oswe-practice

OSWE-like machines

Machine Name	Source	Language	Authentication Bypass	RCE	Is Source Code Review required?
Harder	TryHackMe	PHP	Exposed Git Repository + Bypassing of hash_hmac	Regular Command Injection	Yes
Spring	TryHackMe	Java	Exposed Git Repository + Bypassing IP restriction	Exploitation of Spring Boot Actuators	Yes
All in One	TryHackMe	PHP	Local File Inclusion	Malicious File Upload/Modification	No
Misguided Ghosts	TryHackMe	PHP	Cross-Site Scripting	Command Injection	No
Cache	HackTheBox	PHP	SQL Injection + Cracking Bcrypt	Malicious File Upload/Modification	Yes
Magic	HackTheBox	PHP	Basic SQL Injection	Bypass File Upload	No
Book	HackTheBox	PHP	SQL Truncation	Cross-Site Scripting to RCE	No
Wall	HackTheBox	PHP	Verb Tampering + Bruteforcing	Command Injection	No

Authentication Bypass Only

Machine Name	Source	Language	Authentication Bypass
Mango	HackTheBox	PHP	NoSQL Injection

RCE Only

Machine Name	Source	Language	RCE
Json	HackTheBox	.Net	Deserialization
Jarvis	HackTheBox	PHP	File writes through SQL injection
Unattended	HackTheBox	PHP	Directory Traversal + Union-Based SQL Injection + Local File Inclusion + Log File Poisoning + Bypassing of IP Tables
Arkham	HackTheBox	Java	Deserialization

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
README.md		README.md

Provide feedback