Exploit Development for Beginners

2:30 - 4:00 PM


Scores from ToroHack 2018

Workshop Description

Participants will hack into a series of vulnerable servers and get onto Winners boards. These challenges require nothing but a Web browser, Java, and Burp, so you can use any OS.

Equipment Students Will Need to Bring

Participants need a computer that run a Web browser and Java.



Command Injection Projects
1. Ping Form (10) Winners
2. Buffer Overflow (20) Winners
3. ImageMagick (30) Winners


4 & 5. SQL Injection (30, 50) Winners 4
Winners 5
6. Client‑Side Validation (30) Winners 6.1
Winners 6.2
Winners 6.3
7. SAML Forgery (50) Winners
8. Blind Injection (10, 5, 15, 30) Winners 8.1
Winners 8.2
Winners 8.3
Winners 8.4
9. Logic (10) Winners

Other Projects

Basic SQL

CodeCademy SQL Lesson

SQL Injection Attack and Defense

Installing SQLol
SQLi: Attacking with Havij and Defending with Input Filtering
Exploiting SQLi with sqlmap
Fixing MySQL with Parameterized Queries

Games and Cybercompetitions

Password Guessing Games
Bandit Challenges

Updated 4-7-18 3:56 am
Links fixed 5:58 pm 4-7-18
Toro scores archived 4-20-18