Blog Post

Community Blog
2 MIN READ

The Human Connection Challenge: Season 1 Episode 6 Is Now Live!

TillyCorless's avatar
TillyCorless
Icon for Community Manager rankCommunity Manager
25 days ago

Things are heating up in The Human Connection Challenge! Can you test your skills with this Thick-Client Applications episode?

Welcome to the sixth instalment of the Human Connection Challenge: Season 1. This lab tests your ability to analyze and exploit Thick Client applications. As this is a challenge lab, you'll find limited information available to guide you.

Good luck! 🤞

If you're new to the challenge, we reward the top-performing community members in the following categories with physical and digital prizes, like our all-new challenge coin:

🥇 First to Finish
⏱️ Fastest to Complete
🎯 Most Accurate
💪 Most Persistent
🎁 Spot Prizes

When the challenge ends, lab author StefanApostol will provide a walkthrough to guide you through the lab and share hints, tips and expert advice on how to approach this lab, so you can compare notes and learn techniques for the future. You're also very welcome to submit your own walkthrough guides to community@immersivelabs.com because we know that there are multiple methods you take to complete the challenge labs. We'll showcase any unique approaches taken.

You can read more about Season 1 of the Human Connection Challenge here. To be in with a chance of a prize you have until midnight on Sunday 20th April to complete episode 6!  

To find the lab in the Immersive Labs Platform, Click Exercise > Challenges & Scenarios > The Human Connection Challenge: Season 1 > Thick Client

🔔 There are 7 labs within this series so make sure you're following the CHALLENGES Tag to get notified as soon as the final lab is released!

Now it's time to take on that challenge! Let us know how you got on in the comments below!

Updated 24 days ago
Version 2.0

24 Comments

  • "you have until midnight on Sunday 23rd March to complete episode 5!" puuh.. I didn't found the 'Back to the Future' Lab yet :) Would be fun sitting in the Delorean with Xat  in solving it :)

    anyway, Lab 6 was quite 'hard'. Ok, my daughter was sick and it was a kind of on-/off-lab today. Working some minutes, doing other stuff, ... to finally solved it. StefanApostol is a little evil immerser... 

    • Xat's avatar
      Xat
      Icon for Bronze II rankBronze II

      Solved it this morning, had to sleep on question 4 (solved 5 first). Fun lab, thanks StefanApostol. Unfortunately didn't manage to solve time travel yet, probably need some more hints from steven on that.

      • steven's avatar
        steven
        Icon for Silver I rankSilver I

        Probably also looked at the wrong end for Q4? :)

    • KieranRowley's avatar
      KieranRowley
      Icon for Community Manager rankCommunity Manager

      Good catch! This challenge ends on 20th April. We will correct the post

    • KieranRowley's avatar
      KieranRowley
      Icon for Community Manager rankCommunity Manager

      Sorry! This challenge ends on 20th April - we will correct the post

  • Stuck on Q4. What tool to use to analyse the Application.

    • steven's avatar
      steven
      Icon for Silver I rankSilver I

      try to analyse the web-calls, etc. imagine how the login process could be. try to solve Q5 first (and enjoy the rabbit hole).

      • CyberSharpe's avatar
        CyberSharpe
        Icon for Bronze III rankBronze III

        Shes a tasty one for sure. Hardest one yet. 
        Any other suggested hints to move in the right direction?

    • netcat's avatar
      netcat
      Icon for Silver I rankSilver I

      If you're clueless like I am (I would have preferred ghidra and a x64-dbg, which - I'm 100% convinced - are just enough to solve the challenge. Functions like write_token, getToken etc. are there. Or try to extract all GIF and PNG images, but that road leads nowhere, too.), then you'll write a reverse proxy in python, and let the traffic flow via that reverse proxy. Or just use netcat to read the packets from the client, and then send them to the API, and then answer back. Since it's all http with text/ascii it can be done.
      Pretty sure the official solution will be much simpler.