This is one of those labs that I return to periodically and then abandon after half an hour whilst scratching my head........Does anyone have any pointers about how to approach this?Which fields need to be populated in the webform? & which Test Contact Key is used? The one that's prepopulated: acb1730c-c3dc-4c1a-ad3d-207216370defor the one in the briefing: e2e6555a-64a5-43ed-984e-1d342780b72fmany thanks in advance - Gus

so, base for this hack is this --> https://www.assetnote.io/resources/research/gaining-access-to-ubers-user-data-through-ampscript-evaluationtry for the message:Message: %%[ SET @firstName = Lookup('driver_partners', 'firstname', 'partner_uuid', "5....") ]%% Hi there I'm %%=V(@firstName)=%% and I created this tool.btw, you'll find all the nessesairy messages to solve the lab in the log. maybe you need to use cyberchef and urldecode.

yes, you found me. I have solved all labs so far in IL :)

wow - that's an awesome score - I do, I will be in touch. thanks Steve

I'm close to that mark... steven, but I'd like to know your secret to not lose the illusion. Not so much to lose interest but to not get bored: of course in a few days there will be a new threat, a new lab, a new CVE but... what motivates you to be a little more curious? :). For many more labs conquered!.

Bluesman, honestly, it’s tough to pin down what exactly drives me. I’ve got this deep curiosity for all sorts of tech stuff, and it’s like I’m a sponge soaking up every bit of knowledge I can get my hands on. With IL, it's a mix of the challenge and the thirst for knowledge. Some labs took me 6 months to crack. At first, I had no idea where to even start. I needed to level up my knowledge just to figure it out. Around the 250-300k points mark, I hit up KieranRowley and asked how many points I’d need to hit the top rank. After that, it was simple: just finish everything, beat the system, and 'outsmart' the staff at IL and beat the system.I’m also active on the IL Reddit to help others out. My rule is to guide people to their answers, but I never just give them the solution. What I’ve learned is that security, from the perspective of an attacker, has become a commodity. Exploiting known CVEs is almost too easy now. It’s crazy, and honestly, it’s a wake-up call. People need to realize how easy it is to get pwned and how important security awareness really is.

GusC

Bronze III

2 months ago

Threat Research: AMPscript Analysis

This is one of those labs that I return to periodically and then abandon after half an hour whilst scratching my head........Does anyone have any pointers about how to approach this?

Which fields need to be populated in the webform?

& which Test Contact Key is used?

The one that's prepopulated: acb1730c-c3dc-4c1a-ad3d-207216370def

or the one in the briefing: e2e6555a-64a5-43ed-984e-1d342780b72f

many thanks in advance - Gus

defensive cyber

Forum Discussion

Threat Research: AMPscript Analysis

Featured Places

Help & Support Forum

Recent Discussions

Weaponization: Payloads – Obfuscation Using PowerShell

Discovery: Enumeration Scripts – Part 1

Windows Hardening: Ep.6 – Pivoting

DDOS Analysis: UDP Flood (Question 8)

Windows Basics: Ep.3 – Registry Roadblock