Welcome to PentestMe

Learn security testing through hands-on challenges

0 / 11 Completed

What is PentestMe?

PentestMe is an interactive learning platform designed to teach you real-world security testing techniques in a safe, legal environment. Each level presents a vulnerable web application that you need to exploit to advance to the next challenge.

How it works:
Read the Challenge
Each level has a description and hints to guide you.
Find the Vulnerability
Use your skills to identify and exploit the weakness.
Capture the Flag
Extract the hidden flag to prove your success.
Start Learning
Your Progress
Overall Progress 0%
Categories
SQL Injection 0/2
Cross-Site Scripting 0/2
Command Injection 0/1
Directory Traversal 0/1
File Upload 0/1
Access Control 0/1
Authentication 0/1
Deserialization 0/1
Recon 0/1
Session created: New session

Challenge Categories

SQL Injection
Database Attacks

Learn how attackers manipulate SQL queries to bypass authentication, extract sensitive data, and even gain complete control of databases.

Cross-Site Scripting
XSS Attacks

Discover how malicious scripts can be injected into web pages to steal cookies, hijack sessions, and deface websites.

Command Injection
RCE Attacks

Understand how improperly sanitized user input can lead to arbitrary command execution on the server.