challenges
72 TopicsServer-Side Request Forgery Web App Hacking
I've been banging my head against this for a few hours now and worked my way all the way through to step 7. I am not able to retrieve /tmp/token.txt. I've tried modifying the "url" param key and found it throws a 500 for anything I've tried other than "url". I've tried modifying the "url" value to use directory traversal and "///tmp/token.txt", "/tmp/token.txt". Still no luck. I've also tried using the original url paths and the bypass I used to view the config file for the bot and I get 404's back. I think the lab could have an issue? I have screenshots but didn't want to share them unless asked to not reveal any answers. Any help is appreciated.Solved20Views0likes2CommentsAdvanced CTF Challenge: Hardened Maze
Hi Team, I found file upload options on one port but get information: "For authorized personnel: Upload a critical security patch." I tried with many extension with curl and POST method with -F "exe_file=@filename" Unfortunately, it does not accept any of my combinations. You can give us some clue as to how to approach this 🙂Solved163Views1like9CommentsThe Maze Challenge
Put your Offensive Security skills to the ultimate test in eight of the most challenging offensive labs ever assembled by the Immersive team - welcome to The Maze! Navigate a series of eight “mazes” of increasing complexity based on real-world-inspired cyber attack scenarios, testing a variety of offensive skills, such as web, infrastructure, Active Directory, scripting, and binary exploitation. Best of all, taking part gives you a fantastic opportunity to win exclusive challenge coins and be recognized in our Cyber Resilience Awards during Cyber Awareness Month! Do you think you have what it takes to escape The Maze? Try it Now: Maze Want to get a head start on the competition? Join the fiendish minds behind The Maze in the Immersive community, Tuesday 19th August, for a Live walkthrough of the first lab in the series “The Improbable Maze” and providing hints and tips that will help you to escape some of the other mazes. Register Now: Labs Live435Views2likes9CommentsBlood Maze
The Maze Challenge consists of a series of eight “mazes” of increasing complexity based on real-world-inspired cyber attack scenarios, testing a variety of offensive skills, such as web, infrastructure, Active Directory, scripting, and binary exploitation. The Maze is Offline In this challenging lab, the maze itself has been intentionally taken offline, meaning direct interaction is impossible. Your task is to discover and exploit weaknesses in the underlying systems or infrastructure that host the maze to gain access and complete your objective. 🏅 Exclusive Community Challenge Coins are available to any community member who escapes this maze. Need a hint to help you escape this maze? SabrinaKayaci and StefanApostol will be on hand in this webinar to answer your questions and point you in the right direction. To locate the Maze Challenge navigate to Exercise > Challenges & Scenarios > Maze Good Luck!41Views1like1CommentHalloween Labs - ideas, suggestions, wants 👻🎃🦇
What would you want to see from future Halloween labs? Did you really enjoy a particular aspect of previous years? Any technologies, themes, rewards you want to see? Want more Community content - webinars, events, media within the labs? 👻🎃🦇137Views3likes6CommentsNew Maze Challenge is now LIVE!
Do you have what it takes to escape The Maze? Put your offensive security skills to the ultimate test in eight of the most challenging OffSec labs ever assembled by the Immersive team. Whether you’re an experienced Red Teamer, or fancy yourself an offensive security superstar, this one’s for you! Check out the new Community Challenges Area today to find out more about The Maze and how to take part: Maze49Views2likes2CommentsI'm stucked in "A Christmas Catastrophe: Let It Snow".
I'm stucked in "A Christmas Catastrophe: Let It Snow". I've tried a lot of things: Fill the <error> characters with the ones defines with only one space and repeated Try to discover the word holiday Try to find a pattern of the encryption to fill the non defined letters Can somebody help me?Solved51Views0likes6CommentsAdvanced CTF Challenge: Improbable Maze
I have the token from the POST but when I put in under Repeater and change the key value to 4, 4, like what was shown in the live training session, I only receive back the response: Too Slow. Not sure what I am missing to get the token value.Solved109Views1like4CommentsModern Encryption: Demonstrate Your Skills
Hi there, I have completed all questions except for Q.10 which involves the decryption of an RSA-encrypted file. To the best of my knowledge, a private key is required to decrypt this asymmetrically encrypted file, but I only see a public "public.pem" key in the "~/Desktop/Lab-Files" directory. Am I missing something? I have completed all the other questions so I believe all necessary files/tokens should have already been generated. Any help would be much appreciated. Many thanks, Pete158Views3likes5Comments