Derrick's Doughnut Admin
In the Intro to Web App Hacking: Mapping Web Applications course, the last step I'm instructed to: Return to the /login page and log in as the admin of the site. What is the token you receive? www.derricksdoughnuts.com is the site and I've searched a lot but can't find the Admin credentials. Please advise.
PowerShell Deobfuscation: Ep 8 help
I have been stuck on this EP for a week and haven't been able to progress. I am hoping someone can give me a hint to help me get through this one. Here is what I have done so far. I take the original encoded message and apply "FromBase64" and then "Raw Inflate" and I get the following data: You can see it outputs another command that also needs to decoded using the same steps above. That output gives you this... It outputs a string of characters but no obvious way to get this readable. I have tried bit-shifting, rotating characters, and a bunch of other tests and nothing has shown me anything that is remotely readable. I assume I am missing something simple but every time I read it back through, I don't see what I missed. Any help you can provide would be greatly appreciated.Foundational Static Analysis: API Analysis
Hi all, I'm stuck in this part, where using Ghidra, I have to find where the Windows API GetModuleHandleA is used, in the binary called exercise_two.exe, and once located, find the parameter of this function. Taking a look about GetModuleHandleA, there's no references or calls to API in any part of the code. Also tried to look for references to GetProcAddress or LoadLibrary and nothing. Am doing something wrong? Any idea to find the "parameter" of the function that calls to the API?. Is the only question from this part remaining... Thanks and regards.
Hack Your First Web App: Ep.6 – Demonstrate Your Skills
Hi, no matter what I try I can't get the token to come up for the XSS on the final question of this lab. I'm logged in on the right screen as the right person but I can't find where I'm meant to be injecting the XSS. Any help would be appreciated please :)How to use Immersive cyber ranges for cyber threat research?
Want to know how to take advantage of the cyber ranges platform to do malware and adversary research in a sandboxed environment? In this post, I’ll walk you through how to get access to the Heimdall Detection Engineering template for CTI so you can do just that! The Heimdall template is a domain-joined range that contains workstations, a domain controller, and security tooling that you’d ordinarily find in a real network. The purpose of this template is to enable cyber threat research, where you can launch attacks and malware, capture indicators of compromise through tools like Velociraptor, a SIEM network packet capture tool, and some analyst workstations with a bunch of analysis and reverse engineering tools. With that said, let’s get started. Firstly, you’ll need to go to the cyber ranges sign-up page and sign up with a name and email address. After hitting “Sign up”, you’ll need to go to your email and find the confirmation email to get your credentials, then go back to the cyber ranges website and log in with your new credentials. After signing in, you’ll be in the main ranges dashboard. You’ll need to connect your own Amazon Web Services (AWS) account to use ranges, as provisioning machines will cost money for every hour that they are active or stored. Once you’ve connected your AWS account, you can then go to “Range Templates” and launch the Heimdall range.
Anyone finished the "Etherium Smart Contracts"?
Need help on three labs on the Ethereum smart contracts. I managed to do some but stuck on 3 of them so far: Ethereum: Contract Challenge 2 – Sisyphean Brute force the hash? Ethereum: Contract Challenge 4 – Random Can't get my code to work for prediciting the numbers... Ethereum: Contract Challenge 5 – Robin Hood Absolutely no idea.... Any help would be appreciated :)
