The Human Connection Challenge Lab 1: Basic OS Skills – Walkthrough Guide (Community Version)
This is a walkthrough guide written by one of our community members, who offered to give their perspective on the challenge. Interestingly, they approached this challenge by completing some of the tasks in the graphical user interface (GUI) instead of the command line.
CVE-2021-22205 (GitLab) – Defensive
Hello, I'm going through some old labs I haven't managed to complete. This one's a bit of a beast. I can get a reverse shell, I can see I am git. however I cannot for the life of me Identify the NGINX log files. this doesn't return anything from the shell or when I am shh'd into the gitlab server find / -type f -name "gitlab_access.log" 2>/dev/null and this isn't returning anything from either the shell or ssh session iml-user@defsec:~/Desktop$ sigmac -t grep sigma.yml grep -P -i '^(?:.*(?=.*POST)(?=.*499))' any clues gratefully received ;)Burp Suite Basics: Intruder - Stuck on missing password.txt
Hello community, I'm stuck in lab https://mercedes-benz.immersivelabs.online/v2/labs/burp-basics-intruder/series/burp-suite. The attack to carry out is about a brute-force guess on mfogg1's password using the intruder. The briefing states: Brute force the login page using the password.txt list against the user mfogg1. I'm missing that password.txt file, where the heck is it? I carried out an intruder attack (Cluster bomb) using well known passwords from /usr/share/wordlists/metasploit/burnet_top_1024.txt without success. Even worse, testing those 200 attacks (there are only 200 passwords in that file), tooks quite a considerable time. I must have missed something about the location of that obscure password.txt file. I'm stuck. Perhaps someone can shed a light on this. Thanks in advance, Wolfgang
Rails: SQL Injection (Bugged?)
IDK what's going on with this lab but sometimes it tells me my code works sometimes it tells me it doesn't? The instructions tell you exactly what to do I follow those and it still claims it's insecure? Is there something else that needs to be done with this? I can post the code that I'm trying to submit if someone would like, but I was able to do all the ones before very easily and the one right after but this one either has something else that needs to be done that isn't clearly stated or it's bugged.Your first lab level 9
What was the first level 9 lab you conquered? :). It does not matter that you will seek advice from other giants, or that you will manage to complete it on your own: share your journey with us!; to get the token or become root on that server. I start: I think that my first conquest of Lab level 9 is related to debugging ByteCode in Java (and only a few days ago!): my background is Oracle, and from years ago, so imagine how lost I was :). After loading the project into the IDE (along with the required plugin) I started debugging bit by bit... until one particular string caught my attention; it stood out from the rest!. And it was the solution :). Good luck!
