The Maze Challenge
Put your Offensive Security skills to the ultimate test in eight of the most challenging offensive labs ever assembled by the Immersive team - welcome to The Maze! Navigate a series of eight “mazes” of increasing complexity based on real-world-inspired cyber attack scenarios, testing a variety of offensive skills, such as web, infrastructure, Active Directory, scripting, and binary exploitation. Best of all, taking part gives you a fantastic opportunity to win exclusive challenge coins and be recognized in our Cyber Resilience Awards during Cyber Awareness Month! Do you think you have what it takes to escape The Maze? Try it Now: Maze Want to get a head start on the competition? Join the fiendish minds behind The Maze in the Immersive community, Tuesday 19th August, for a Live walkthrough of the first lab in the series “The Improbable Maze” and providing hints and tips that will help you to escape some of the other mazes. Register Now: Labs Live
Trick or Treat on Specter Street: Widow's Web
I am very stucked in Trick or Treat on Specter Street: Widow's Web I can't do none of the questions, but in any case I start by 4th that is the first answerable one Your first task is to simulate the loyal Crawlers. Run legitimate-crawler and inspect the output in Lab-Files to observe their behavior. To simulate the rogue Crawlers, you must discover the hidden paths on the website. Read the blog posts – they contain clues. Disallow these in Website-Files/robots.txt and run malicious-crawler. Inspect the output in Lab-Files. What is the token? I have created the robots.txt file since I understand that malicious-crawler goes expressedly there. My robots.txt contains all url's I can imagin Disallow: /secret Disallow: /treat Disallow: /hidden Disallow: /crypt Disallow: /warden Disallow: /rituals Disallow: /witch-secrets Disallow: /admin Disallow: /vault Disallow: /uncover Disallow: /post1 Disallow: /post2 Disallow: /post3 Disallow: /post4 Disallow: /contact Disallow: /drafts/rituals But the result of malicious-crawler.txt doesn't give me either a token nor a hint I have curl-ed all pages looking for words as token and nothing. I have found some key words in http://127.0.0.1:3000/witch-secrets as intercepted-incantations, decoded them and nothing. I have searched in spider-sigthings.log what hapened at 3.00 am but nothing Can someone gime me a hint?
CVE-2022-26134 (Confluence) – OGNL Injection
For Question 6. Look at the first exploit attempt by this attacker. What command did they run? I am wondering about why when sharing the commands found in the logs, it still outputs wrong. even if typing in "X-Cmd-Response" as the command as well as the entire string found. Wondering if they are exepecting a different format/snippet of the code, or the GET requests instead?
TerraPoint: Ep.10 – Global Synthesis
This is a crazy challenge. We need to get within 10m distance from a place in the middle of banana plantation in probably East Africa. No sign of any kind is visible. How do I even start? Based on the good condition of the paved road, my best guess is somewhere along Rwanda's National Route 1, but that's both uncertain and does not make the final pinning any easier.
