Time’s Up! Congratulations to everyone who completed Lab 3: Web Exploitation from the Human Connection Challenge: Season 1.
In this walkthrough, I'll share some strategies for efficiently completing the lab, based on my perspective as the author. Remember, there are often multiple ways to approach a challenge, so if you used a different method and succeeded, that's perfectly fine! The goal is to learn, and I hope these notes help clarify any steps and reinforce key concepts for the next challenge.
This challenge has now ended, but the lab remains available for practice. While prizes are no longer up for grabs, you can still complete the lab and use this walkthrough guide for support if needed.
I’ve also used placeholders in some of the commands that would give away an answer directly, so if you see anything enclosed in angle brackets, such as <username>, please make sure you replace it with the actual value, such as user1.
Task: Identify a directory on the web application that's disallowed to web crawlers.
What is the name of the directory?
On the Kali desktop, open the Firefox application and enter http://the-happy-teeth-company.bitnet into the browser to navigate to the Happy Teeth Company website.
The key phrase in this task is “web crawlers”, which are also referred to as robots. The robots.txt page defines areas that shouldn’t be accessed by web crawlers, and reveals areas that aren’t intended for normal users to access, making it a simple but effective tool for directory discovery.
To find what directory is disallowed to web crawlers, add /robots.txt to the end of the website URL:
Task: Identify a login page that's not directly accessible from the web application's main site.
What is the path of the page?
To find the login page, you’ll need to open Terminal on the Kali Desktop. Then, you’ll need to use the Dirbuster tool with a wordlist to brute force any hidden pages that aren’t listed or linked from the main site.
Wordlists for dirb (the command line version of Dirbuster) can be found in the /usr/share/dirb/wordlists directory on the Kali desktop. The syntax for the dirb command is:
This command will return a single directory. You’ll then be able to navigate to this URL and find a login page.
Identify a username that's been mistakenly left on the web application.
What is the username?
For this question, you’ll need to navigate to the website’s main homepage, then right-click and select View Page Source. From here, scroll down the page until you see a comment that’s highlighted in red text that contains the username:
<!---- [Comment] -->
Task: Use a password cracking tool with the wordlist /usr/share/wordlists/metasploit/burnett_top_1024.txt to find the password for the user.
What is the user's password?
You can crack the user’s password using the Hydra tool and some specified options. Together, the command run in the Terminal should look something like this:
This command first specifies the login name as the found username (-l <username>), the wordlist (-P /usr/share/wordlists/metasploit/burnett_top_1024.txt), the target (the-happy-teeth-company.bitnet), to quit when it finds one valid password combination (-f), and that the target page is an HTTP POST form.
Next, it tells Hydra that the login page to attempt the credentials on (the previously found login page) and the form data sent will replace ^USER^ with the username and ^PASS^ with a password from the wordlist. If the server replies containing the word invalid, this means the login attempt failed.
When you run this command, Hydra will attempt to log in to the page using the username and each password in the wordlist. If you want to view this process in real time with each password being attempted, you can also add the -V parameter to the end of the command for the verbose output.
Hydra will successfully crack the user’s password a minute or so after running the command.
Task: Log in to the previously found login page with these credentials.
What is the token on the dashboard?
Navigate to the previously found login page and enter the username and cracked password. Click Login, and the new page will reveal a token.
Task: Identify a SQL injection vulnerability on the web application that reveals stored usernames and passwords in the error message.
What is the username beginning with M?
On the top-right of the homepage, you’ll find a link to the MembersLogin page. If you attempt to log in with a random username and password, an error message will display, stating that the user isn’t found.
To find what else this error message could inadvertently display, you can inject an always true SQL query into the Username field:
'or'1'='1
Since '1'='1 is always true, the error message will return all rows from the queried SQL table if the field is vulnerable.
After entering the SQL query, enter any password and click Login. When the page reloads, usernames will be displayed in the error message, and one will begin with M.
What’s the user's password?
Now you know that the Username field is vulnerable to SQL injection, you can manipulate the query to return other information from the database.
Using the username you found beginning with M, you can change the SQL query to:
' or username='<username>
Because you know an existing username, this condition will return as true. After entering a password and clicking Login the user’s password will display in the error message.
Task: Identify a reflected XSS vulnerability on the web application that reveals a token in the error message.
What is the token?
At the top of the homepage, click on the Join Us Today button or scroll down until you get to the section on Practice Membership and Treatments and click Enquire Today. Both of these buttons will direct you to a registration page.
This page contains a number of fields on a form, including name, email address, and street address. From the task, you know you’re looking for a reflected XSS vulnerability, so you can enter the following payload into the fields to test for XSS:
<script>alert("xss")</script>
Navigate through each field and test the payload by clicking Register Now until you find that the Phone Number field is vulnerable and reflects the “xss” message. Once you see this, click OK to close the window and find the token in the error message underneath the Register Now button.
Task: Identify a file inclusion vulnerability on the web application.
Task: Use directory traversal techniques to read the file token.txt.
What’s the token?
Navigate back to the main homepage and scroll down until you find the newsletter section. Underneath the Subscribe Now button, you’ll find a link to View Our Most Recent Newsletter, which you can click.
You’ll now be shown a newsletter PDF file which appears in the URL as:
This indicates that the application could be dynamically loading the file in the URL “file” parameter. To test this, you can manipulate this parameter to see if it’s vulnerable to a local file inclusion (LFI) exploit and will load other files – such as token.txt.
Press Enter, and a new page will load with a token.
Tools
This challenge primarily relies on your skills in web application exploitation and only requires two tools: Dirbuster for directory enumeration and Hydra for password cracking.
Tips
When testing for web application vulnerabilities, remember that vulnerabilities may reside in any part of the application. Subtle elements that appear unimportant could prove exploitable if they neglect to handle inputs securely. So make sure you check all user input forms and any buttons or links that direct you to different parts of the application.
If you want to learn more about some of the tools within this lab, take a look at the following lab collections:
Secure Testing – Beginner
Credential Access
SQL Injection Basics
Cross-Site Scripting (XSS)
Conclusion
The steps I’ve laid out here aren’t the only way to find the answers to the questions. As long as you find the answers, you did it – well done!
If you think there’s a better method to find some of the answers than what I’ve described above, please post it in the comments below!
I hope you enjoyed the challenge and I’ll see you for the next one!
Really enjoyed this one! I actually managed to take an educated guess at the login directory without using dirbuster 😂 To find the password via SQL injection I just entered the username that had been previously found then did the exact same exploit I used for the username in the password field.
Looking forward to the next one!
"}},"componentScriptGroups({\"componentId\":\"custom.widget.Custom_Scripts\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"cachedText({\"lastModified\":\"1740587331000\",\"locale\":\"en-US\",\"namespaces\":[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1740587331000"}],"cachedText({\"lastModified\":\"1740587331000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageCoverImage\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageCoverImage-1740587331000"}],"cachedText({\"lastModified\":\"1740587331000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeTitle\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeTitle-1740587331000"}],"cachedText({\"lastModified\":\"1740587331000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageTimeToRead\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTimeToRead-1740587331000"}],"cachedText({\"lastModified\":\"1740587331000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1740587331000"}],"cachedText({\"lastModified\":\"1740587331000\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1740587331000"}],"cachedText({\"lastModified\":\"1740587331000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserRank\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserRank-1740587331000"}],"cachedText({\"lastModified\":\"1740587331000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageTime\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTime-1740587331000"}],"cachedText({\"lastModified\":\"1740587331000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1740587331000"}],"cachedText({\"lastModified\":\"1740587331000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageCustomFields\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageCustomFields-1740587331000"}],"cachedText({\"lastModified\":\"1740587331000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageRevision\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageRevision-1740587331000"}],"cachedText({\"lastModified\":\"1740587331000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/QueryHandler\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1740587331000"}],"cachedText({\"lastModified\":\"1740587331000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageReplyButton\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageReplyButton-1740587331000"}],"cachedText({\"lastModified\":\"1740587331000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageAuthorBio\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageAuthorBio-1740587331000"}],"cachedText({\"lastModified\":\"1740587331000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1740587331000"}],"cachedText({\"lastModified\":\"1740587331000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/ranks/UserRankLabel\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1740587331000"}],"cachedText({\"lastModified\":\"1740587331000\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserRegistrationDate\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserRegistrationDate-1740587331000"}],"cachedText({\"lastModified\":\"1740587331000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeAvatar-1740587331000"}],"cachedText({\"lastModified\":\"1740587331000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeDescription\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeDescription-1740587331000"}],"message({\"id\":\"message:1465\"})":{"__ref":"BlogReplyMessage:message:1465"},"cachedText({\"lastModified\":\"1740587331000\",\"locale\":\"en-US\",\"namespaces\":[\"components/tags/TagView/TagViewChip\"]})":[{"__ref":"CachedAsset:text:en_US-components/tags/TagView/TagViewChip-1740587331000"}]},"CachedAsset:pages-1742433616575":{"__typename":"CachedAsset","id":"pages-1742433616575","value":[{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"MaintenancePage","type":"COMMUNITY","urlPath":"/maintenance","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"HealthCheckPage","type":"COMMUNITY","urlPath":"/health","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1742433616575,"localOverride":null,"page":{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"}],"localOverride":false},"CachedAsset:text:en_US-components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot find message with id {messageId}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":{"title":"Loading..."},"localOverride":false},"User:user:-1":{"__typename":"User","id":"user:-1","uid":-1,"login":"Anonymous","email":"","avatar":null,"rank":null,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ssoRegistrationFields":[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"true","localValue":"true","possibleValues":["true","false"]},"dateDisplayFormat":{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"MM-dd-yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":null,"possibleValues":["en-US"]}},"deleted":false},"Theme:customTheme1":{"__typename":"Theme","id":"customTheme1"},"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/bi00OS1vdVVFbDU\"}":{"__typename":"AssociatedImage","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/images/bi00OS1vdVVFbDU","mimeType":"image/svg+xml"},"Category:category:blogs":{"__typename":"Category","id":"category:blogs","entityType":"CATEGORY","displayId":"blogs","nodeType":"category","depth":1,"title":"Blogs","shortTitle":"Blogs","parent":{"__ref":"Category:category:top"},"categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:top":{"__typename":"Category","id":"category:top","displayId":"top","nodeType":"category","depth":0,"title":"Top","entityType":"CATEGORY","shortTitle":"Top"},"Blog:board:the-human-connection-blog":{"__typename":"Blog","id":"board:the-human-connection-blog","entityType":"BLOG","displayId":"the-human-connection-blog","nodeType":"board","depth":2,"conversationStyle":"BLOG","title":"The Human Connection Blog","description":"Learn from our passionate experts on a wide range of subjects from Cyber Threat Research to maximizing value with Immersive, plus, hear from our outstanding customers who are keen to share their experiences.","avatar":{"__ref":"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/bi00OS1vdVVFbDU\"}"},"profileSettings":{"__typename":"ProfileSettings","language":null},"parent":{"__ref":"Category:category:blogs"},"ancestors":{"__typename":"CoreNodeConnection","edges":[{"__typename":"CoreNodeEdge","node":{"__ref":"Community:community:dnvaw96485"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:blogs"}}]},"userContext":{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"boardPolicies":{"__typename":"BoardPolicies","canPublishArticleOnCreate":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","key":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","args":[]}},"canReadNode":{"__typename":"PolicyResult","failureReason":null}},"shortTitle":"The Human Connection Blog","repliesProperties":{"__typename":"RepliesProperties","sortOrder":"LIKES","repliesFormat":"threaded"},"blogPolicies":{"__typename":"BlogPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"eventPath":"category:blogs/community:dnvaw96485board:the-human-connection-blog/","tagProperties":{"__typename":"TagNodeProperties","tagsEnabled":{"__typename":"PolicyResult","failureReason":null}},"requireTags":true,"tagType":"PRESET_ONLY"},"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstMjUteWJYNnRZ\"}":{"__typename":"AssociatedImage","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstMjUteWJYNnRZ","height":32,"width":32,"mimeType":"image/png"},"Rank:rank:25":{"__typename":"Rank","id":"rank:25","position":3,"name":"Immerser","color":"4563FF","icon":{"__ref":"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstMjUteWJYNnRZ\"}"},"rankStyle":"FILLED"},"User:user:516":{"__typename":"User","id":"user:516","uid":516,"login":"BethHolden","deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/images/dS01MTYtSXlndmNF?image-coordinates=0%2C5%2C271%2C276"},"rank":{"__ref":"Rank:rank:25"},"email":"","messagesCount":3,"biography":null,"topicsCount":3,"kudosReceivedCount":5,"kudosGivenCount":2,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2024-11-06T08:01:59.285-08:00","confirmEmailStatus":null},"followersCount":null,"solutionsCount":0},"BlogTopicMessage:message:1460":{"__typename":"BlogTopicMessage","uid":1460,"subject":"Human Connection Challenge: Season 1 – Web Exploitation","id":"message:1460","revisionNum":2,"repliesCount":1,"author":{"__ref":"User:user:516"},"depth":0,"hasGivenKudo":false,"board":{"__ref":"Blog:board:the-human-connection-blog"},"conversation":{"__ref":"Conversation:conversation:1460"},"messagePolicies":{"__typename":"MessagePolicies","canPublishArticleOnEdit":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.forums.policy_can_publish_on_edit_workflow_action.accessDenied","key":"error.lithium.policies.forums.policy_can_publish_on_edit_workflow_action.accessDenied","args":[]}},"canModerateSpamMessage":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","key":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","args":[]}}},"contentWorkflow":{"__typename":"ContentWorkflow","state":"PUBLISH","scheduledPublishTime":null,"scheduledTimezone":null,"userContext":{"__typename":"MessageWorkflowContext","canSubmitForReview":null,"canEdit":false,"canRecall":null,"canSubmitForPublication":null,"canReturnToAuthor":null,"canPublish":null,"canReturnToReview":null,"canSchedule":false},"shortScheduledTimezone":null},"readOnly":false,"editFrozen":false,"moderationData":{"__ref":"ModerationData:moderation_data:1460"},"teaser":"","body":"
In this walkthrough, I'll share some strategies for efficiently completing the lab, based on my perspective as the author. Remember, there are often multiple ways to approach a challenge, so if you used a different method and succeeded, that's perfectly fine! The goal is to learn, and I hope these notes help clarify any steps and reinforce key concepts for the next challenge.
\n
This challenge has now ended, but the lab remains available for practice. While prizes are no longer up for grabs, you can still complete the lab and use this walkthrough guide for support if needed.
\n
I’ve also used placeholders in some of the commands that would give away an answer directly, so if you see anything enclosed in angle brackets, such as <username>, please make sure you replace it with the actual value, such as user1.
Task: Identify a directory on the web application that's disallowed to web crawlers.
\n\n
What is the name of the directory?
\n\n
On the Kali desktop, open the Firefox application and enter http://the-happy-teeth-company.bitnet into the browser to navigate to the Happy Teeth Company website.
\n
The key phrase in this task is “web crawlers”, which are also referred to as robots. The robots.txt page defines areas that shouldn’t be accessed by web crawlers, and reveals areas that aren’t intended for normal users to access, making it a simple but effective tool for directory discovery.
\n
To find what directory is disallowed to web crawlers, add /robots.txt to the end of the website URL:
Task: Identify a login page that's not directly accessible from the web application's main site.
\n\n
What is the path of the page?
\n\n
To find the login page, you’ll need to open Terminal on the Kali Desktop. Then, you’ll need to use the Dirbuster tool with a wordlist to brute force any hidden pages that aren’t listed or linked from the main site.
\n
Wordlists for dirb (the command line version of Dirbuster) can be found in the /usr/share/dirb/wordlists directory on the Kali desktop. The syntax for the dirb command is:
This command will return a single directory. You’ll then be able to navigate to this URL and find a login page.
\n
Identify a username that's been mistakenly left on the web application.
\n\n
What is the username?
\n\n
For this question, you’ll need to navigate to the website’s main homepage, then right-click and select View Page Source. From here, scroll down the page until you see a comment that’s highlighted in red text that contains the username:
\n
\n
<!---- [Comment] -->
\n
Task: Use a password cracking tool with the wordlist /usr/share/wordlists/metasploit/burnett_top_1024.txt to find the password for the user.
\n\n
What is the user's password?
\n\n
You can crack the user’s password using the Hydra tool and some specified options. Together, the command run in the Terminal should look something like this:
This command first specifies the login name as the found username (-l <username>), the wordlist (-P /usr/share/wordlists/metasploit/burnett_top_1024.txt), the target (the-happy-teeth-company.bitnet), to quit when it finds one valid password combination (-f), and that the target page is an HTTP POST form.
\n
Next, it tells Hydra that the login page to attempt the credentials on (the previously found login page) and the form data sent will replace ^USER^ with the username and ^PASS^ with a password from the wordlist. If the server replies containing the word invalid, this means the login attempt failed.
\n
When you run this command, Hydra will attempt to log in to the page using the username and each password in the wordlist. If you want to view this process in real time with each password being attempted, you can also add the -V parameter to the end of the command for the verbose output.
\n
Hydra will successfully crack the user’s password a minute or so after running the command.
\n
Task: Log in to the previously found login page with these credentials.
\n\n
What is the token on the dashboard?
\n\n
Navigate to the previously found login page and enter the username and cracked password. Click Login, and the new page will reveal a token.
\n
Task: Identify a SQL injection vulnerability on the web application that reveals stored usernames and passwords in the error message.
\n\n
What is the username beginning with M?
\n\n
On the top-right of the homepage, you’ll find a link to the MembersLogin page. If you attempt to log in with a random username and password, an error message will display, stating that the user isn’t found.
\n
To find what else this error message could inadvertently display, you can inject an always true SQL query into the Username field:
\n
'or'1'='1
\n
Since '1'='1 is always true, the error message will return all rows from the queried SQL table if the field is vulnerable.
\n
After entering the SQL query, enter any password and click Login. When the page reloads, usernames will be displayed in the error message, and one will begin with M.
\n\n
What’s the user's password?
\n\n
Now you know that the Username field is vulnerable to SQL injection, you can manipulate the query to return other information from the database.
\n
Using the username you found beginning with M, you can change the SQL query to:
\n
\n
' or username='<username>
\n
Because you know an existing username, this condition will return as true. After entering a password and clicking Login the user’s password will display in the error message.
\n
Task: Identify a reflected XSS vulnerability on the web application that reveals a token in the error message.
\n\n
What is the token?
\n\n
At the top of the homepage, click on the Join Us Today button or scroll down until you get to the section on Practice Membership and Treatments and click Enquire Today. Both of these buttons will direct you to a registration page.
\n
This page contains a number of fields on a form, including name, email address, and street address. From the task, you know you’re looking for a reflected XSS vulnerability, so you can enter the following payload into the fields to test for XSS:
\n
<script>alert(\"xss\")</script>
\n
Navigate through each field and test the payload by clicking Register Now until you find that the Phone Number field is vulnerable and reflects the “xss” message. Once you see this, click OK to close the window and find the token in the error message underneath the Register Now button.
\n
Task: Identify a file inclusion vulnerability on the web application.
\n
Task: Use directory traversal techniques to read the file token.txt.
\n\n
What’s the token?
\n\n
Navigate back to the main homepage and scroll down until you find the newsletter section. Underneath the Subscribe Now button, you’ll find a link to View Our Most Recent Newsletter, which you can click.
\n
You’ll now be shown a newsletter PDF file which appears in the URL as:
This indicates that the application could be dynamically loading the file in the URL “file” parameter. To test this, you can manipulate this parameter to see if it’s vulnerable to a local file inclusion (LFI) exploit and will load other files – such as token.txt.
Press Enter, and a new page will load with a token.
\n
Tools
\n
This challenge primarily relies on your skills in web application exploitation and only requires two tools: Dirbuster for directory enumeration and Hydra for password cracking.
\n
Tips
\n
When testing for web application vulnerabilities, remember that vulnerabilities may reside in any part of the application. Subtle elements that appear unimportant could prove exploitable if they neglect to handle inputs securely. So make sure you check all user input forms and any buttons or links that direct you to different parts of the application.
\n
If you want to learn more about some of the tools within this lab, take a look at the following lab collections:
\n
\n
Secure Testing – Beginner
\n
Credential Access
\n
SQL Injection Basics
\n
Cross-Site Scripting (XSS)
\n
\n
Conclusion
\n
The steps I’ve laid out here aren’t the only way to find the answers to the questions. As long as you find the answers, you did it – well done!
\n
If you think there’s a better method to find some of the answers than what I’ve described above, please post it in the comments below!
\n
I hope you enjoyed the challenge and I’ll see you for the next one!
","body@stringLength":"12971","rawBody":"
In this walkthrough, I'll share some strategies for efficiently completing the lab, based on my perspective as the author. Remember, there are often multiple ways to approach a challenge, so if you used a different method and succeeded, that's perfectly fine! The goal is to learn, and I hope these notes help clarify any steps and reinforce key concepts for the next challenge.
\n
This challenge has now ended, but the lab remains available for practice. While prizes are no longer up for grabs, you can still complete the lab and use this walkthrough guide for support if needed.
\n
I’ve also used placeholders in some of the commands that would give away an answer directly, so if you see anything enclosed in angle brackets, such as <username>, please make sure you replace it with the actual value, such as user1.
Task: Identify a directory on the web application that's disallowed to web crawlers.
\n\n
What is the name of the directory?
\n\n
On the Kali desktop, open the Firefox application and enter http://the-happy-teeth-company.bitnet into the browser to navigate to the Happy Teeth Company website.
\n
The key phrase in this task is “web crawlers”, which are also referred to as robots. The robots.txt page defines areas that shouldn’t be accessed by web crawlers, and reveals areas that aren’t intended for normal users to access, making it a simple but effective tool for directory discovery.
\n
To find what directory is disallowed to web crawlers, add /robots.txt to the end of the website URL:
Task: Identify a login page that's not directly accessible from the web application's main site.
\n\n
What is the path of the page?
\n\n
To find the login page, you’ll need to open Terminal on the Kali Desktop. Then, you’ll need to use the Dirbuster tool with a wordlist to brute force any hidden pages that aren’t listed or linked from the main site.
\n
Wordlists for dirb (the command line version of Dirbuster) can be found in the /usr/share/dirb/wordlists directory on the Kali desktop. The syntax for the dirb command is:
This command will return a single directory. You’ll then be able to navigate to this URL and find a login page.
\n
Identify a username that's been mistakenly left on the web application.
\n\n
What is the username?
\n\n
For this question, you’ll need to navigate to the website’s main homepage, then right-click and select View Page Source. From here, scroll down the page until you see a comment that’s highlighted in red text that contains the username:
\n
\n
<!---- [Comment] -->
\n
Task: Use a password cracking tool with the wordlist /usr/share/wordlists/metasploit/burnett_top_1024.txt to find the password for the user.
\n\n
What is the user's password?
\n\n
You can crack the user’s password using the Hydra tool and some specified options. Together, the command run in the Terminal should look something like this:
This command first specifies the login name as the found username (-l <username>), the wordlist (-P /usr/share/wordlists/metasploit/burnett_top_1024.txt), the target (the-happy-teeth-company.bitnet), to quit when it finds one valid password combination (-f), and that the target page is an HTTP POST form.
\n
Next, it tells Hydra that the login page to attempt the credentials on (the previously found login page) and the form data sent will replace ^USER^ with the username and ^PASS^ with a password from the wordlist. If the server replies containing the word invalid, this means the login attempt failed.
\n
When you run this command, Hydra will attempt to log in to the page using the username and each password in the wordlist. If you want to view this process in real time with each password being attempted, you can also add the -V parameter to the end of the command for the verbose output.
\n
Hydra will successfully crack the user’s password a minute or so after running the command.
\n
Task: Log in to the previously found login page with these credentials.
\n\n
What is the token on the dashboard?
\n\n
Navigate to the previously found login page and enter the username and cracked password. Click Login, and the new page will reveal a token.
\n
Task: Identify a SQL injection vulnerability on the web application that reveals stored usernames and passwords in the error message.
\n\n
What is the username beginning with M?
\n\n
On the top-right of the homepage, you’ll find a link to the MembersLogin page. If you attempt to log in with a random username and password, an error message will display, stating that the user isn’t found.
\n
To find what else this error message could inadvertently display, you can inject an always true SQL query into the Username field:
\n
'or'1'='1
\n
Since '1'='1 is always true, the error message will return all rows from the queried SQL table if the field is vulnerable.
\n
After entering the SQL query, enter any password and click Login. When the page reloads, usernames will be displayed in the error message, and one will begin with M.
\n\n
What’s the user's password?
\n\n
Now you know that the Username field is vulnerable to SQL injection, you can manipulate the query to return other information from the database.
\n
Using the username you found beginning with M, you can change the SQL query to:
\n
\n
' or username='<username>
\n
Because you know an existing username, this condition will return as true. After entering a password and clicking Login the user’s password will display in the error message.
\n
Task: Identify a reflected XSS vulnerability on the web application that reveals a token in the error message.
\n\n
What is the token?
\n\n
At the top of the homepage, click on the Join Us Today button or scroll down until you get to the section on Practice Membership and Treatments and click Enquire Today. Both of these buttons will direct you to a registration page.
\n
This page contains a number of fields on a form, including name, email address, and street address. From the task, you know you’re looking for a reflected XSS vulnerability, so you can enter the following payload into the fields to test for XSS:
\n
<script>alert(\"xss\")</script>
\n
Navigate through each field and test the payload by clicking Register Now until you find that the Phone Number field is vulnerable and reflects the “xss” message. Once you see this, click OK to close the window and find the token in the error message underneath the Register Now button.
\n
Task: Identify a file inclusion vulnerability on the web application.
\n
Task: Use directory traversal techniques to read the file token.txt.
\n\n
What’s the token?
\n\n
Navigate back to the main homepage and scroll down until you find the newsletter section. Underneath the Subscribe Now button, you’ll find a link to View Our Most Recent Newsletter, which you can click.
\n
You’ll now be shown a newsletter PDF file which appears in the URL as:
This indicates that the application could be dynamically loading the file in the URL “file” parameter. To test this, you can manipulate this parameter to see if it’s vulnerable to a local file inclusion (LFI) exploit and will load other files – such as token.txt.
Press Enter, and a new page will load with a token.
\n
Tools
\n
This challenge primarily relies on your skills in web application exploitation and only requires two tools: Dirbuster for directory enumeration and Hydra for password cracking.
\n
Tips
\n
When testing for web application vulnerabilities, remember that vulnerabilities may reside in any part of the application. Subtle elements that appear unimportant could prove exploitable if they neglect to handle inputs securely. So make sure you check all user input forms and any buttons or links that direct you to different parts of the application.
\n
If you want to learn more about some of the tools within this lab, take a look at the following lab collections:
\n
\n
Secure Testing – Beginner
\n
Credential Access
\n
SQL Injection Basics
\n
Cross-Site Scripting (XSS)
\n
\n
Conclusion
\n
The steps I’ve laid out here aren’t the only way to find the answers to the questions. As long as you find the answers, you did it – well done!
\n
If you think there’s a better method to find some of the answers than what I’ve described above, please post it in the comments below!
\n
I hope you enjoyed the challenge and I’ll see you for the next one!
","kudosSumWeight":1,"postTime":"2025-01-27T01:38:02.524-08:00","images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuMnwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/bS0xNDYwLWFHVzh4RQ?revision=2\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"attachments":{"__typename":"AttachmentConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMnwyLjF8b3wxMHxfTlZffDE","node":{"__typename":"Tag","id":"tag:community challenge","text":"community challenge","time":"2025-01-20T07:43:02.699-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":6,"rawTeaser":"","introduction":"Time’s Up! Congratulations to everyone who completed Lab 3: Web Exploitation from the Human Connection Challenge: Season 1.","coverImage":{"__typename":"UploadedImage","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/images/bS0xNDYwLWFHVzh4RQ?revision=2","width":800,"height":800},"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""},"currentRevision":{"__ref":"Revision:revision:1460_2"},"latestVersion":{"__typename":"FriendlyVersion","major":"1","minor":"0"},"metrics":{"__typename":"MessageMetrics","views":296},"visibilityScope":"PUBLIC","canonicalUrl":null,"seoTitle":null,"seoDescription":null,"placeholder":false,"originalMessageForPlaceholder":null,"contributors":{"__typename":"UserConnection","edges":[]},"nonCoAuthorContributors":{"__typename":"UserConnection","edges":[]},"coAuthors":{"__typename":"UserConnection","edges":[]},"blogMessagePolicies":{"__typename":"BlogMessagePolicies","canDoAuthoringActionsOnBlog":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.blog.action_can_do_authoring_action.accessDenied","key":"error.lithium.policies.blog.action_can_do_authoring_action.accessDenied","args":[]}}},"archivalData":null,"replies":{"__typename":"MessageConnection","edges":[{"__typename":"MessageEdge","cursor":"MjUuMnwyLjF8b3wxMHwxNDowLDM5OjF8MQ","node":{"__ref":"BlogReplyMessage:message:1465"}}],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"customFields":[],"revisions({\"constraints\":{\"isPublished\":{\"eq\":true}},\"first\":1})":{"__typename":"RevisionConnection","totalCount":2}},"Conversation:conversation:1460":{"__typename":"Conversation","id":"conversation:1460","solved":false,"topic":{"__ref":"BlogTopicMessage:message:1460"},"lastPostingActivityTime":"2025-01-27T04:12:38.566-08:00","lastPostTime":"2025-01-27T04:12:38.566-08:00","unreadReplyCount":1,"isSubscribed":false},"ModerationData:moderation_data:1460":{"__typename":"ModerationData","id":"moderation_data:1460","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/bS0xNDYwLWFHVzh4RQ?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/images/bS0xNDYwLWFHVzh4RQ?revision=2","title":"eec1c9d0-feab-44b3-b9d2-5f32316e0eaf.jpg","associationType":"COVER","width":800,"height":800,"altText":""},"Revision:revision:1460_2":{"__typename":"Revision","id":"revision:1460_2","lastEditTime":"2025-01-27T01:38:02.524-08:00"},"CachedAsset:theme:customTheme1-1742433616168":{"__typename":"CachedAsset","id":"theme:customTheme1-1742433616168","value":{"id":"customTheme1","animation":{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51, 1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":["custom"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"67445c86d118f03d29f3e02f_Immersive_Favicon-1739352646053.png","imageLastModified":"1739352647623","__typename":"ThemeAsset"},"customerLogo":{"imageAssetName":"Community_Logo_-_Light-1739352757482.png","imageLastModified":"1739352759022","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"1300px","oneColumnNarrowWidth":"800px","gridGutterWidthMd":"30px","gridGutterWidthXs":"10px","pageWidthStyle":"WIDTH_OF_BROWSER","__typename":"BasicsThemeSettings"},"buttons":{"borderRadiusSm":"3px","borderRadius":"3px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(--lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"16px","paddingXHero":"60px","fontStyle":"NORMAL","fontWeight":"400","textTransform":"NONE","disabledOpacity":0.5,"primaryTextColor":"var(--lia-bs-body-bg)","primaryTextHoverColor":"var(--lia-bs-body-bg)","primaryTextActiveColor":"var(--lia-bs-body-bg)","primaryBgColor":"var(--lia-bs-primary)","primaryBgHoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))","primaryBgActiveColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","secondaryTextColor":"var(--lia-bs-body-color)","secondaryTextHoverColor":"hsl(var(--lia-bs-body-color-h), var(--lia-bs-body-color-s), calc(var(--lia-bs-body-color-l) * 0.95))","secondaryTextActiveColor":"hsl(var(--lia-bs-body-color-h), var(--lia-bs-body-color-s), calc(var(--lia-bs-body-color-l) * 0.9))","secondaryBgColor":"var(--lia-bs-body-bg)","secondaryBgHoverColor":"hsl(var(--lia-bs-body-bg-h), var(--lia-bs-body-bg-s), calc(var(--lia-bs-body-bg-l) * 0.96))","secondaryBgActiveColor":"hsl(var(--lia-bs-body-bg-h), var(--lia-bs-body-bg-s), calc(var(--lia-bs-body-bg-l) * 0.92))","secondaryBorder":"1px solid transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","tertiaryTextColor":"var(--lia-bs-gray-900)","tertiaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","tertiaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)","tertiaryBorder":"1px solid transparent","tertiaryBorderHover":"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid transparent","tertiaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","destructiveTextColor":"var(--lia-bs-body-bg)","destructiveTextHoverColor":"var(--lia-bs-body-bg)","destructiveTextActiveColor":"var(--lia-bs-body-bg)","destructiveBgColor":"var(--lia-bs-danger)","destructiveBgHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.85))","destructiveBgActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.7))","destructiveBorder":"1px solid transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","mainContent":"LIGHT","sideContent":"LIGHT","radiusSm":"6px","radius":"10px","radiusLg":"18px","radius50":"100vw","__typename":"BorderThemeSettings"},"boxShadow":{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.06)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":{"defaultMessageLinkColor":"var(--lia-bs-primary)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"400","defaultMessageFontStyle":"NORMAL","defaultMessageFontWeight":"400","forumColor":"#26B5E6","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#3CA7A1","blogColor":"#3CA7A1","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#6E6F7C","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#FF8000","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#E45C65","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#9AE8E8","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesThemeSettings"},"colors":{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCCCC","gray600":"#949494","gray700":"#707070","gray800":"#545454","gray900":"#333333","dark":"#545454","light":"#F7F7F7","primary":"#4563FF","secondary":"#333333","bodyText":"#10122A","bodyBg":"#F9F9FA","info":"#26B5E6","success":"#3CA7A1","warning":"#FBDC55","danger":"#E45C65","alertSystem":"#FF6600","textMuted":"#707070","highlight":"#FFFCAD","outline":"var(--lia-bs-primary)","custom":["#26B5E6","#E45C65","#6E6F7C","#D7D5E2","#C69A70","#FBDC55","#9AE8E8","#3CA7A1"],"__typename":"ColorsThemeSettings"},"divider":{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#ffffff","primaryBgColor":"#0069D4","primaryBgHoverColor":"#005cb8","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#a78058","skinToneDark":"#5e4d43","__typename":"EmojiThemeSettings"},"heading":{"color":"var(--lia-bs-body-color)","fontFamily":"Inter","fontStyle":"NORMAL","fontWeight":"500","h1FontSize":"34px","h2FontSize":"32px","h3FontSize":"28px","h4FontSize":"24px","h5FontSize":"20px","h6FontSize":"16px","lineHeight":"1.3","subHeaderFontSize":"11px","subHeaderFontWeight":"500","h1LetterSpacing":"normal","h2LetterSpacing":"normal","h3LetterSpacing":"normal","h4LetterSpacing":"normal","h5LetterSpacing":"normal","h6LetterSpacing":"normal","subHeaderLetterSpacing":"2px","h1FontWeight":"var(--lia-bs-headings-font-weight)","h2FontWeight":"var(--lia-bs-headings-font-weight)","h3FontWeight":"var(--lia-bs-headings-font-weight)","h4FontWeight":"var(--lia-bs-headings-font-weight)","h5FontWeight":"var(--lia-bs-headings-font-weight)","h6FontWeight":"var(--lia-bs-headings-font-weight)","__typename":"HeadingThemeSettings"},"icons":{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","size60":"60px","size80":"80px","size120":"120px","size160":"160px","__typename":"IconsThemeSettings"},"imagePreview":{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) - 10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":"","imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typename":"BackgroundProps"},"backgroundOpacity":0.8,"paddingTop":"15px","paddingBottom":"15px","borderBottom":"1px solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxShadowHover":"none","linkTextBorderBottom":"none","linkTextBorderBottomHover":"none","dropdownPaddingTop":"10px","dropdownPaddingBottom":"15px","dropdownPaddingX":"10px","dropdownMenuOffset":"2px","dropdownDividerMarginTop":"10px","dropdownDividerMarginBottom":"10px","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%, 50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collapseMenuMarginLeft":"20px","collapseMenuDividerBg":"var(--lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem 1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"0.7","propColor":"#990055","selectorColor":"#517a00","operatorColor":"#906736","operatorBgColor":"hsla(0, 0%, 100%, 0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","customColor6":"#2dc26b","customColor7":"#f1c40f","customColor8":"#e03e2d","customColor9":"#b96ad9","customColor10":"#3598db","customColor11":"#169179","customColor12":"#e67e23","customColor13":"#ba372a","customColor14":"#843fa1","customColor15":"#236fa1","customColor16":"#ecf0f1","customColor17":"#ced4d9","customColor18":"#95a5a6","customColor19":"#7e8c8d","customColor20":"#34495e","customColor21":"#000000","customColor22":"#ffffff","defaultMessageHeaderMarginTop":"40px","defaultMessageHeaderMarginBottom":"20px","defaultMessageItemMarginTop":"0","defaultMessageItemMarginBottom":"30px","diffAddedColor":"hsla(170, 53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%, 0.4)","diffRemovedColor":"hsla(9, 74%, 47%, 0.4)","specialMessageHeaderMarginTop":"40px","specialMessageHeaderMarginBottom":"20px","specialMessageItemMarginTop":"0","specialMessageItemMarginBottom":"30px","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":{"fontFamilyBase":"Inter","fontStyleBase":"NORMAL","fontWeightBase":"300","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold":"700","letterSpacingSm":"normal","letterSpacingXs":"normal","lineHeightBase":"1.5","fontSizeBase":"16px","fontSizeXxs":"11px","fontSizeXs":"12px","fontSizeSm":"14px","fontSizeLg":"20px","fontSizeXl":"24px","smallFontSize":"14px","customFonts":[{"source":"GOOGLE","name":"Geologica","styles":[{"style":"NORMAL","weight":"100","__typename":"FontStyleData"},{"style":"NORMAL","weight":"500","__typename":"FontStyleData"}],"assetNames":["Geologica-normal-100.woff2","Geologica-normal-500.woff2"],"__typename":"CustomFont"}],"__typename":"TypographyThemeSettings"},"unstyledListItem":{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename":"UnstyledListItemThemeSettings"},"yiq":{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLightest":0.93,"successDark":0.24,"successLight":0.62,"successLighter":0.8,"successLightest":0.91,"warningDark":0.39,"warningLight":0.68,"warningLighter":0.84,"warningLightest":0.93,"dangerDark":0.41,"dangerLight":0.72,"dangerLighter":0.89,"dangerLightest":0.95,"__typename":"ColorLightnessThemeSettings"},"localOverride":false,"__typename":"Theme"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1740587331000","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:quilt:immersivelabs.prod:pages/blogs/BlogMessagePage:board:the-human-connection-blog-1743426078338":{"__typename":"CachedAsset","id":"quilt:immersivelabs.prod:pages/blogs/BlogMessagePage:board:the-human-connection-blog-1743426078338","value":{"id":"BlogMessagePage","container":{"id":"Common","headerProps":{"removeComponents":["community.widget.bannerWidget"],"__typename":"QuiltContainerSectionProps"},"headerComponentProps":{"community.widget.breadcrumbWidget":{"disableLastCrumbForDesktop":false}},"items":[{"id":"blog-article","sectionEditLevel":"LOCKED","layout":"ONE_COLUMN","columnMap":{"main":[{"id":"blogs.widget.blogArticleWidget","className":"lia-blog-container","__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"}],"__typename":"QuiltContainer"},"__typename":"Quilt"},"localOverride":false},"CachedAsset:text:en_US-components/common/EmailVerification-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1740587331000","value":{"email.verification.title":"Email Verification Required","email.verification.message.update.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. To change your email, visit My Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-pages/blogs/BlogMessagePage-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-pages/blogs/BlogMessagePage-1740587331000","value":{"title":"{contextMessageSubject} | {communityTitle}","errorMissing":"This blog post cannot be found","name":"Blog Message Page","section.blog-article.title":"Blog Post","archivedMessageTitle":"This Content Has Been Archived"},"localOverride":false},"CachedAsset:quiltWrapper:immersivelabs.prod:Common:1742433549484":{"__typename":"CachedAsset","id":"quiltWrapper:immersivelabs.prod:Common:1742433549484","value":{"id":"Common","header":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"var(--lia-bs-body-color)","items":[{"id":"community.widget.navbarWidget","props":{"showUserName":false,"showRegisterLink":false,"useIconLanguagePicker":true,"useLabelLanguagePicker":true,"className":"QuiltComponent_lia-component-edit-mode__0nCcm","links":{"sideLinks":[],"mainLinks":[{"children":[{"linkType":"INTERNAL","id":"get-started-link","params":{"boardId":"get-started","categoryId":"welcome"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-2","params":{"boardId":"community-forum","categoryId":"welcome"},"routeName":"ForumBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-1","params":{"boardId":"community-blog","categoryId":"welcome"},"routeName":"BlogBoardPage"},{"linkType":"EXTERNAL","id":"Common-external-link","url":"https://community.immersivelabs.com/tag/community%20challenge","target":"SELF"}],"linkType":"INTERNAL","id":"migrated-link-0","params":{"categoryId":"welcome"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"help","params":{"boardId":"help","categoryId":"help"},"routeName":"ForumBoardPage"},{"linkType":"EXTERNAL","id":"external-2","url":"https://community.immersivelabs.com/category/help/discussions/help?messages.widget.messagelistfornodebyrecentactivitywidget-tab-main-ochszs-0=noSolutions","target":"SELF"},{"linkType":"INTERNAL","id":"cybertrust-massachusetts-link","params":{"groupHubId":"cybertrust-massachusetts"},"routeName":"GroupHubPage"},{"linkType":"EXTERNAL","id":"external-1","url":"https://immersivelabs.zendesk.com/hc/en-us","target":"BLANK"}],"linkType":"INTERNAL","id":"migrated-link-3","params":{"boardId":"help","categoryId":"discuss"},"routeName":"ForumBoardPage"},{"children":[{"linkType":"INTERNAL","id":"customer-blog","params":{"boardId":"customer-blog","categoryId":"blogs"},"routeName":"BlogBoardPage"},{"linkType":"INTERNAL","id":"the-human-connection-blog","params":{"boardId":"the-human-connection-blog","categoryId":"blogs"},"routeName":"BlogBoardPage"},{"linkType":"EXTERNAL","id":"external","url":"https://www.immersivelabs.com/resources/blog","target":"BLANK"}],"linkType":"INTERNAL","id":"migrated-link-4","params":{"categoryId":"blogs"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-10","params":{"boardId":"customer-events","categoryId":"events"},"routeName":"EventBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-11","params":{"boardId":"community-events","categoryId":"events"},"routeName":"EventBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-9","params":{"categoryId":"events"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-13","params":{"boardId":"cyber-million","categoryId":"cyber-million"},"routeName":"ForumBoardPage"},{"linkType":"EXTERNAL","id":"external-3","url":"https://community.immersivelabs.com/category/cyber-million/discussions/cyber-million?messages.widget.messagelistfornodebyrecentactivitywidget-tab-main-ouwewl-0=noSolutions","target":"SELF"},{"linkType":"INTERNAL","id":"migrated-link-14","params":{"boardId":"cyber-million-blog","categoryId":"cyber-million"},"routeName":"BlogBoardPage"},{"linkType":"EXTERNAL","id":"migrated-link-15","url":"https://www.immersivelabs.com/resources/cybermillion","target":"BLANK"}],"linkType":"INTERNAL","id":"migrated-link-12","params":{"categoryId":"cyber-million"},"routeName":"CategoryPage"}]},"style":{"boxShadow":"0","linkFontWeight":"500","controllerHighlightColor":"#E45C65","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkFontSize":"16px","linkBoxShadowHover":"none","backgroundOpacity":1,"controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerBgColor":"transparent","linkTextBorderBottom":"none","hamburgerColor":"var(--lia-nav-controller-icon-color)","brandLogoHeight":"80px","linkLetterSpacing":"normal","linkBgHoverColor":"transparent","collapseMenuDividerOpacity":0.16,"paddingBottom":"0px","dropdownPaddingBottom":"15px","dropdownMenuOffset":"2px","hamburgerBgHoverColor":"transparent","borderBottom":"0","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","linkJustifyContent":"flex-end","linkColor":"var(--lia-bs-body-bg)","collapseMenuDividerBg":"var(--lia-nav-link-color)","dropdownPaddingTop":"10px","controllerHighlightTextColor":"var(--lia-yiq-dark)","controllerTextColor":"var(--lia-nav-controller-icon-color)","background":{"imageAssetName":"","color":"var(--lia-bs-body-color)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-primary)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"0","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","linkPaddingX":"10px","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","paddingTop":"0px","linkPaddingY":"5px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.1)","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkBgColor":"transparent","linkDropdownPaddingY":"9px","controllerIconColor":"var(--lia-bs-body-bg)","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"var(--lia-bs-body-bg)"},"showSearchIcon":true,"languagePickerStyle":"iconAndLabel"},"__typename":"QuiltComponent"},{"id":"community.widget.bannerWidget","props":{"backgroundColor":"transparent","visualEffects":{"showBottomBorder":true},"backgroundOpacity":50,"backgroundImageProps":{"backgroundSize":"COVER","backgroundPosition":"CENTER_CENTER","backgroundRepeat":"NO_REPEAT"},"fontColor":"var(--lia-bs-body-bg)"},"__typename":"QuiltComponent"},{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"var(--lia-bs-body-color)","linkHighlightColor":"var(--lia-bs-body-bg)","visualEffects":{"showBottomBorder":false},"backgroundOpacity":100,"linkTextColor":"var(--lia-bs-body-bg)"},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"footer":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"var(--lia-bs-gray-200)","items":[{"id":"community.widget.footerWidget","props":null,"__typename":"QuiltComponent"},{"id":"custom.widget.Custom_Scripts","props":{"widgetVisibility":"signedInOrAnonymous","customComponentId":"custom.widget.Custom_Scripts","useBackground":false},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"__typename":"QuiltWrapper","localOverride":false},"localOverride":false},"CachedAsset:text:en_US-components/common/ActionFeedback-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1740587331000","value":{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes Saved","editedGroupHub.message":"Your group has been updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be redirected to the homepage","resetTokenExpired.title":"Reset Password Link has Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new activity and reminded as the event approaches","eventInterested.title":"Responded as Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is archived","redirectToRelatedPage.message":"The content you are trying to access is archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived Content"},"localOverride":false},"CachedAsset:component:custom.widget.Custom_Scripts-en-1743423784705":{"__typename":"CachedAsset","id":"component:custom.widget.Custom_Scripts-en-1743423784705","value":{"component":{"id":"custom.widget.Custom_Scripts","template":{"id":"Custom_Scripts","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Custom_Scripts","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:text:en_US-components/community/Breadcrumb-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1740587331000","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBanner-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBanner-1740587331000","value":{"messageMarkedAsSpam":"This post has been marked as spam","messageMarkedAsSpam@board:TKB":"This article has been marked as spam","messageMarkedAsSpam@board:BLOG":"This post has been marked as spam","messageMarkedAsSpam@board:FORUM":"This discussion has been marked as spam","messageMarkedAsSpam@board:OCCASION":"This event has been marked as spam","messageMarkedAsSpam@board:IDEA":"This idea has been marked as spam","manageSpam":"Manage Spam","messageMarkedAsAbuse":"This post has been marked as abuse","messageMarkedAsAbuse@board:TKB":"This article has been marked as abuse","messageMarkedAsAbuse@board:BLOG":"This post has been marked as abuse","messageMarkedAsAbuse@board:FORUM":"This discussion has been marked as abuse","messageMarkedAsAbuse@board:OCCASION":"This event has been marked as abuse","messageMarkedAsAbuse@board:IDEA":"This idea has been marked as abuse","preModCommentAuthorText":"This comment will be published as soon as it is approved","preModCommentModeratorText":"This comment is awaiting moderation","messageMarkedAsOther":"This post has been rejected due to other reasons","messageMarkedAsOther@board:TKB":"This article has been rejected due to other reasons","messageMarkedAsOther@board:BLOG":"This post has been rejected due to other reasons","messageMarkedAsOther@board:FORUM":"This discussion has been rejected due to other reasons","messageMarkedAsOther@board:OCCASION":"This event has been rejected due to other reasons","messageMarkedAsOther@board:IDEA":"This idea has been rejected due to other reasons","messageArchived":"This post was archived on {date}","relatedUrl":"View Related Content","relatedContentText":"Showing related content","archivedContentLink":"View Archived Content"},"localOverride":false},"CachedAsset:text:en_US-components/community/FooterWidget-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/community/FooterWidget-1740587331000","value":{"homeLink":"Community Home","topOfPage":"Top of Page","buildHash":"Build Hash:","buildNumber":"Build Number:","buildTime":"Build Time:","privacyPolicy":"Privacy Policy","helpLink":"Help"},"localOverride":false},"Category:category:welcome":{"__typename":"Category","id":"category:welcome","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Blog:board:community-blog":{"__typename":"Blog","id":"board:community-blog","blogPolicies":{"__typename":"BlogPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:events":{"__typename":"Category","id":"category:events","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:cyber-million":{"__typename":"Category","id":"category:cyber-million","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:cyber-million":{"__typename":"Forum","id":"board:cyber-million","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Blog:board:cyber-million-blog":{"__typename":"Blog","id":"board:cyber-million-blog","blogPolicies":{"__typename":"BlogPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Occasion:board:community-events":{"__typename":"Occasion","id":"board:community-events","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"occasionPolicies":{"__typename":"OccasionPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:community-forum":{"__typename":"Forum","id":"board:community-forum","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:help":{"__typename":"Forum","id":"board:help","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:get-started":{"__typename":"Tkb","id":"board:get-started","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"QueryVariables:TopicReplyList:message:1460:2":{"__typename":"QueryVariables","id":"TopicReplyList:message:1460:2","value":{"id":"message:1460","first":10,"sorts":{"kudosSumWeight":{"direction":"DESC","order":0},"postTime":{"direction":"ASC","order":1}},"repliesFirst":3,"repliesFirstDepthThree":1,"repliesSorts":{"kudosSumWeight":{"direction":"DESC","order":0},"postTime":{"direction":"ASC","order":1}},"useAvatar":true,"useAuthorLogin":true,"useAuthorRank":true,"useBody":true,"useKudosCount":true,"useTimeToRead":false,"useMedia":false,"useReadOnlyIcon":false,"useRepliesCount":true,"useSearchSnippet":false,"useAcceptedSolutionButton":false,"useSolvedBadge":false,"useAttachments":false,"attachmentsFirst":5,"useTags":true,"useNodeAncestors":false,"useUserHoverCard":false,"useNodeHoverCard":false,"useModerationStatus":true,"usePreviewSubjectModal":false,"useMessageStatus":true}},"ROOT_MUTATION":{"__typename":"Mutation"},"CachedAsset:text:en_US-components/community/Navbar-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1740587331000","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","migrated-link-9":"Events","external-1":"Help Centre","migrated-link-7":"Customer Stories Blog","migrated-link-8":"SME Blog","customer-blog":"Product Updates","migrated-link-1":"Community Blog","the-human-connection-blog":"Human Connection Blog","migrated-link-2":"Community Forum","Common-external-link":"Community Challenge","migrated-link-0":"Community","migrated-link-5":"Customer Blog","migrated-link-6":"Cyber Threat Research Blog","migrated-link-3":"Help","migrated-link-4":"Learn","cyber-countdown-link":"Cyber Countdown","migrated-link-14":"Cyber Million Blog","migrated-link-15":"Cyber Million Website","migrated-link-12":"Cyber Million","migrated-link-13":"Ask a Question","welcome":"Get Started","external-3":"Answer Questions","external-2":"Answer Questions","migrated-link-10":"Customer Events","migrated-link-11":"Community Events","cybertrust-massachusetts-link":"CyberTrust Massachusetts","get-started-link":"Get Started","help":"Ask a Question","external":"Immersive Blog"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1740587331000","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1740587331000","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1740587331000","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/search/SpotlightSearchIcon-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/search/SpotlightSearchIcon-1740587331000","value":{"search":"Search"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1740587331000","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1740587331000","value":{"place":"Place {name}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewStandard-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewStandard-1740587331000","value":{"anonymous":"Anonymous","author":"{messageAuthorLogin}","authorBy":"{messageAuthorLogin}","board":"{messageBoardTitle}","replyToUser":" to {parentAuthor}","showMoreReplies":"Show More","replyText":"Reply","repliesText":"Replies","markedAsSolved":"Marked as Solved","movedMessagePlaceholder.BLOG":"{count, plural, =0 {This comment has been} other {These comments have been} }","movedMessagePlaceholder.TKB":"{count, plural, =0 {This comment has been} other {These comments have been} }","movedMessagePlaceholder.FORUM":"{count, plural, =0 {This reply has been} other {These replies have been} }","movedMessagePlaceholder.IDEA":"{count, plural, =0 {This comment has been} other {These comments have been} }","movedMessagePlaceholder.OCCASION":"{count, plural, =0 {This comment has been} other {These comments have been} }","movedMessagePlaceholderUrlText":"moved.","messageStatus":"Status: ","statusChanged":"Status changed: {previousStatus} to {currentStatus}","statusAdded":"Status added: {status}","statusRemoved":"Status removed: {status}","labelExpand":"expand replies","labelCollapse":"collapse replies","unhelpfulReason.reason1":"Content is outdated","unhelpfulReason.reason2":"Article is missing information","unhelpfulReason.reason3":"Content is for a different Product","unhelpfulReason.reason4":"Doesn't match what I was searching for"},"localOverride":false},"CachedAsset:text:en_US-components/messages/ThreadedReplyList-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/ThreadedReplyList-1740587331000","value":{"title":"{count, plural, one{# Reply} other{# Replies}}","title@board:BLOG":"{count, plural, one{# Comment} other{# Comments}}","title@board:TKB":"{count, plural, one{# Comment} other{# Comments}}","title@board:IDEA":"{count, plural, one{# Comment} other{# Comments}}","title@board:OCCASION":"{count, plural, one{# Comment} other{# Comments}}","noRepliesTitle":"No Replies","noRepliesTitle@board:BLOG":"No Comments","noRepliesTitle@board:TKB":"No Comments","noRepliesTitle@board:IDEA":"No Comments","noRepliesTitle@board:OCCASION":"No Comments","noRepliesDescription":"Be the first to reply","noRepliesDescription@board:BLOG":"Be the first to comment","noRepliesDescription@board:TKB":"Be the first to comment","noRepliesDescription@board:IDEA":"Be the first to comment","noRepliesDescription@board:OCCASION":"Be the first to comment","messageReadOnlyAlert:BLOG":"Comments have been turned off for this post","messageReadOnlyAlert:TKB":"Comments have been turned off for this article","messageReadOnlyAlert:IDEA":"Comments have been turned off for this idea","messageReadOnlyAlert:FORUM":"Replies have been turned off for this discussion","messageReadOnlyAlert:OCCASION":"Comments have been turned off for this event"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageReplyCallToAction-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageReplyCallToAction-1740587331000","value":{"leaveReply":"Leave a reply...","leaveReply@board:BLOG@message:root":"Leave a comment...","leaveReply@board:TKB@message:root":"Leave a comment...","leaveReply@board:IDEA@message:root":"Leave a comment...","leaveReply@board:OCCASION@message:root":"Leave a comment...","repliesTurnedOff.FORUM":"Replies are turned off for this topic","repliesTurnedOff.BLOG":"Comments are turned off for this topic","repliesTurnedOff.TKB":"Comments are turned off for this topic","repliesTurnedOff.IDEA":"Comments are turned off for this topic","repliesTurnedOff.OCCASION":"Comments are turned off for this topic","infoText":"Stop poking me!"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/BuildInformation-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/BuildInformation-1740587331000","value":{"buildHash":"Build Hash: {buildHash}","buildNumber":"Build Number: {buildNumber}","buildTime":"Build Time: {buildTime}"},"localOverride":false},"CachedAsset:text:en_US-components/community/KhorosLogo-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/community/KhorosLogo-1740587331000","value":{"alt":"Powered By Khoros"},"localOverride":false},"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstOS1zNm9LWmk\"}":{"__typename":"AssociatedImage","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstOS1zNm9LWmk","height":160,"width":141,"mimeType":"image/png"},"Rank:rank:9":{"__typename":"Rank","id":"rank:9","position":19,"name":"Bronze II","color":"C69A70","icon":{"__ref":"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstOS1zNm9LWmk\"}"},"rankStyle":"FILLED"},"User:user:690":{"__typename":"User","id":"user:690","uid":690,"login":"jamesstammers","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2024-12-03T01:03:28.850-08:00"},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/m_assets/avatars/default/avatar-4.svg?time=0"},"rank":{"__ref":"Rank:rank:9"},"entityType":"USER","eventPath":"community:dnvaw96485/user:690"},"ModerationData:moderation_data:1465":{"__typename":"ModerationData","id":"moderation_data:1465","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":"member"},"BlogReplyMessage:message:1465":{"__typename":"BlogReplyMessage","author":{"__ref":"User:user:690"},"id":"message:1465","revisionNum":1,"uid":1465,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Blog:board:the-human-connection-blog"},"parent":{"__ref":"BlogTopicMessage:message:1460"},"conversation":{"__ref":"Conversation:conversation:1460"},"subject":"Re: Human Connection Challenge: Season 1 – Web Exploitation","moderationData":{"__ref":"ModerationData:moderation_data:1465"},"body":"
Really enjoyed this one! I actually managed to take an educated guess at the login directory without using dirbuster 😂 To find the password via SQL injection I just entered the username that had been previously found then did the exact same exploit I used for the username in the password field.
Looking forward to the next one!
","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"203","kudosSumWeight":2,"repliesCount":0,"postTime":"2025-01-27T04:12:38.566-08:00","lastPublishTime":"2025-01-27T04:12:38.566-08:00","metrics":{"__typename":"MessageMetrics","views":43},"visibilityScope":"PUBLIC","placeholder":false,"originalMessageForPlaceholder":null,"entityType":"BLOG_REPLY","eventPath":"category:blogs/community:dnvaw96485board:the-human-connection-blog/message:1460/message:1465","replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1740587331000","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageCoverImage-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageCoverImage-1740587331000","value":{"coverImageTitle":"Cover Image"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeTitle-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeTitle-1740587331000","value":{"nodeTitle":"{nodeTitle, select, community {Community} other {{nodeTitle}}} "},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTimeToRead-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTimeToRead-1740587331000","value":{"minReadText":"{min} MIN READ"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1740587331000","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1740587331000","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserRank-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserRank-1740587331000","value":{"rankName":"{rankName}","userRank":"Author rank {rankName}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1740587331000","value":{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected time: {time}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1740587331000","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageCustomFields-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageCustomFields-1740587331000","value":{"CustomField.default.label":"Value of {name}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageRevision-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageRevision-1740587331000","value":{"lastUpdatedDatePublished":"{publishCount, plural, one{Published} other{Updated}} {date}","lastUpdatedDateDraft":"Created {date}","version":"Version {major}.{minor}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1740587331000","value":{"title":"Query Handler"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageReplyButton-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageReplyButton-1740587331000","value":{"repliesCount":"{count}","title":"Reply","title@board:BLOG@message:root":"Comment","title@board:TKB@message:root":"Comment","title@board:IDEA@message:root":"Comment","title@board:OCCASION@message:root":"Comment"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageAuthorBio-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageAuthorBio-1740587331000","value":{"sendMessage":"Send Message","actionMessage":"Follow this blog board to get notified when there's new activity","coAuthor":"CO-PUBLISHER","contributor":"CONTRIBUTOR","userProfile":"View Profile","iconlink":"Go to {name} {type}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1740587331000","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/ranks/UserRankLabel-1740587331000","value":{"altTitle":"Icon for {rankName} rank"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserRegistrationDate-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserRegistrationDate-1740587331000","value":{"noPrefix":"{date}","withPrefix":"Joined {date}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeAvatar-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeAvatar-1740587331000","value":{"altTitle":"Node avatar for {nodeTitle}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeDescription-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeDescription-1740587331000","value":{"description":"{description}"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagView/TagViewChip-1740587331000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagView/TagViewChip-1740587331000","value":{"tagLabelName":"Tag name {tagName}"},"localOverride":false}}}},"page":"/blogs/BlogMessagePage/BlogMessagePage","query":{"boardId":"the-human-connection-blog","messageSubject":"human-connection-challenge-season-1-–-web-exploitation","messageId":"1460"},"buildId":"q_bLpq2mflH0BeZigxpj6","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","openTelemetryClientEnabled":false,"openTelemetryConfigName":"immersivelabs","openTelemetryServiceVersion":"25.2.0","openTelemetryUniverse":"prod","openTelemetryCollector":"http://localhost:4318","openTelemetryRouteChangeAllowedTime":"5000","apolloDevToolsEnabled":false,"inboxMuteWipFeatureEnabled":false},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["./components/community/Navbar/NavbarWidget.tsx","./components/community/Breadcrumb/BreadcrumbWidget.tsx","./components/blogs/BlogArticleWidget/BlogArticleWidget.tsx","./components/community/FooterWidget/FooterWidget.tsx","./components/customComponent/CustomComponent/CustomComponent.tsx","./components/messages/MessageView/MessageViewStandard/MessageViewStandard.tsx","./components/messages/ThreadedReplyList/ThreadedReplyList.tsx","./components/community/FooterWidgetHelpLink/FooterWidgetHelpLink.tsx","./components/community/KhorosLogo/KhorosLogo.tsx","../shared/client/components/common/List/UnstyledList/UnstyledList.tsx","./components/messages/MessageView/MessageView.tsx","./components/customComponent/CustomComponentContent/TemplateContent.tsx","../shared/client/components/common/List/UnwrappedList/UnwrappedList.tsx","./components/tags/TagView/TagView.tsx","./components/tags/TagView/TagViewChip/TagViewChip.tsx"],"appGip":true,"scriptLoader":[]}
Immerser
