Lab 9: Macro Polo
Hello all, I am working on the new 3 labs from October 20th however I am not a really good coding person haha, I tried to analyze the macro_polo.nim and I was able to find a few flags but all of them wrong. In case anyone has already completed it, would you mind sharing a hint? Thanks!The Human Connection Challenge Lab 1: Basic OS Skills – Walkthrough Guide (Community Version)
This is a walkthrough guide written by one of our community members, who offered to give their perspective on the challenge. Interestingly, they approached this challenge by completing some of the tasks in the graphical user interface (GUI) instead of the command line.
CVE-2021-22205 (GitLab) – Defensive
Hello, I'm going through some old labs I haven't managed to complete. This one's a bit of a beast. I can get a reverse shell, I can see I am git. however I cannot for the life of me Identify the NGINX log files. this doesn't return anything from the shell or when I am shh'd into the gitlab server find / -type f -name "gitlab_access.log" 2>/dev/null and this isn't returning anything from either the shell or ssh session iml-user@defsec:~/Desktop$ sigmac -t grep sigma.yml grep -P -i '^(?:.*(?=.*POST)(?=.*499))' any clues gratefully received ;)Burp Suite Basics: Intruder - Stuck on missing password.txt
Hello community, I'm stuck in lab https://mercedes-benz.immersivelabs.online/v2/labs/burp-basics-intruder/series/burp-suite. The attack to carry out is about a brute-force guess on mfogg1's password using the intruder. The briefing states: Brute force the login page using the password.txt list against the user mfogg1. I'm missing that password.txt file, where the heck is it? I carried out an intruder attack (Cluster bomb) using well known passwords from /usr/share/wordlists/metasploit/burnet_top_1024.txt without success. Even worse, testing those 200 attacks (there are only 200 passwords in that file), tooks quite a considerable time. I must have missed something about the location of that obscure password.txt file. I'm stuck. Perhaps someone can shed a light on this. Thanks in advance, Wolfgang
Rails: SQL Injection (Bugged?)
IDK what's going on with this lab but sometimes it tells me my code works sometimes it tells me it doesn't? The instructions tell you exactly what to do I follow those and it still claims it's insecure? Is there something else that needs to be done with this? I can post the code that I'm trying to submit if someone would like, but I was able to do all the ones before very easily and the one right after but this one either has something else that needs to be done that isn't clearly stated or it's bugged.
