Root-Me

- [App - Script](#App---Script)

- [App - Système](#App---Systeme)

- [Cracking](#Cracking)

- [Cryptanalyse](#Cryptanalyse)

- [Forensic](#Forensic)

- [Programmation](#Programmation)

- [Réaliste](#Realiste)

- [Réseau](#network)

- [Stéganographie](#Steganographie)

- [Web - Client](#Web---Client)

- [Web - Serveur](#Web---Serveur)

App - Script

App - Systeme

Cracking

Cryptanalyse

Forensic

Programmation

Realiste

Network

- [X] FTP - Authentification - [X] TELNET - authentification - [X] ETHERNET - trame - [X] Kerberos - Authentification - [X] NTLM - Authentification - [X] Authentification - [X] Bluetooth - [X] CISCO - mot de passe - [X] DNS - transfert de zone - [X] IP - Time To Live - [X] LDAP - null bind - [X] OSPF - Authentification - [X] POP - APOP - [X] RF - AM Transmission - [X] Extraction de données - [X] RF - Key Fixed Code - [X] SIP - Authentification - [X] ETHERNET - Transmission - [X] Trafic Global System for Mobile communications - [X] HTTP - DNS Rebinding - [X] SSL - échange HTTP - [X] Netfilter - erreurs courantes - [X] SNMP - Authentification - [X] Wired Equivalent Privacy - [X] Charge ICMP - [X] ARP Spoofing - Écoute active - [X] XMPP - Authentification - [X] WPA2 - Enterprise - [ ] RF - FM Transmission - [ ] RF - Transmission satellite - [ ] ARP Spoofing - L’homme du milieu - [ ] RF - Bande L - [ ] WPA3 - SAE

Steganographie

Web - Client

- [X] Javascript - Authentification
- [X] HTML - boutons désactivés
- [X] Javascript - Source
- [X] Javascript - Authentification 2
- [X] Javascript - Obfuscation 1
- [X] Javascript - Obfuscation 2
- [X] Javascript - Native code
- [X] Javascript - Obfuscation 3
- [X] XSS - Stockée 1
- [X] Javascript - Webpack
- [X] CSRF - 0 protection
- [ ] XSS - Stockée 2
- [X] CSRF - contournement de jeton
- [ ] Javascript - Obfuscation 4
- [ ] Flash - Authentification
- [ ] XSS - Volatile
- [ ] XSS DOM Based - Introduction
- [ ] CSP Bypass - Inline code
- [ ] XSS DOM Based - Eval
- [ ] XSS DOM Based - AngularJS
- [ ] HTTP Response Splitting
- [ ] CSP Bypass - Dangling markup
- [ ] AST - Deobfuscation
- [ ] XSS - Stored - contournement de filtres
- [ ] XSS DOM Based - Filters Bypass
- [ ] CSP Bypass - Dangling markup 2
- [ ] CSP Bypass - JSONP
- [X] CSP Bypass - Nonce
- [ ] Web Socket - 0 protection
- [ ] XSS - DOM Based
- [ ] Javascript - Obfuscation
- [ ] CSS - Exfiltration
- [ ] CSP Bypass - Nonce 2
- [ ] DOM Clobbering
- [ ] Self XSS - DOM Secrets
- [ ] XS Leaks
- [ ] Relative Path Overwrite
- [ ] Javascript - Obfuscation
- [ ] Self XSS - Race Condition
- [ ] Browser - bfcache / disk cache
- [ ] Same Origin Method Execution
- [ ] CSPT - The Ruler

Web - Serveur

- [X] HTML - Code source
- [X] Mot de passe faible
- [X] HTTP - User-agent
- [X] HTTP - Directory indexing
- [X] HTTP - Open redirect
- [X] PHP - Injection de commande
- [X] HTTP - Headers
- [X] Fichier de sauvegarde
- [X] HTTP - POST
- [X] HTTP - Verb tampering
- [X] SQL injection - Authentification
- [X] HTTP - Cookies
- [X] Install files
- [X] HTTP - Redirection
- [X] Directory traversal
- [X] File upload - Double extensions
- [X] CRLF
- [X] HTTP - Contournement de filtrage IP
- [X] File upload - Type MIME
- [X] Local File Inclusion
- [X] File upload - Null byte
- [X] SQL injection - String
- [X] PHP - Filters
- [X] JWT - Introduction
- [X] PHP - Register globals
- [X] PHP - assert()
- [X] SQL injection - Numérique
- [X] Insecure Code Management
- [X] Local File Inclusion - Double encoding
- [X] JWT - Secret faible
- [X] Remote File Inclusion
- [X] Java - Server-side Template Injection
- [X] LDAP injection - Authentification
- [X] SQL injection - Authentification - GBK
- [X] File upload - ZIP
- [X] PHP - preg_replace()
- [X] PHP - Type juggling
- [X] SQL injection - Error
- [X] SQL injection - En aveugle
- [X] NoSQL injection - Authentification
- [X] Injection de commande - Contournement de filtre
- [X] PHP - Loose Comparison
- [X] SQL Truncation
- [X] PHP - Sérialisation
- [X] XPath injection - Authentification
- [X] JWT - Jeton révoqué
- [ ] SQL injection - Lecture de fichiers
- [X] SQL injection - Time based
- [X] XML External Entity
- [X] PHP - Path Truncation
- [X] SQL Injection - Routed
- [X] Python - Server-side Template Injection Introduction
- [X] API - Broken Access
- [X] XPath injection - String
- [X] JWT - Clé publique
- [X] GraphQL - Introspection
- [X] XSLT - Exécution de code
- [X] Local File Inclusion - Wrappers
- [X] PHP - Eval
- [X] LDAP injection - En aveugle
- [X] SQL injection - Insert
- [X] NoSQL injection - En aveugle
- [X] Node - Eval
- [ ] SQL injection - Contournement de filtres
- [X] API - Mass Assignment
- [X] XSS - Server Side
- [X] Flask - Unsecure session
- [X] PHP - Configuration Apache
- [X] XPath injection - En aveugle
- [ ] Java - Spring Boot
- [X] JWT - Unsecure File Signature
- [X] Nginx - Alias Misconfiguration
- [ ] Server Side Request Forgery
- [X] GraphQL - Mutation
- [X] PHP - Remote Xdebug
- [X] Yaml - Deserialization
- [ ] Node - Serialize
- [X] JWT - Header Injection
- [X] Flask - Development server
- [ ] GraphQL - Injection
- [X] JWT - Unsecure Key Handling
- [ ] PHP - Unserialize overflow
- [ ] NodeJS - vm escape
- [ ] PHP - Unserialize Pop Chain
- [ ] Python - SSTI contournement de filtres en aveugle
- [ ] PHP - Eval - Contournement de filtres avancés
- [ ] NodeJS - Prototype Pollution Bypass
- [ ] API - Broken Access 2
- [ ] File upload - Polyglot
- [ ] GraphQL - Backend injection
- [ ] Elixir - EEx
- [ ] SQL Injection - Second Order
- [X] Nginx - Root Location Misconfiguration
- [ ] Java - Custom gadget deserialisation
- [X] Nginx - SSRF Misconfiguration
- [ ] Python dotenv