Forum Discussion

GusC's avatar
GusC
Icon for Bronze III rankBronze III
5 months ago

Threat Research: AMPscript Analysis

This is one of those labs that I return to periodically and then abandon after half an hour whilst scratching my head........Does anyone have any pointers about how to approach this? Which fields ne...
defensive cyber
GusC's avatar
GusC
Icon for Bronze III rankBronze III
5 months ago

Hi Netcat - yes thats exactly what I mean, I click on "preview" on the page web-hook.imlcabs.iml and I get "" unders JSON etc. 

Thanks Steven - I had already got Q5 and Q6 - I'm stuck on how to populate the web application to pull back the name of the attacker, using the key 5*** - do you have some info around that? 

 

steven's avatar
steven
Icon for Silver II rankSilver II
5 months ago

so, base for this hack is this --> https://www.assetnote.io/resources/research/gaining-access-to-ubers-user-data-through-ampscript-evaluation

try for the message:

Message:
%%[
SET @firstName = Lookup('driver_partners', 'firstname', 'partner_uuid', "5....")
]%%
Hi there I'm %%=V(@firstName)=%% and I created this tool.

btw, you'll find all the nessesairy messages to solve the lab in the log. maybe you need to use cyberchef and urldecode.

  • GusC's avatar
    GusC
    Icon for Bronze III rankBronze III
    5 months ago

    Thanks Steve I'll give that a go today.

    btw are you mrmouse? you must have a good score in IL! 

     

    • steven's avatar
      steven
      Icon for Silver II rankSilver II
      5 months ago

      yes, you found me. I have solved all labs so far in IL :)

      • GusC's avatar
        GusC
        Icon for Bronze III rankBronze III
        5 months ago

        superb - I've done the lab - thank you. I'm not sure I want to know how many points there is if you do all the labs.....but you can tell me if you want :)