🛡 Cybersecurity Training Platform

Hack. Learn. Level Up.

26 intentionally vulnerable web apps for real-world penetration testing practice. From SQL injection to Active Directory attacks.

Browse All Labs View Courses
⚠ Authorized Use Only - These are intentionally vulnerable apps for educational purposes only. Do not enter real personal data. Unauthorized use outside this environment is illegal.
26+
Vulnerable Apps
80+
Attack Techniques
4
Difficulty Levels
100%
Free to Use

Practice Labs

Click any lab to open it. Each one is live and ready to attack.

All Labs Web Network Active Directory Crypto Blue Team
🏦
MEDIUM
PracivoBank
bank.pracivolabs.com
Fake online banking portal with injection and access control flaws.
SQL InjectionIDORCSRF
🛒
EASY
PracivoShop
shop.pracivolabs.com
E-commerce site with XSS, unrestricted file upload, and path traversal.
Stored XSSReflected XSSFile UploadPath Traversal
🔐
EASY
PracivoCorp Portal
portal.pracivolabs.com
Corporate SSO with no rate limiting, no lockout, predictable tokens.
Brute ForceBroken AuthWeak Tokens
MEDIUM
Pracivo SysOps
admin-panel.pracivolabs.com
IT admin console with OS command injection in the diagnostics tool.
Command InjectionRCEBroken Access Control
📷
MEDIUM
PracivoSocial
social.pracivolabs.com
Social media with weak JWT secret, alg:none bypass, and mass assignment.
JWT AttackMass AssignmentGraphQL
🔫
MEDIUM
PracivoAPI
api.pracivolabs.com
REST API with SSTI, HTTP parameter pollution, and verbose error disclosure.
SSTIHTTP Param PollutionVerbose Errors
💳
EASY
PracivoCart
ecommerce.pracivolabs.com
DOM XSSClickjackingPrice Manipulation
📧
EASY
PracivoMail
email-portal.pracivolabs.com
Open RedirectHeader Injection
📁
MEDIUM
PracivoFiles
fileserver.pracivolabs.com
LFIInsecure Deserialization
🏢
HARD
PracivoCorp
company.pracivolabs.com
SSRFXXECORS
📱
MEDIUM
Pracivo Mobile API
mobile-api.pracivolabs.com
IDORNo Rate LimitingAPI Abuse
HARD
PracivoCloud
cloud-dashboard.pracivolabs.com
Exposed AWS KeysIMDS AbuseS3 Misconfiguration
🌐
MEDIUM
Pracivo NetScan
network.pracivolabs.com
Nmap ScanningFTP AnonymousSMB Enum
🏛
HARD
Pracivo AD Portal
ad-portal.pracivolabs.com
LDAP InjectionPass the HashKerberoasting
🏰
EXPERT
Pracivo Advanced AD
advanced-ad.pracivolabs.com
AS-REP RoastingDCSyncGolden TicketBloodHound
🎣
EASY
Pracivo Phishing Lab
phishing.pracivolabs.com
Credential HarvestingFake Login PagesSocial Engineering
🦈
EASY
Pracivo Wireshark Lab
wireshark-lab.pracivolabs.com
Packet AnalysisCleartext CredsPCAP Files
🔍
EASY
Pracivo OSINT Lab
osint-lab.pracivolabs.com
OSINTGoogle DorkingMetadata
🦠
HARD
Pracivo Malware Lab
malware-lab.pracivolabs.com
Static AnalysisYARA RulesRansomware / RAT
🐧
MEDIUM
Pracivo Linux PrivEsc
linux-privesc.pracivolabs.com
SUID AbuseSudo MisconfigCron AbusePATH Hijacking
🪟
HARD
Pracivo Windows PrivEsc
windows-privesc.pracivolabs.com
Unquoted Service PathToken ImpersonationDLL Hijacking
🔑
MEDIUM
Pracivo Password Lab
password-lab.pracivolabs.com
HashcatJohn the RipperCredential Dumping
🐳
EXPERT
Pracivo Container Lab
container-lab.pracivolabs.com
Docker EscapeK8s RBAC MisconfigCI/CD Secrets
🔐
HARD
Pracivo Crypto Lab
crypto-lab.pracivolabs.com
ECB ModePadding OracleWeak CiphersJWT Cracking
🛡
MEDIUM
Pracivo Blue Team Lab
blue-team.pracivolabs.com
Log AnalysisSIEM QueriesIDS RulesThreat Hunting
💀
EXPERT
Pracivo Post-Exploitation
post-exploitation.pracivolabs.com
PersistencePivotingLOLBinsC2 Frameworks
1

Pick a Lab

Choose from 26 vulnerable apps covering web, network, AD, cryptography, and more.

2

Attack It

Use real tools - Burp Suite, sqlmap, Metasploit, Hashcat - against real vulnerabilities.

3

Learn on Pracivo

Each lab links to lessons on pracivo.com. Generate a course and the matching lab appears automatically.