Solutions for

Products we offer

View all products for teams

Products we offer

Leverage 70% off for Universities

Products we offer

View all products for business

Products we offer

View all products for individuals

Parrot CTFs for Teams

Build cybersecurity talent.

An interactive and guided skills development platform for corporate teams looking to master offensive, defensive, and general security domains.

Read more
Start a free trial

Parrot CTFs for Education

Empower the next generation.

Comprehensive cybersecurity education platform designed for academic institutions to prepare students for real-world challenges.

Read more
Start for free

Parrot CTFs for Students

Start your cybersecurity journey.

Self-paced learning platform with hands-on labs and structured content to help you master cybersecurity skills.

Read more
Get started

Compliance-Focused Penetration Testing

NIS2 Compliance - Penetration Testing & Auditing

NIS2 Compliance

Parrot CTFs helps companies across Europe meet and maintain NIS2 compliance through trusted, transparent, and repeatable penetration testing. Get detailed audit-ready reports, real-world risk insights, and full lifecycle support.

Our NIS2 compliance solution includes:

  • Real-world risk insights
  • Full lifecycle support
  • Comprehensive penetration testing
  • Detailed audit-ready reports
Read more

Job Roles

Industries

Parrot CTFs Use Cases

Customer Stories

Case Study: Jacob Masse passed eJPT, eWPT & eCPPT

Jacob Masse, a cybersecurity enthusiast, shares his journey of passing the eJPT, eWPT, and eCPPT certifications with the help of Parrot CTFs.

Read Case Study

Hacking Glossary

A comprehensive glossary of hacking terms and concepts.

Explore hacking terms

Hacking Cheat Sheets

A collection of cheat sheets for various hacking techniques and tools.

Hang out

Help Center

FAQs, and troubleshooting tips.

Visit Help Center

Introduction to Parrot CTFs

A guide to getting started with Parrot CTFs.

Read Guide
Community
Get Help
From the Blog
report

New release: The latest on CVE-2025-29927 – NextJS Vulnerability

21 Mar 2025, CVE-2025-29927 was made public by Next,js maintainers and this vulnerability can lead to Authentication bypass. This vulnerability is discovered by Rachid and Yasser Allam and possible to bypass authentication if they occur in middleware

View vulnerability report
Company
Contact us
Connect
Why Parrot CTFs?

Join our mission to create a safer cyber world by making cybersecurity training fun and accessible to everyone.

Get started with Parrot CTFs
Featured News

Level Up Your Active Directory Hacking: Parrot CTFs Now Hosts GOAD by Orange Cyberdefense

We’re proud to announce that Parrot CTFs now officially hosts GOADV3 developed by Orange Cyber Defense.

Read more news
Store
Free Trial

Start a free trial

Experience our enterprise solutions with a 14-day free trial.

Get started
Book Demo

Book a demo

Let us show you how Parrot CTFs can help your organization.

Book now
Products
Teams

Products we offer

View all products for teams
Schools

Products we offer

View all products for schools
Business

Products we offer

View all products for business

NIS2 Compliance

NIS2 Compliance

Parrot CTFs helps companies across Europe meet and maintain NIS2 compliance through trusted, transparent, and repeatable penetration testing. Get detailed audit-ready reports, real-world risk insights, and full lifecycle support.

Our NIS2 compliance solution includes:

  • Comprehensive penetration testing
  • Detailed audit-ready reports
  • Real-world risk insights
  • Full lifecycle support
Read more
Individuals

Products we offer

View all products for individuals
Resources

Hacking Glossary

A comprehensive glossary of hacking terms and concepts.

Explore hacking terms

Hacking Cheat Sheets

A collection of cheat sheets for various hacking techniques and tools.

Hang out

Help Center

FAQs, and troubleshooting tips.

Visit Help Center

Introduction to Parrot CTFs

A guide to getting started with Parrot CTFs.

Read Guide
Community
Current Events Affiliate Program Athena OS Discord Community
Get Help
Help Center Contact Support
From the Blog
report

New release: The latest on CVE-2025-29927 – NextJS Vulnerability

21 Mar 2025, CVE-2025-29927 was made public by Next,js maintainers and this vulnerability can lead to Authentication bypass. This vulnerability is discovered by Rachid and Yasser Allam and possible to bypass authentication if they occur in middleware

View vulnerability report
Company
Company
About us Careers Cyber Blog Cert Validation Legal
Contact us
Press Releases Partners Enterprise Sales Billing Support Lab Support
Connect
LinkedIn Discord YouTube Instagram Twitter
Why Parrot CTFs?

Join our mission to create a safer cyber world by making cybersecurity training fun and accessible to everyone.

Get started with Parrot CTFs
Featured News

Level Up Your Active Directory Hacking: Parrot CTFs Now Hosts GOAD by Orange Cyberdefense

We’re proud to announce that Parrot CTFs now officially hosts GOADV3 developed by Orange Cyber Defense.

Read more news
Store

PCTFs Ethical Hacking Labs

Gain access to 50+ virtual machines and experience hands-on cybersecurity training. Challenge your offensive security and penetration testing skills. Join now! At Parrot CTFs, our ethical hacking labs deliver realistic, hands-on Capture the Flag (CTF) challenges designed for all skill levels. Whether you're a beginner or an experienced hacker, you'll find diverse attack paths, multi-OS environments, and adjustable difficulty levels to enhance your cybersecurity skills. Explore our interactive hacking challenges and take your penetration testing expertise to the next level.

Search Labs
Search by Difficulty
Search by OS
Created: 57 days ago
TimeKeeper
Hard File Upload
Lab Image
Lab Rating: ★★★★★
TimeKeeper is a compact Linux CTF machine modeled as a time-tracking web service.
Players will need to investigate the application and host to progress through layered challenges that exercise web application analysis and local privilege escalation.

Created by archtrmntor

Created: 57 days ago
Echo Chamber
Medium Command Injection
Lab Image
Lab Rating: ★★★★★
EchoChamber is a lightweight web-driven challenge where commands echo louder than expected. Careful observation and creative thinking will help you uncover the hidden layers of control, but not everything is as it first appears.

Created by archtrmntor

Created: 95 days ago
NoteVault
Easy File Upload
Lab Image
Lab Rating: ★★★★★
NoteVault is a Linux CTF machine where persistence meets curiosity. A seemingly simple note-keeping service hides unexpected behaviors, and careful exploration of the system may reveal unconventional ways to turn small wins into full control.

Created by archtrmntor

Created: 110 days ago
Archive Hunter
Easy Security Misconfiguration
Lab Image
Lab Rating: ★★★★★
ArchiveHunter is a high-energy sandbox where zip files become grappling hooks. Upload, slip, shell, and rewrite history, then drop the mic with root access.

Created by archtrmntor

Created: 132 days ago
Logger
Easy Code Execution
Lab Image
Lab Rating: ★★★★★
Logger is a medium-difficulty Linux CTF challenge that revolves around a misconfigured internal log management system. Participants begin by authenticating to a web interface, where they must identify and exploit a Remote Code Execution (RCE) vulnerability.

Created by osmsec

Created: 150 days ago
Ivanti
Easy Security Misconfiguration
Lab Image
Lab Rating: ★★★★★
A routine system in a secure environment hides more than it reveals.Can you navigate through layers of misconfiguration and uncover the quietly exposed doors? Every request counts especially the ones you’re not meant to make.

Created by archtrmntor

Created: 153 days ago
PwnDoc
Easy CVE
Lab Image
Lab Rating: ★★★★★
PwnDoc is an easy-level Linux machine that focuses on web exploitation techniques and Docker-based privilege escalation.

Created by osmsec

Created: 154 days ago
Erebus
Hard Log Poisoning
Lab Image
Lab Rating: ★★★★★
Step into the shadows of a forgotten helpdesk where routine maintenance hides
deeper secrets. What begins as a simple misconfiguration unravels into something far more deceptive. Are you paying close enough attention?

Created by archtrmntor

Created: 165 days ago
Sense
Easy Security Misconfiguration
Lab Image
Lab Rating: ★★★★★
A system built to serve… yet something whispers beneath its surface. Can you hear what others ignore ?

Created by archtrmntor

Created: 174 days ago
Target
Medium Security Misconfiguration
Lab Image
Lab Rating: ★★★★★
An ordinary service hides behind a quiet web shell, but deeper inspection reveals a misstep in trust. What seems like a harmless utility turns out to be a direct line to ultimate power. Can you spot the subtle crack in the system's armor?

Created by archtrmntor

Created: 174 days ago
Staging
Medium Security Misconfiguration
Lab Image
Lab Rating: ★★★★★
Staging is a medium-difficulty Linux CTF where you brute-force hidden vhosts, spin up a remote database to configure an uninitialized WordPress, then exploit misconfigurations for initial access. From there, you reuse credentials and abuse sudo misconfigs to gain root. It mimics real-world staging pitfalls in poorly managed environments.

Created by osmsec

Created: 182 days ago
Graph
Medium CVE
Lab Image
Lab Rating: ★★★★★
Harness the hidden Thread Weaving Protocol in Graph’s Gremlin engine: hijack traversal streams, override Java scheduler tokens, and slip past concurrency guards. Only those who master dynamic graph flows will unearth the buried flags.

Created by archtrmntor

Created: 182 days ago
Issabella
Easy CVE
Lab Image
Lab Rating: ★★★★★
Infiltrate Issabella’s fortress: bypass deceptive interfaces, crack hidden protocols, and outsmart adaptive defenses at every turn. Will you seize the hidden prize before the system strikes back?

Created by osmsec

Created: 182 days ago
Bluerock
Medium Artificial Intelligence
Lab Image
Lab Rating: ★★★★★
Unlock the power of BlueRock’s Model Context Protocol: manipulate streaming transaction insights, override dynamic risk thresholds, and slip past adaptive fraud defenses. Each challenge reshapes the analytics pipeline in real time only the sharpest operators will bend the MCP to their will and emerge unflagged.

Created by Kaizen226

Created: 193 days ago
Rejetto
Easy Server Side Template Injection
Lab Image
Lab Rating: ★★★★★
A classic file-sharing service hums along, offering simple access to a few public resources. It looks stable, even nostalgic, perhaps a relic from another era. But age often brings
oversight. Explore its behavior, peek into its features, and you might just find something that
wasn’t meant to be shared

Created by archtrmntor

Created: 204 days ago
Chad
Easy CVE
Lab Image
Lab Rating: ★★★★★
A seemingly simple web monitoring tool has been deployed on the server.
Something feels off—dig deeper, explore its features, and see where curiosity takes you.

Created by archtrmntor

Created: 204 days ago
Zorlang
Medium CVE
Lab Image
Lab Rating: ★★★★★
Zorlang is a Linux-based CTF machine designed to challenge a player’s skills in exploiting modern vulnerabilities and navigating post-exploitation scenarios. Players must gain an initial foothold by targeting an exposed service and then proceed to enumerate internal services to pivot deeper into the network. Success requires effective use of SSH tunneling techniques and a final privilege escalation through a misconfigured or vulnerable internal component, ultimately leading to full system compromise.

Created by osmsec

Created: 214 days ago
Doom
Medium CVE
Lab Image
Lab Rating: ★★★★★
An internal CI server was hastily exposed with default configurations.

Created by archtrmntor

Created: 219 days ago
Veriface
Medium Artificial Intelligence
Lab Image
Lab Rating: ⯨☆☆☆☆
AI-powered facial recognition, where your face might just be the key! Train, spoof, and outsmart the system in this bizarre biometric circus of challenge and deception. Can you beat the machine at its own game?

Created by Kaizen226

Created: 225 days ago
Middleman
Medium CVE
Lab Image
Lab Rating: ★★★★★
This lab demonstrates middleware authentication bypass vulnerability in Next.js,
allowing unauthorized access to protected routes.

Created by archtrmntor

Created: 321 days ago
File Ception
Easy Local File Inclusion
Lab Image
Lab Rating: ★★★★★
Welcome to the ultimate cybersecurity carnival, where Local File Inclusion meets Remote Code Execution! This quirky machine invites you to don your hacker hat and take a roller coaster ride through the twisted paths of misconfigured web applications.

Created by malwarekid

Created: 321 days ago
Commander
Easy Command Injection
Lab Image
Lab Rating: ★★★★★
Step into the role of a daring investigator, tasked with uncovering a web
vulnerability on the "Commander" machine. Each step takes you closer to the treasure — root access. Will you solve the puzzle?

Created by archtrmntor

Created: 368 days ago
Forward
Easy Sql Injection
Lab Image
Lab Rating: ★★★★★
In the land of intranets and login screens there are often bypasses that go unnoticed, can you break through the security, bypass the login page, and gain access to the underlying operating system?

Created by malwarekid

Created: 382 days ago
Operation Securenet
Medium Command Injection
Lab Image
Lab Rating: ★★★★★
Infiltrate the heart of SecureNet, a tech startup where shadows hide secrets and
every service is a potential trap. Your mission: unravel the mysteries concealed within layers of
encryption, misdirection, and subtle clues. Trust your instincts, question everything, and stay
sharp—only the cleverest will uncover the truth behind the breach. Can you piece together the
puzzle before time runs out?

Created by archtrmntor

Created: 393 days ago
Shuttle Booking
Medium Cross Site Scripting
Lab Image
Lab Rating: ★★★★★
Welcome to the Shuttle Booking system, where only the bravest hackers thrive. Before you is a seemingly simple website, but every input field hides potential danger. Your mission? Unleash the full power of XSS before anyone else does! Can you manipulate the browser's inner workings, hijack sessions like a pro, and seize total control?

Created by parrotassassin15

Created: 414 days ago
One Click
Easy Authentication Bypass
Lab Image
Lab Rating: ★★★★★
An end user has installed some software that was not approved on the ITs list. This resulted in a vulnerability being exposed, can you exploit this windows machine?

Created by parrotassassin15

Created: 427 days ago
Splinter
Easy Server Side Template Injection
Lab Image
Lab Rating: ★★★★★
Unemployable INC, a shady corporation, needs your penetration testing skills. Suspecting server-side template injection vulnerabilities, they've hired you to infiltrate their systems. Like Splinter, exploit weaknesses and demonstrate the impact. Uncover hidden vulnerabilities, prove your worth, and expose the true extent of their security flaws. The fate of Unemployable INC rests in your hands.

Created by parrotassassin15

Created: 436 days ago
QuickScan
Easy Server Side Request Forgery
Lab Image
Lab Rating: ★★★★★
Your task is to upload a file that triggers an unexpected behavior on the server. Explore different file types, bypass restrictions, and see if you can gain unauthorized access or leak sensitive information. Be creative and think like an attacker!

Created by smog

Created: 442 days ago
Filter
Easy Local File Inclusion
Lab Image
Lab Rating: ★★★★☆
Your mission is to bypass restrictive filters and exploit Local File Inclusion (LFI) vulnerabilities. But that's not all—use your skills to escalate into Command Injection. Can you manipulate the input and take full control?

Created by smog

Created: 450 days ago
Mdbraid
Easy Insecure Network Services
Lab Image
Lab Rating: ★★★★★
Dive into mdbraid where you'll uncover hidden programs, manipulate access files, and crack SMB configurations. Challenge your skills as you navigate through secret pathways, decrypting clues, and exploiting vulnerabilities to conquer the system!

Created by parrotassassin15

Created: 454 days ago
Middle Ground
Medium MitM Attacks
Lab Image
Lab Rating: ★★★★★
Step into a digital battlefield where the stakes are high and the secrets are buried deep. Your mission? Exploit an exposed FTP server, sniff out what's hidden on port 80, and decode the mysteries of the network. Every corner holds a clue, every service a potential breakthrough.

Created by parrotassassin15

Created: 459 days ago
Wallstreet Hijack
Hard Replay Attacks
Lab Image
Lab Rating: ★★★★★
The gRPC stock trading service lacks robust protections against replay attacks. Exploit the weak security mechanisms to replay valid trade requests and manipulate stock values. Can you gain unauthorized profits by intercepting and replaying gRPC messages?

Created by Kaizen226

Created: 466 days ago
Share Me
Easy Broken Authentication
Lab Image
Lab Rating: ★★★☆☆
Leaked credentials have surfaced, giving you potential access to an S3 bucket. But broken authentication mechanisms stand in your way. Use the creds, bypass the flaws, and see what secrets you can uncover. Can you find the flag hidden deep within?

Created by parrotassassin15

Created: 466 days ago
Hijack
Easy Broken Authentication
Lab Image
Lab Rating: ★★★★★
The MySQL database on the machine 'Hijack' seems ripe for exploitation. Weak authentication and a lack of proper security controls give you a potential opening. Use your brute-forcing skills to break into the MySQL database, bypass the broken authentication mechanisms, and see what secrets lie within.

Created by smog

Created: 471 days ago
Defcon 32
Medium XXE
Lab Image
Lab Rating: ★★★★★
Attack a Parrot CTFs Defcon Village website, escalate your privileges within the application, compromise the server, and gain root access.

Created by Kaizen226

Created: 475 days ago
Cloud Admin
Medium Cloud Misconfigurations
Lab Image
Lab Rating: ★★★★★
Dive into the world of cloud security with Cloud Admin. Face various challenges in cloud and server environments designed to test your ability to uncover vulnerabilities and exploit weaknesses. Do you have what it takes to compromise the infrastructure and reveal its secrets?

Created by parrotassassin15

Created: 478 days ago
Wiki
Medium RCE
Lab Image
Lab Rating: ★★★★★
Step into Sofia's Wiki, a Linux hosted wiki filled with intricate details and hidden treasures. uncover secrets buried within the pages, exploit upload functions, find hidden files and explore the Linux environment.

Created by parrotassassin15

Created: 482 days ago
Simple
Easy Insecure Network Services
Lab Image
Lab Rating: ★★★★★
Step into this Windows 10 labyrinth with RDP and a few surprise services open. Navigate the quirky challenges, uncover hidden secrets, and see if you can outsmart the simplicity to capture the flag!

Created by smog

Created: 487 days ago
Code Engine
Easy Insecure Docker Config
Lab Image
Lab Rating: ★★★★★
Unleash the power of Node.js in Code Engine! Dive into a hands-on lab where participants will explore a Node.js web app running in a Docker container. They will face exciting challenges that require them to interact with the application through the browser, execute code, and navigate the intricacies of containerized environments.

Created by Kaizen226

Created: 490 days ago
Backdrop
Easy RCE
Lab Image
Lab Rating: ★★★★★
Dive into the Backdrop CMS challenge! Unravel hidden secrets, tackle engaging tasks, and master the quirks of this unique CMS. Ready to crack the code?

Created by smog

Created: 494 days ago
Cyber Heist
Medium Replay Attacks
Lab Image
Lab Rating: ★★★★★
Unravel GRPC secrets in Cyber Heist! Face fun and engaging tasks designed to test your skills in navigating complex GRPC environments. Participants will tackle challenges involving remote procedure calls, service definitions, and exploiting GRPC vulnerabilities to conquer the GRPC security landscape.

Created by Kaizen226

Created: 496 days ago
Kurby DC
Easy Active Directory
Lab Image
Lab Rating: ★★★★★
Unravel Active Directory secrets in Kurby DC! Face fun and engaging tasks designed to test their skills in navigating complex AD environments. Participants will tackle challenges involving user authentication, group policies, and domain controllers to conquer the AD security landscape.

Created by parrotassassin15

Created: 501 days ago
Habitual
Easy Sql Injection
Lab Image
Lab Rating: ★★★★★
More vulnerable than your diet on cheat day! This easy lab machine invites you to dive into the world of common CVEs and SQLi exploits.

Created by smog

Created: 504 days ago
Chatter
Medium Insecure Sockets
Lab Image
Lab Rating: ★★★★★
Play around with websockets, intercept messages, enumerate API endpoints and more with this awesome vulnerable chat API. Do you have what it takes to hack this API?

Created by Kaizen226

Created: 508 days ago
Poultry
Medium RCE
Lab Image
Lab Rating: ★★★★★
Test your enumeration skills and hack this server that seems to be under development by a poultry farm? I wonder what they are going to sell.

Created by smog

Created: 513 days ago
Merch Metrics
Hard IDOR
Lab Image
Lab Rating: ★★★★★
Dive deeper into the void of APIs, check metrics and find hidden flaws, can you hack this vulnerable API?

Created by Kaizen226

Created: 517 days ago
Staff Connect
Hard SQL Injection
Lab Image
Lab Rating: ★★★★★
Dive into the zany world of a staffing agency's API, where your mission is to exploit IDOR vulnerabilities and uncover SQLi flaws while dodging our cheeky digital recruiter’s pranks.

Created by Kaizen226

Created: 524 days ago
SystemSpoils
Medium Security Misconfiguration
Lab Image
Lab Rating: ★★★★★
Welcome to SystemSpoils, where you outsmart a tricky IIS server and a sneaky SMB share. Dive in, hack away, and uncover digital treasures!

Created by parrotassassin15

Created: 526 days ago
ArshaSpector
Easy Security Misconfiguration
Lab Image
Lab Rating: ★★★★⯨
Arsha is a website development firm, they however are not too great at backend work yet. Can you find the misconfiguarations that lead to full server compromise?

Created by parrotassassin15

Created: 526 days ago
Marketer
Medium RCE
Lab Image
Lab Rating: ★★★★★
Ever come across a marketing provider like mailgun? This is that without the APIs can you attack this machine using your file upload and cryptography skills?

Created by parrotassassin15

Created: 533 days ago
NonSense
Easy Security Misconfiguration
Lab Image
Lab Rating: ★★★★★
Welcome to Nonsense, a CTF where your mission is to outwit a pfSense router box that thinks it's impenetrable. Can you find the hidden flag in this labyrinth of digital defenses, or will you be caught in a web of nonsense?

Created by parrotassassin15

Created: 760 days ago
Tiki 2
Hard Insecure Deseralization
Lab Image
Lab Rating: ★★★★★
Embark on a thrilling CTF journey in the virtual Tiki world! Unravel the 'Insecure Deserialization' enigma, showcase your prowess, and emerge victorious in this cyber quest. Triumph awaits!

Created by silky

Created: 770 days ago
RootQL
Easy Weak Authentication
Lab Image
Lab Rating: ★★★★★
Welcome to GraQLand, the magical realm of GraphQL APIs. A mischievous fairy has hidden the flag amidst its API tree. Traverse the mystical endpoints, decipher riddles, and unearth the hidden flag. But beware of the GraphQL challenges. Do you have the charm to outwit the fairy and capture the flag?

Created by smog

Created: 777 days ago
Header
Medium Multiple Injections
Lab Image
Lab Rating: ★★★★★
Headers: the unsung heroes of the digital realm. Dive deep into the fascinating world of headers, where every line tells a tale, and every request holds a secret. From guiding data's dance to whispering web wishes, headers are the cool conductors of the cyber symphony. Join the header hullabaloo and discover the magic behind the scenes!

Created by parrotassassin15

Created: 800 days ago
Ticket
Easy SQL Injection
Lab Image
Lab Rating: ★★★★★
Ticketing Systems are very common in day-to-day operations with IT. However, the infrastructure for these systems is often left un-secured because they are used internally and often made from scratch. Find the flaw in this application.

Created by parrotassassin15

Created: 801 days ago
Vape Shop
Medium SQL Injection
Lab Image
Lab Rating: ★★★★★
This shop has given you a UAT environment to start testing its application can you find the flaws in this app?

Created by parrotassassin15

Created: 856 days ago
Happi
Easy IDOR
Lab Image
Lab Rating: ★★★★☆
This API was made with developers who thought they were funny. Little did they know this tom foolery is what makes this API vulnerable.

Created by parrotassassin15

Created: 884 days ago
Devguru
Medium Security Misconfiguration
Lab Image
Lab Rating: ★★★★★
He's taught you his ways, can you show him how much you've learned and hack into this website?

Created by y2ksecurity

Created: 892 days ago
Mr Robot V2
Medium Multiple Injections
Lab Image
Lab Rating: ★★★★☆
FSociety has assigned you a task: Hack Ecorp and Their Employees. Can you do it?

Created by parrotassassin15

Created: 892 days ago
Society
Easy Buffer Overflow
Lab Image
Lab Rating: ★★★★★
Welcome society, a virtual world where the only currency is words, and the conversations never stop. Our servers are like a bustling cafe where people come to chat, share stories, and connect with others from all over the world.

Created by parrotassassin15

Created: 955 days ago
Elemental Express
Medium Security Misconfiguration
Lab Image
Lab Rating: ★★★★★
Content Managment Systems are powerful, but they are also often time out of data and vulnerable. Can you prove that this is the case?

Created by parrotassassin15

Created: 961 days ago
Blogger
Medium XXE
Lab Image
Lab Rating: ★★★★★
A company has hired you to perform a penetration test against this blog. Can you bring back good results?

Created by cypress

Created: 1100 days ago
Pet Shop
Easy Legacy Systems
Lab Image
Lab Rating: ★★★★★
This old school pet shop owner has an old website. It's not even set up yet! Can you find your way into this poor man's website and show him where the flaws are?

Created by parrotassassin15

Created: 1129 days ago
Jigsaw 2
Medium Insecure Network Services
Lab Image
Lab Rating: ★★★★★
Can you crack the puzzle and find your way inside this more confusing and more puzzling machine? We dare you to give it a shot!

Created by y2ksecurity

Created: 1129 days ago
Harvest
Easy Insecure Authentication
Lab Image
Lab Rating: ★★★★★
They've harvested all the vegetables they need, but can you harvest the flags?

Created by smog

Created: 1129 days ago
Itty Bitty
Medium RCE
Lab Image
Lab Rating: ★★★★★
This Bit Bucket instance has not been updated in a long time. The big data firm that uses this server must not care about CVEs. Show off your exploitation skills!

Created by parrotassassin15

Created: 1129 days ago
Photography
Easy Insecure Deserialization
Lab Image
Lab Rating: ★★★★★
Photos are fun but so is hacking into this website. Can you find the vulnerability?

Created by smog

Created: 1129 days ago
Air Port
Hard Weak Authentication
Lab Image
Lab Rating: ★★★★★
This airports information server is due for a penetration test can you find everything wrong with this server?

Created by parrotassassin15

Created: 1136 days ago
Dentist Office
Easy Weak Authentication
Lab Image
Lab Rating: ★★★★★
Sharpen up your skills like under this under the bridge dentist sharpens teeth show us can you hack this website?

Created by parrotassassin15

Created: 1137 days ago
Git Hit
Hard Information Disclosure
Lab Image
Lab Rating: ★★★★★
Gitlab is a great way to host code but hosting a self-managed instance can be dangerous can you show the owner of this server why this is the case?

Created by parrotassassin15

Created: 1137 days ago
Jigsaw
Hard Insecure Network Services
Lab Image
Lab Rating: ★★★★★
Can you crack the puzzle and find your way inside this confusing and puzzling machine? We dare you to give it a shot!

Created by y2ksecurity

Created: 1347 days ago
Abby's Lab - NCIS
Hard IDOR
Lab Image
Lab Rating: ★★★★★
No way! I'm getting hacked! Break through Abby's IPS in order to breach her system.

Created by cypress

Created: 1353 days ago
Texas Ranger
Easy Cryptography
Lab Image
Lab Rating: ★★★★★
Yee haw! Can you show the Texas Rangers who is boss?

Created by cypress

Created: 1493 days ago
Aero Space
Medium SQL Injection
Lab Image
Lab Rating: ★★★★★
Can you find the vulnerabilities in this CMS? If so, be sure to report them to their GitHub : ).

Created by parrotassassin15

Created: 1500 days ago
Convergence
Easy CVE
Lab Image
Lab Rating: ★★★★★
This Information Security Influencer Has a Documentation Server. Clearly, they did not stay up to date with the cyber security news.

Created by parrotassassin15

Ready to start hacking?

Join Parrot CTFs and access our hands-on hacking labs today!

Get Started