequest SmugglingType JugglingHash AnalysisZIP Password CrackingJohn the RipperfcrackzipBrute ForceArchive SecurityIP SpoofingInformation GatheringCookie ManipulationWiFi SecurityWPA CrackingWireless Penetration TestingDeobfuscationCode AnalysisWeb EnumerationReconnaissanceGitVersion ControlRegex BypassSQLiteUNION-Based SQLiHash CrackingPassword AnalysisSecurity ToolsOffice SecurityHash ExtractionHashcatWindows SecurityNTLMLinux CapabilitiesReverse ShellSystem EnumerationCommand LineFile System NavigationHidden FilesgrepfindIDOR ExploitationZip Slip VulnerabilityInternal Service DiscoveryBackup Service ExploitationSudo Vim ExploitationSSTISSH Brute ForceDirectory FuzzingX-Forwarded-For SpoofingBruteforceffufNewline InjectionLinux EnumerationSUID ExploitationBuffer OverflowARM64 ROPStatic Binary AnalysispwntoolsropperGDBCVE ExploitationLinux Privilege EscalationFile PermissionsApache TomcatWAR DeploymentDefault CredentialsSudoFile Upload BypassPHP SecurityWeb Shell ExploitationFTP ExploitationBackdoor DetectionNetwork ServicesRemote ShellSystem ExploitationIP SPOOFINGFTPGITJWT ManipulationSSH ExploitationLog InjectionhashcatTELNETLearning PathHTMLWEBNetworkingWeb Services
Completed Modules
Educational modules successfully validated
Password Cracking
10 modulesRainbow tables
Wireless cracking
PDF cracking
Linux hash cracking
Office Documents cracking
ZIP cracking
Brute force attacks
Password fundamentals
Dictionary attacks
Windows hash cracking
Completed Labs & Challenges
Hands-on cybersecurity challenges successfully completed
RCE Playground
Medium
Command InjectionInput Validation BypassRemote Code ExecutionFilter EvasionWeb Security
Scheduled Sabotage
Easy
LinuxSSHFile EnumerationCron JobsPrivilege EscalationConfiguration Analysis
Cronpocalypse
Easy
SSH
Hex Hunt
Challenge
JavaScriptWeb DevelopmentHexadecimalBrowser DevTools
Stego Hunt
Challenge
SteganographyImage AnalysisWebCTF Basics
Packet Pursuit
Challenge
Network AnalysisPacket CaptureWiresharkProtocol Analysis
Get the Password
Challenge
JavaScriptMD5Rainbow TablesWeb DevelopmentBrowser DevTools
Binary Secrets
Challenge
Binary AnalysisHex EditorsData StructuresReverse EngineeringFile Analysis
QR Code Quest
Challenge
QR Code AnalysisImage AnalysisData ExtractionSteganographyDigital Forensics
API Breaker
Challenge
API SecurityWeb HackingLogic FlawsPrivilege EscalationToken ManipulationBase64 EncodingAuthorization Bypass
Memory Forensics
Challenge
Memory ForensicsBinary AnalysisDigital ForensicsPattern RecognitionIncident ResponseTool UsageData RecoveryROT13 Encoding
Red is Dead
Challenge
Network ReconnaissanceService DiscoveryDatabase ForensicsData EncodingCLI UsageData RecoveryIncident ResponseBase64Hex EncodingRedis
Snapchat Exposed
Challenge
JenkinsCI/CDDevOpsWeb SecurityPentestAutomation
Session Switch
Challenge
Web SecuritySession ManagementAuthenticationPrivilege EscalationPHP
Crypto Cipher
Challenge
CryptanalysisClassical CryptoPattern RecognitionData Encoding
DNS Exfil
Challenge
Network AnalysisDNSPacket AnalysisData ExfiltrationBase64 Decoding
Corporate Breach
Challenge
Web SecurityPHPLFIPassword CrackingAuthentication BypassDirectory Traversal
Corporate Breach 2
Challenge
Web SecurityPHPLFIPath ManipulationFile Inclusion
Blockchain Secrets
Challenge
Blockchain AnalysisBitcoinOP_RETURNHex DecodingData ExtractionForensic Analysis
PDF Trap
Challenge
PDF ForensicsFile AnalysisMetadataHidden DataForensic Tools
Pixel Puzzler
Challenge
SteganographyImage AnalysisLSBForensicsPython
Sonic Cipher
Challenge
SteganographyAudio AnalysisLSBForensicsPython
Rail Fence
Challenge
CryptographyTransposition CipherRail FencePattern RecognitionPython
Flask Error
Challenge
FlaskDebug ModePythonWeb SecurityMemory Analysis
Path Traversal
Challenge
Path TraversalCGIWeb SecurityFile AccessDirectory TraversalInput Validation
API Logic Flaw
Challenge
API SecurityLogic FlawAuthentication BypassParameter ManipulationPHPWeb Security
Log Hunter
Challenge
Log AnalysisWeb SecurityIncident ResponsePattern RecognitionFile DiscoveryCommand Line ToolsForensicsHTTP ProtocolAttack DetectionSecurity Assessment
Ping Pwn
Challenge
Command InjectionWeb ExploitationService DiscoveryNetwork Security
Auth Bypass
Challenge
SQL InjectionAuthentication BypassWeb SecurityDatabase Security
JWT Bypass
Challenge
JWTWeb SecurityToken AuthenticationCryptography
JWT Algo Confusion
Challenge
JWTAlgorithm ConfusionRS256HS256Token ForgeryWeb Security
XXE Exposed
Challenge
XXEXML SecurityFile DisclosureExternal EntityWeb SecurityVulnerability Assessment
JWT Claims Manipulation
Challenge
JWTClaims ManipulationPrivilege EscalationAuthentication BypassTime-Based AttacksSignature Cracking
XSS Playground
Challenge
XSSCross-Site ScriptingStored XSSSession HijackingJavaScriptWeb SecurityClient-Side SecurityDOM Manipulation
CSRF Bank Transfer
Challenge
CSRFCross-Site Request ForgerySession SecurityWeb SecuritySocial EngineeringForm SecurityHTTP SecurityState Management
SQL Injection
Challenge
SQL InjectionDatabase SecurityWeb SecurityBlind SQLiTime-based SQLiBoolean-based SQLiDatabase EnumerationVulnerability Assessment
URL Scanner
Challenge
SSRFServer-Side Request ForgeryAWS MetadataCloud SecurityIAM CredentialsNetwork SecurityWeb SecurityAWS EC2
File Upload Bypass
Challenge
File UploadWeb SecurityBypass TechniquesPHPWeb ShellsInput ValidationSocial EngineeringPost Exploitation
NoSQL Injection
Challenge
NoSQL InjectionMongoDBVisibility ControlsAccess Control BypassSecurity TestingOperator Exploitation
LFI Log Poison
Challenge
Local File InclusionUser-Agent Log PoisoningRemote Code ExecutionDirectory TraversalWeb SecurityApache SecuritySystem AdministrationLog Analysis
PDF Password Cracker
Challenge
PDF SecurityPassword CrackingDictionary AttacksDigital ForensicsDocument SecurityBrute Force Attacks
Template Injection
Challenge
Server-Side Template InjectionJinja2Flask SecurityWeb Application TestingCode InjectionPrivilege Escalation
KeePass Breaker
Challenge
KeePass 4.x SecurityDirect Brute ForcePassword Manager AssessmentModern CryptographySecurity Tool Limitations
Corporate Backup Deserializer
Challenge
Python PickleEnterprise DeserializationCorporate Backup SystemsDisaster Recovery ExploitationConfiguration Import AttacksEnterprise Security
Git Secrets Hunter
Challenge
Git ForensicsVersion Control SecurityRepository AnalysisPenetration TestingSecret RecoveryOSINT
Admin Portal Breach
Challenge
Client-Side SecurityMD5 CrackingSource Code AnalysisWeb Application SecurityPassword AttacksAuthentication Bypass
Book Cipher Challenge
Challenge
CryptographyClassical CiphersPattern RecognitionHistorical Cryptanalysis
Template Injector
Challenge
Server-Side Template InjectionFlask SecurityJinja2 ExploitationRemote Code ExecutionWeb Security
Registry Hunter
Challenge
Digital ForensicsWindows RegistryPersistence AnalysisBase64 DecodingIncident ResponseMalware Analysis
LDAP Injector
Challenge
LDAP InjectionAuthentication BypassDirectory ServicesEnterprise SecurityWeb Security
Redis Cache Poisoner
Challenge
CRLF InjectionRedis Command InjectionCache PoisoningProtocol ManipulationWeb Security
Query Quake
Medium
MYSQLIRCE
Base64 Detective
Challenge
Base64Web InspectionBrowser DevToolsData EncodingHTML Analysis
MongoDB Injector
Challenge
NoSQL InjectionMongoDBAuthentication BypassDocument DatabasesWeb Security
SUID Privilege Hunter
Challenge
SUID BinariesPrivilege EscalationCommand InjectionLinux SecurityBinary Exploitation
WEP Cracker
Challenge
Wireless SecurityWEP CrackingRC4 AnalysisPacket AnalysisCryptographic AttacksLegacy Protocol Exploitation
Registry Hijacker
Challenge
Docker Registry APIAuthentication BypassContainer SecurityAPI ManipulationRegistry Exploitation
Caesar Shift Decoder
Challenge
CryptographyClassical CiphersFrequency AnalysisPattern Recognition
DNS Tunneling Detective
Challenge
Network ForensicsDNS AnalysisData ExfiltrationTraffic Analysis
GraphQL Gateway
Challenge
GraphQLAPI SecuritySchema IntrospectionAuthorization BypassInjection
Shell Command Scanner
Challenge
Command InjectionWeb SecurityShell CommandsSystem AdministrationHTTP Parameter ManipulationSecurity Assessment
File Include Bypass
Challenge
Local File InclusionFilter BypassApache AuthenticationPassword Cracking
Header Hijacker
Challenge
HTTP HeadersSecurity BypassWeb Application SecurityClient-Side Manipulation
Corporate Directory Hunt
Challenge
Directory EnumerationWeb ReconnaissanceAdministrative Panel DiscoverySecurity Assessment
IDOR Explorer
Challenge
IDORParameter ManipulationWeb Application SecurityAuthorization Bypass
Race Condition Hunter
Challenge
Race ConditionsTiming AttacksConcurrent ExploitationWeb Application Security
Prototype Pollution Hunter
Challenge
Prototype PollutionNode.js SecurityAPI SecurityJavaScript ExploitationObject ManipulationInput Validation BypassModern Web Vulnerabilities
WebDAV Explorer
Challenge
WebDAV ExploitationFile UploadDirectory TraversalRemote File AccessHTTP MethodsWeb Server SecurityFile System Enumeration
YAML Bomb
Challenge
YAML DeserializationPyYAML ExploitationConfiguration InjectionPython SecurityUnsafe DeserializationRemote Code ExecutionFile Processing Security
Simple Directory Traversal
Challenge
Directory TraversalPath InjectionFile System SecurityWeb SecurityInput ValidationPath ManipulationFile Access
Vigenere Stego Hunt
Challenge
CryptographySteganographyClassical CiphersImage AnalysisPolyalphabetic Ciphers
SSRF Validator
Challenge
SSRFWeb SecurityURL ManipulationInternal Network AccessProtocol Bypass
Email Header Forensics
Challenge
Email ForensicsHeader AnalysisPhishing DetectionBase64 DecodingOSINTDigital Investigation
HTTP Smuggling
Challenge
HTTP ProtocolRequest SmugglingNetwork ForensicsTraffic AnalysisWeb SecurityPacket Analysis
Type Juggling Bypass
Challenge
Web SecurityPHPType JugglingAuthentication BypassHash Analysis
ZIP Cracker
Challenge
ZIP Password CrackingJohn the RipperfcrackzipDictionary AttacksBrute ForceArchive Security
Button Activator
Challenge
JavaScriptBrowser DevToolsDOM ManipulationClient-Side Security
IP Spoofing Admin
Challenge
Web SecurityHTTP HeadersIP SpoofingAccess Control BypassInformation Gathering
Cookie Forge
Challenge
JWTCookie ManipulationAuthentication BypassPrivilege Escalation
WiFi Password Cracker
Challenge
WiFi SecurityWPA CrackingDictionary AttacksWireless Penetration TestingNetwork SecurityPacket Analysis
Hack This Site
Challenge
JavaScriptDeobfuscationClient-Side SecurityBrowser DevToolsCode AnalysisAuthentication Bypass
SQL Injection Test
Challenge
SQL InjectionWeb SecurityDatabase SecurityAuthentication BypassInput ValidationPenetration Testing
Backup Hunter
Challenge
Web EnumerationFile DiscoveryReconnaissanceInformation Gathering
Git Exposed
Challenge
GitVersion ControlSource Code AnalysisReconnaissanceWeb Security
Regex Bypass to SQLi
Challenge
SQL InjectionRegex BypassInput ValidationWeb Application SecuritySQLiteUNION-Based SQLi
Crack SHA1 Hash
Challenge
CryptographyHash CrackingPassword AnalysisSecurity Tools
Office Password Cracker
Challenge
Password CrackingOffice SecurityHash ExtractionJohn the RipperHashcat
Windows Password Cracker
Challenge
Password CrackingWindows SecurityNTLMHashcatJohn the RipperHash Analysis
Internal
Hard
Command InjectionLinux CapabilitiesPrivilege EscalationReverse ShellWeb Application SecuritySystem EnumerationNetwork Reconnaissance
Linux Fundamentals Practice
Challenge
LinuxCommand LineFile System NavigationHidden Filesgrepfind
Broken Chain
Hard
IDOR ExploitationZip Slip VulnerabilityServer-Side Template InjectionInternal Service DiscoveryBackup Service ExploitationPrivilege EscalationSudo Vim Exploitation
FortiPy
Hard
Web Application SecuritySSTIFlask SecuritySSH Brute ForceDatabase EnumerationHash CrackingPrivilege Escalation
Hack the Box
Hard
Directory FuzzingX-Forwarded-For SpoofingBruteforceffufCommand InjectionNewline InjectionWeb SecurityLinux EnumerationSUID ExploitationBuffer OverflowARM64 ROPStatic Binary AnalysisBinary ExploitationpwntoolsropperGDB
TechNova Infiltration
Medium
Web EnumerationSSHPassword CrackingPrivilege EscalationLinux SecurityCVE Exploitation
Alpwned
Medium
SQL InjectionAuthentication BypassSSHLinux Privilege EscalationFile PermissionsWeb Application Security
Compromised 1
Medium
Apache TomcatWeb Application SecurityWAR DeploymentDefault CredentialsPrivilege EscalationLinuxSudoWeb Shells
Matsudo
Medium
SSHBrute ForcePrivilege EscalationLinuxSudoNetwork ReconnaissancePenetration Testing
Beyond Echo
Medium
PHPRCE
Hidden CMS Breach
Medium
Web EnumerationWeb SecurityAuthenticationRCEPrivilege EscalationLinux
FiPloit
Easy
Local File InclusionFile Upload BypassPHP SecurityDirectory TraversalWeb Shell ExploitationPrivilege EscalationLog Analysis
Anonymous 2
Easy
FTP ExploitationBackdoor DetectionNetwork ServicesRemote ShellSystem Exploitation
Spoof!
Easy
IP SPOOFING
Anonymous
Easy
FTP
Traversed
Medium
GIT
Infiltrator
Easy
JWT ManipulationSSH ExploitationLog InjectionPrivilege EscalationWeb SecurityLinux Security
Shadow Cracker
Challenge
Password CrackingLinux SecurityJohn the RipperhashcatCryptography
Nmap Lab 102
Very Easy
TELNETLearning Path
Secrets in Source 2
Very Easy
Web SecurityHTMLBrowser DevToolsClient-Side SecuritySource Code AnalysisLearning Path
Hack the Cookie
Very Easy
WEBLearning Path
Hack the Login
Very Easy
WebAuthenticationClient-Side SecurityLearning Path
Onboarding Lab: Access and Flags
Very Easy
NetworkingReconnaissanceCommand LineWeb ServicesLearning Path
Include me
Easy
PHPLFI
Secrets in Source
Very Easy
HTMLLearning Path
Courses Progress
Your learning paths and modules
Password Cracking
100%