Dependency Confusion
I feel as though I have exploited the vulnerability correctly and have gained RCE onto the server but I lack the sufficient privileges to access the token to complete the lab. I have no idea if I missed something but any help is appreciated. Commands used can be found below. Commands executedSolved512Views2likes6CommentsDigital Forensics: BitLocker Encrypted Drive
I have correctly calculated the offset and have no trouble using the bdemount command however I would appreciate some help with troubleshooting the error recieved when using the mount command. All my commands executed in the lab so far ThanksSolved400Views1like10CommentsTLS Fundamentals Ep.8 - Final Challenge
Hello together, i am stuck in the TLS Fundamentals final challenge at question 14. The question "Use the cipher suite DHE-RSA-AES128-SHA256 to connect on the port number found in the previous answer using TLS v1.2. What is the size of the Diffie-Hellman "Temp Key" used?" If i am connecting to the local host with this command: openssl s_client -connect localhost:8443 -cipher DHE-RSA-AES128-SHA256 -tls1_2 I get a connection fail, but if i use tls1_3, connection is working. But the found temp key value of 253 bits is not correct. Could you maybe guide me, where my mistake is? BenjaminSolved252Views1like1CommentConfusion on Cyber Fundamentals Linux CLI ep.16 question 6
Question 6 seems fairly straight forward but I have yet to stumble on the combination of commands the lab is looking for. The question is "In a single line: run sleep 600 to sleep in the background for 10 minutes then run touch emptyfile in the foreground to create an empty file." At first glance it seems to be leading the student to try something like sleep 600 & && touch emptyfile but that's invalid syntax. I've tried ( sleep 600 & ) && touch emptyfile but that doesn't work, I suspect because the && sees the success from the () being executed and immediately runs touch. I've tried ( sleep 600 && touch emptyfile ) & but after 10 minutes of waiting the lab never "detects" success which I'm guessing because the touch is ran from the background. I can't find the magic combination to satisfy a sleep command running in the background and then a touch command running in the foreground in a single oneline statement. Any hints would be appreciated, greatly.Solved201Views1like1CommentPowershell Deobsfuscation Ep.7
Team, has anyone ventured into PowerShell Deobsfucation yet? I’ve got to 7 no issues but I cannot get another further. The drama is every time you reset it’s a completely different code or it freezes or stutters. When it’s not being choppy it’s pure nails. I can’t ask an exact question as it keeps changing but more of how are you approaching it. Are you creating your own scripts to decode this, if so could you share ideas, are you copying it out to powershell decoder or manually doing it by hand or using cyberchef if so what actions are you selecting?Solved200Views0likes4CommentsReverse Engineering (Offensive) JavaScript Analysis: JSDetox
I'm stuck at below two questions Q6: Which variable does the initial script try to return? Q8: The exploit kit contains a large block of hex encoded shellcode stored in a variable. This shellcode is also XOR encoded. What is the single byte xor key? (In the format 0xNN e.g. 0x11.) So far I downloaded the HTTP objects via Wireshark, extracted the script to JSDetox then decoded base64 strings which resolves to other 2 scripts. With these steps I was able to answer other questions but I can't go any further, any guidance? Thanks in advanceSolved199Views1like9Comments