Featured Discussions
Welcome to our new Community, we are so happy that you have joined us and we'd love to get to know you all. Please introduce yourself in this thread by telling us a little bit about yourself and your...
133Comments
Do you have what it takes to escape The Maze?
Put your offensive security skills to the ultimate test in eight of the most challenging OffSec labs ever assembled by the Immersive team.
Whether y...
2Comments
What was the first level 9 lab you conquered? :). It does not matter that you will seek advice from other giants, or that you will manage to complete it on your own: share your journey with us!; to ...
10Comments
Forum Widgets
Recent Discussions
Burp Suite Basics: Intruder - Stuck on missing password.txt
Hello community, I'm stuck in lab https://mercedes-benz.immersivelabs.online/v2/labs/burp-basics-intruder/series/burp-suite. The attack to carry out is about a brute-force guess on mfogg1's password using the intruder. The briefing states: Brute force the login page using the password.txt list against the user mfogg1. I'm missing that password.txt file, where the heck is it? I carried out an intruder attack (Cluster bomb) using well known passwords from /usr/share/wordlists/metasploit/burnet_top_1024.txt without success. Even worse, testing those 200 attacks (there are only 200 passwords in that file), tooks quite a considerable time. I must have missed something about the location of that obscure password.txt file. I'm stuck. Perhaps someone can shed a light on this. Thanks in advance, WolfgangDid you Escape the Haunted Hollow this year?
👻 Boo! Earlier this month we threw open the creaking gates and invited you to Return to Haunted Hollow to take on 9 more spine-chilling labs designed to test your skills and sanity alike... but many of you conjured up your courage and tackled the challenge like ghouls rising at midnight. In total, 535 brave souls dared to venture into the Hollow, but only 47 emerged from the eerie gloom. As of now, we've witnessed over 2500 doomed attempts, with a mere 1200 miraculous escapes... these labs were truly terror-inducing. There are no treats this time around, it was just a bit of spooky fun. But let us highlight a few community members who survived to tell the tale... 🎃 First to Finish The unstoppable steven was the first community member to escape the Haunted Hollow despite giving everyone else a 2 day head start. 🦇 Fastest to Complete en4rab managed to flee in just 9 hours, the quickest of all community members. 🧛 Most Accurate A quick escape was not enough for en4rab! They were clearly unspooked as they managed to achieve a 97% accuracy rate... the highest of all community members. 🧟 Most Persistent A-Rai-Col braved the fear and despair and refused to give up , ultimately escaping after 14 attempts. Congratulations to all of our survivors. For those still trapped in Haunted Hollow, fear not! These labs will be lurking around for you to attempt again and again. Whether you're a seasoned crypt keeper of the cybersecurity world or a curious newcomer, there's a fright waiting for everyone in this immersive capture-the-flag experience! For those souls who embraced the horror and loved every spine-tingling moment, keep an eye on the community next week and be the first to hear the eerie whispers about our brand new Lab Challenge Series launching Monday 4th!6likes5CommentsIncident Response: Suspicious Email – Part 3
Hey all I am stuck at the ImmersiveLab Incident Response: Suspicious Email – Part 3 - Q3. "The malware persists through reboots. What is the registry key value’s name that results in the malware executing automatically?" There is an entry on HKCU Run for the Administrator. Am I on the right track? No matter what I enter it does not accept it. kr0likes1CommentICS Malware: Triton ModuleNotFoundError: No module named 'pefile
when running this command: python3 python_exe_unpack.py -i /home/iml-user/Desktop/Lab-Files/trilog.exe -o /home/iml-user/Desktop/Lab-Files Traceback (most recent call last): File "python_exe_unpack.py", line 14, in <module> import pefile ModuleNotFoundError: No module named 'pefile' Tried pip3 install pefile but failed. Please advise.0likes1CommentWelcome to our newest members!
We missed a week or so of welcomes recently, so let's shout out you all at once 😁 peabody SecureMongoose EirikLothbrook ansghof RobtCBe11GPS Øgrav qamishan petercs cf123 CKenobi smithy111999 SaliouDiallo Shaina RetroFavori reddarts uht23 schroeder travis_sk SetecAstronomy emocookie12 George_C MKhouri Test 3ichie3ich h4lpy JJAlves gamerayers Bolurin victory jjdeno99 pwn6394 Sw33p struc leowjunwei asif tonysena BottledWater ObiKahn Anju Getting started? How to Get Started in the Community | Immersive Community - 1012 We run Labs Live, and then put the recordings up for you to watch: Labs Live: Reverse Engineering | Immersive Community - 2923 Want to ask a question, or maybe you can help answer someone's: Help Otherwise... Welcome!3likes1CommentImmersive lab Ghidra, Ep2.
In This lab I have answered all of the questions except question 4 - "Using the function graph on the main function, what is the starting address of the last basic block?" It is not clear which block the "last" one is. I have entered the starting address of all basic blocks but none are correct. Is there some secret to this question that I haven't discovered yet?1like4CommentsServer-Side Request Forgery Web App Hacking
I've been banging my head against this for a few hours now and worked my way all the way through to step 7. I am not able to retrieve /tmp/token.txt. I've tried modifying the "url" param key and found it throws a 500 for anything I've tried other than "url". I've tried modifying the "url" value to use directory traversal and "///tmp/token.txt", "/tmp/token.txt". Still no luck. I've also tried using the original url paths and the bypass I used to view the config file for the bot and I get 404's back. I think the lab could have an issue? I have screenshots but didn't want to share them unless asked to not reveal any answers. Any help is appreciated.Solved0likes2Comments