IDS Cybersecurity Labs

Hands-on Security Training Platform

labs.ids-cybersec.com
8
Categories
45
Labs Running
3
Difficulty Levels
S
Server-Side Request Forgery (SSRF)
4 Labs
SSRF Lab CTF
6 level SSRF: basic, enumeration, hostname bypass, cloud metadata, blacklist bypass, open redirect.
/lab/8041 Running
Blind SSRF Lab
3 level blind SSRF: exfiltrate flags from internal API via interceptor/OOB. Response never shown.
/lab/8042 Running
Time-based SSRF Lab
3 level time-based SSRF: detect internal services through timing analysis. No response visible.
/lab/8043 Running
Simple SSRF
Basic SSRF demo with Python Flask. No filter, no flag - pure vulnerability demonstration.
/lab/8001 Running
X
Cross-Site Scripting (XSS)
20 Labs
XSS - Reflected
Classic reflected XSS vulnerability
/lab/8020Easy
XSS - Stored
Persistent stored XSS attack
/lab/8021Medium
XSS - DOM Based
DOM-based cross-site scripting
/lab/8022Medium
XSS - DOM innerHTML
DOM XSS via innerHTML sink
/lab/8023Medium
XSS - JS String
XSS in JavaScript string context
/lab/8024Easy
XSS - Stored href
Stored XSS via href attribute
/lab/8025Medium
XSS - JS Context
XSS within JavaScript context
/lab/8026Medium
XSS - JSON
XSS through JSON injection
/lab/8027Medium
XSS - Form Action
XSS via form action injection
/lab/8028Medium
XSS - Hash innerHTML
XSS via location hash + innerHTML
/lab/8029Medium
XSS - Search Query
XSS in search query parameter
/lab/8030Easy
XSS - Attribute
XSS in HTML attribute context
/lab/8031Easy
XSS - JS String Context
XSS breaking out of JS string
/lab/8032Medium
XSS - document.write
XSS via document.write sink
/lab/8033Easy
XSS - innerHTML
XSS via innerHTML assignment
/lab/8034Easy
XSS - DOM Location
DOM XSS via location source
/lab/8035Medium
XSS - Event Handler
XSS via event handler injection
/lab/8036Medium
XSS - JS String (Medium)
JS string XSS with filter bypass
/lab/8037Medium
XSS - Medium
Medium difficulty XSS challenge
/lab/8038Medium
Advanced XSS Lab
8 advanced challenges: WAF bypass, CSP evasion, mXSS, blind XSS, polyglot XSS and more.
/lab/8060Advanced
L
Local File Inclusion (LFI)
2 Labs
LFI Lab
Local File Inclusion vulnerability with multiple attack vectors.
/lab/8039Easy
LFI Lab - Easy
Beginner-friendly Local File Inclusion challenge.
/lab/8040Easy
A
API Security & Broken Access Control
2 Labs
API Security Lab
4 levels: broken authentication, excessive data exposure, mass assignment, JWT token manipulation.
/lab/8062 Medium
Broken Access Control Lab
4 levels: IDOR, horizontal & vertical privilege escalation, forceful browsing.
/lab/8063 Advanced
S
SQL Injection (SQLi)
6 Labs
SQLi - Login Bypass
SQL injection to bypass authentication
/lab/5001Easy
SQLi - Other Endpoints
SQL injection on non-obvious endpoints
/lab/5002Medium
SQLi - Hidden Data
Extracting hidden database contents
/lab/5003Easy
Oracle Version Detection
Database fingerprinting and version detection
/lab/5005Medium
SQLi - DB Version
SQL injection to determine database version
/lab/5006Easy
SQL Injection Lab
Comprehensive SQL injection training
/lab/6003Medium
B
Brute Force & Cracking
3 Labs
Brute Force - Password Challenge
Password brute force attack challenge
/lab/6001Easy
Hashcat & John Lab
Hash cracking with Hashcat and John the Ripper
/lab/6002Medium
Brute Force - Advanced
Advanced brute force techniques and tools
/lab/6004Hard
C
Client-Side Exploit
7 Labs
Client-Side Restriction Bypass
Bypass client-side input validation to inject malicious sleep time values.
/lab/8050Easy
Client-Side Template Injection (CSTI)
Exploit client-side template injection via unsanitized user input rendering.
/lab/8051Medium
CSRF - Basic
Cross-Site Request Forgery attack with no CSRF protection on color preference update.
/lab/8052Easy
CSRF - SameSite Cookie
CSRF with different SameSite cookie settings: strict, lax, and none.
/lab/8053Medium
CSRF - Weak Token
Exploit predictable time-based CSRF token to forge requests.
/lab/8054Medium
Session Hijacking via XSS
Steal session cookies through XSS with httpOnly disabled.
/lab/8055Hard
Untrusted Sources (XSSI)
Cross-Site Script Inclusion attack via untrusted JavaScript sources.
/lab/8056Medium
O
Other Labs
1 Lab
VulnLab
Multi-vulnerability training environment
/lab/2222Medium

© 2025 NETRACYBER — All Rights Reserved

For authorized educational use only. All labs are intentionally vulnerable.