// hands-on
Practice labs
You don't learn to hack by reading - you learn by doing. Each lab is a small, self-contained challenge tied to a lesson. Safe, legal, and built to make the concept stick.
Privilege Escalation
SUID Permission Hunt
Find the misconfigured SUID binary on a simulated box and use it to read a root-only flag.
Text Processing
Grep the Logs
Mine a messy auth log with grep, sed, and awk to extract every failed SSH login and its source IP.
Network Recon
Subnet Recon & Host Discovery
Given a /24 network, use nmap and ping-sweep techniques to enumerate live hosts and map open ports.
Network Scanning
nmap SYN Scan Dissection
Run a SYN scan against a target VM, capture it in Wireshark, and identify open/closed/filtered ports from the raw packets.
Reconnaissance
DNS Enumeration & Zone Transfer
Enumerate subdomains of a misconfigured DNS server using dig and a zone transfer, then map every host.
Web Recon
HTTP Headers & Response Analysis
Use curl, Burp, and DevTools to analyze HTTP responses - security headers, cookie flags, and server banners.
Web Exploitation
SQLi Login Bypass
Bypass a vulnerable login form with a classic SQL injection payload, then escalate to dumping the users table.
Web Exploitation
Stored XSS Cookie Stealer
Plant a stored XSS payload that exfiltrates a victim's session cookie to your listener - then fix it with output encoding.
Web Exploitation
IDOR Account Takeover
Tamper with an object ID in an API request to read and modify another user's account - a textbook IDOR.
Web Exploitation
SSRF to Cloud Metadata
Abuse a server-side URL fetcher to reach the cloud metadata endpoint and steal simulated IAM credentials.
Web Exploitation
Upload Filter Bypass to Web Shell
Defeat a naive upload filter to plant a web shell and get command execution on the simulated server.
Enumeration
Service Enumeration to Foothold
Enumerate an unknown box's services with nmap and targeted tools, identify the weak point, and plan the exploit.