Forum Widgets
Recent Discussions
Templates do not add systems
Hello everybody, I just registered yesterday for snaplabs and wanted to deploy a template (does not matter which, I tried several). The problem I am encountering is, that snaplabs does not add any systems to the range and keeps on hanging. Here are some screenshots: Here are no instances listed: Also in the AWS dashboard, nothing but the IP shows up: What is wrong here? I simply clicked on a template, did not even change the name
AI: Plugin Injection - Demonstrate Your Skills
I cannot get the token.txt contents. I have tried 1. The following command in many forms (head, less, cat): 2. Attempted the command many times in the same session. Get a response that is about the same as above. 3. Restarted the systems many times. Tried it many different days. 4. Listed out plugins thought chat and do not see DirectoryListingPluginOld Really would like to complete this lab. Thanks!
AI: Plugin Injection – Demonstrate Your Skills
Hi I have a issue/problem here. I found the flaw in DirectoryListingPluginOld that you can craft a argument that executes a 2nd command. But everything I try, is rejected. With "&&" or ";" and then "less", "cat", "head". I even try to escape with "\\000" or "\\x00" the whole argument. I saw working solutions on reddit, but they don't work for me. Even after multiple tries. Is it possible, that the LLM is more secure regarding malicious prompts now? Thanks for a hint. BR
Incident Response Introduction to Detection Engineering: Ep.5 – Custom Alerting
Task 3 - Note: It may take a couple of minutes for the token to appear in the index. I'm struggling with the python that it's been taking too long to create a custom_alert_index to autimatically complete it. it's in Task 3 and I need the good code for the task to be completed and the token as well.
Snort Rules Ep.10 Q7
Stuck in Q7: Identify the suspicious domain that appears in both PCAP files. Create a Snort Rule to detect packets using this domain from the IP address in question 2. I've identified the domain used by the IP address in Q2. I've tried different ways but can't seem to narrow it down. Already spent so much time with this one question. I've answered 12 of 13. This is the only one left and I don't know what I'm missing. Am I misunderstanding the question? Here's my rule: alert tcp any any -> any 80 (msg: "Testing Alert" ; sid:1000001; content:"7b2cdd48.ngrok.io";) I've tried modifiers, I tried narrowing filter to just GET methods, actually specifying the destination or source IP and ports, adding "http://" to content. Sometimes I would narrow it down to matching 4 packets which is still "too many", or down to two packets, which is "not enough"... which tells me I need to match three packets. Any hints would be much appreciated at this point. Thanks!Cross_site Scripting DOM-based XSS vulnerability
I am doing the Cross-Site Scripting (XSS) DOM-based XSS lab and I am trying to get the last step of the lab which is identifying the DOM-based XSS vulnerability. I am pretty sure it would not be something like <script> alert("xss") </script> since I do not think Javascript would handle it. I am leaning towards the event handlers like onerror but haven't gotten it figured out quite yet. Any clues or suggestions would be appreciated.
If your question has been answered, help others by clicking:
