Forum Widgets
Recent Discussions
Can I format the text in an interlude with HTML?
I see that there is a way to add an HTML snippet in the text box for an interlude. Is this going to let me format the screen when displayed? I have tried some pretty simple HTML code, but it seems to only add a box in the interlude with the HTML code in it. Should the web browser execute the HTML code on my screen?
CSP Hash Incorrect Despite Correct Script and Hash (CSP Lab Issue?)
Hello all! I'm working on Introduction to Content Security Policy (CSP) Lab: Content Security Policy: Hashes exercise that requires generating the correct hash for an inline script like: <script>document.body.style.backgroundColor = "#ADDADE";</script> I’ve used both CyberChef and the SHA-256 JavaScript snippet to generate hashes like: sha256-+BWzTX+GJrse8ifajvHg6QFPdmE+JjXYmrYBn+kLITo= sha256-Msn/9dD1zBN7LGZyQyglKL9JMVyCsVqvZ7MAkmm/BpU= I've accounted for trailing newlines and whitespaces (CRLF, LF), used View Source (not dev tools), and verified that I'm hashing the exact script content. However, the lab continues to mark the answer as “incorrect.” Is this likely a glitch in the lab setup, or is there a common mistake I might be overlooking? Would appreciate any help or confirmation from someone who’s completed this lab or run into a similar problemActive Directory Basics: Demonstrate Your Skills
Hi there, I'm a little stuck on Q12 and would greatly appreciate some help. I have gone into each of the users profile below and tried to identify through - Properties>Account>Log on to - but to no avail as to who the user is on COMP-SIREN. Also as a process of elimination I have tried all the users that begin with L but still to no avail?
NHS Offensive Cyber Range: Armsdon Hospital
Hi all, Just wanted some advice on this as I am stuck. I managed to get into the intranet using SQL injection/union and extract all the usernames and passwords. I am not sure if I am on the wrong path or doing things in the wrong order for the next part. The FTP server seems to only be active on RDP. The DC has no samba vulnerabilities. So... I assume I try to use the credentials from the intranet to RDP to the DC/FTP (then after this elevate access using other techniques) but so far that has failed for the Armsdon users I have tried their users/passwords (from the intranet). Any tips welcome!Microsoft Defender for Cloud
Anyone having issues with the collection? I am receiving messaging that I am not licensed for it, but as a "Super" admin, I am thinking that the collection is actually down for maintenance. I have checked with a few others who are also at Admin level and they are seeing the same thing. Just making sure I did not consume too much eggnog yesterday....
Trick or Treat on Specter Street: Widow's Web
I am very stucked in Trick or Treat on Specter Street: Widow's Web I can't do none of the questions, but in any case I start by 4th that is the first answerable one Your first task is to simulate the loyal Crawlers. Run legitimate-crawler and inspect the output in Lab-Files to observe their behavior. To simulate the rogue Crawlers, you must discover the hidden paths on the website. Read the blog posts – they contain clues. Disallow these in Website-Files/robots.txt and run malicious-crawler. Inspect the output in Lab-Files. What is the token? I have created the robots.txt file since I understand that malicious-crawler goes expressedly there. My robots.txt contains all url's I can imagin Disallow: /secret Disallow: /treat Disallow: /hidden Disallow: /crypt Disallow: /warden Disallow: /rituals Disallow: /witch-secrets Disallow: /admin Disallow: /vault Disallow: /uncover Disallow: /post1 Disallow: /post2 Disallow: /post3 Disallow: /post4 Disallow: /contact Disallow: /drafts/rituals But the result of malicious-crawler.txt doesn't give me either a token nor a hint I have curl-ed all pages looking for words as token and nothing. I have found some key words in http://127.0.0.1:3000/witch-secrets as intercepted-incantations, decoded them and nothing. I have searched in spider-sigthings.log what hapened at 3.00 am but nothing Can someone gime me a hint?Trick or Treat on Specter Street: Ghost of the SOC
Hi there, Am I right as obvious that it may seem that for me to login to Kibana, I need to access this through the Elastic IP address that I have entered in my browser? If so I'm getting the error message on my screenshot. I tried this a few days ago as well and the problem persisted then as well.
If your question has been answered, help others by clicking:
