Objective
Extract all user records from a MongoDB backend via API.
API endpoint
POST https://api.hackviser.com/v1/user/login → returns JWT.
GET https://api.hackviser.com/v1/user/profile?id=123 (requires JWT).
Attack
Tool
nosqlmap or custom Python script.
Deliverable
Burp Suite intruder results, fix: input validation + object ID sanitization. hackviser scenarios
Objective
Gain initial access to a corporate web server and retrieve a flag from /root/flag.txt.
Environment
Steps to simulate
Deliverable
Screenshot of flag, log of commands, remediation: patch Struts, restrict sudo. Objective Extract all user records from a MongoDB
Hackviser scenarios are hypothetical cyber-attack and defense cases designed to evaluate detection, response, and resilience across people, processes, and technology. This report summarizes likely scenario types, impacts, detection indicators, recommended controls, and testing priorities for a mid-sized enterprise.
Objective
Compromise an AWS environment starting from a public S3 bucket.
Environment
Steps
Deliverable
CloudTrail logs of actions, remediation: private S3, rotate keys, least privilege.
This is where Hackviser tries to differentiate itself.
Hackviser generally follows the freemium model common in the industry.
The platform is modern, clean, and responsive. Tool nosqlmap or custom Python script
To understand the value of Hackviser Scenarios, we must look at the flaws of traditional methods: