immersive labs application security

9 Topics

CVE-2022-26134 (Confluence) – OGNL Injection
For Question 6. Look at the first exploit attempt by this attacker. What command did they run? I am wondering about why when sharing the commands found in the logs, it still outputs wrong. even if typing in "X-Cmd-Response" as the command as well as the entire string found. Wondering if they are exepecting a different format/snippet of the code, or the GET requests instead?
kevinh
9 hours ago Place Help
14Views
0likes
1Comment
CVE-2022-30190 (Follina) ms-msdt Scheme Abuse – Offensive Question 11
Hey guys, wondering if when trying to upload the payload for "Question 11: In a browser, visit http://<TARGET_IP>:8080, upload the payload.docx file, then press Submit and Execute" if this error is supposed to be generated. After choosing the file after clicking browse sometimes this work. After executing nothing seems to happen though. even after 30 seconds of waiting.
Solved
kevinh
8 days ago Place Help
15Views
0likes
1Comment
Snort Rules: Ep.9 – Exploit Kits
I am pulling my hair with question number 8 Create a Snort rule to detect the third GET request in the second PCAP file, then submit the token. This one should do it but it is not working. alert tcp any any -> any any (msg:"detect the third GET request"; content:"e31e6edb08bf0ae9fbb32210b24540b6fl"; sid:1000001) I tried so many rules base on the first GET header and still unable to get the token. Any tips?
Solved
retornet
18 days ago Place Help
128Views
0likes
3Comments
Stuck On Secure Spring Developer (Beginner) URL Parameters Challenge
The lab is around trying to mediate a vulnerability by changing a GET request to a POST request in order to keep sensitive login information out of the URL params. But basically I don't know how I need to go about changing the code(apart from changing "GET" to "POST" on the login form and in a backend method). I'm at a total loss on this one so I'd really appreciate some guidance or an example. I wasn't sure if I should also be making changes to the mapping on the controller (although this isn't mentioned in the lab). These are the changes I have made so far <form th:action="@{/login}" method="POST"> protected LoginProcessingFilter(AuthenticationManager authenticationManager) { super(new AntPathRequestMatcher("/login", "POST")); setAuthenticationManager(authenticationManager); setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/home")); } Thanks in advance for any assistance
Solved
joneill
2 months ago Place Help
49Views
0likes
2Comments
Advanced CTF Challenge: Serial Maze
Need hint on Serial Maze. Have gone through html & javascript, couldn't find the token. Using dirb found one endpoint "http://10.102.17.87/2257", its response "What a pickle... You need the secret to continue." No sure how to proceed form here. Thanks, Sabil
Solved
sabil10
3 months ago Place Help
198Views
0likes
3Comments
AWS Systems Manager: Demonstrate Your Skills
Hi. I'm trying to complete the final lab in the AWS Systems Manager: Demonstrate your skills lab. I'm trying to create an IAM policy as requested, but it isn't being accepted. Here is the question: And here is my policy: { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetObjectVersion" ], "Resource": [ "arn:aws:s3:::arn:aws:s3:::aws-ssm-eu-west-1/*", "arn:aws:s3:::arn:aws:s3:::amazon-ssm-eu-west-1/*", "arn:aws:s3:::arn:aws:s3:::amazon-ssm-packages-eu-west-1/*", "arn:aws:s3:::arn:aws:s3:::aws-ssm-document-attachments-eu-west-1/*", "arn:aws:s3:::arn:aws:s3:::patch-baseline-snapshot-eu-west-1/*", "arn:aws:s3:::arn:aws:s3:::aws-quicksetup-patchpolicy-*/*", "arn:aws:s3:::arn:aws:s3:::metroliate-1c81a515/*" ] }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::arn:aws:s3:::metrolio-ssm-logs-74c21f24/*" }, { "Sid": "VisualEditor2", "Effect": "Allow", "Action": "s3:GetEncryptionConfiguration", "Resource": "arn:aws:s3:::arn:aws:s3:::metrolio-ssm-logs-74c21f24" } ] } Any help on what I'm doing wrong would be much appreciated.
Solved
jwp1
6 months ago Place Help
59Views
0likes
2Comments
MassMutual Node.js Developer - Basic Training
I am taking MassMutual Node.js Developer - Basic Training and no matter what I have tried for this module, it says not secure but all other methods in that class use what I added. Thanks
Solved
mm93131
7 months ago Place Help
59Views
1like
3Comments
Introduction to Elastic: Ep.9 - ES|QL
I’m stuck on question 18 i need this to complete the lab. The question says ‘Perform a final query using all of the techniques used in the previous questions. What is the average speed per hour for ALL trips that start in the borough of “Brooklyn” and end in the borough of “Manhattan”? Provide your answer to at least three decimal places. any ideas?
Solved
M_Waters-221
7 months ago Place Help
134Views
1like
1Comment
Weaponization: Payloads – Obfuscation Using PowerShell
For question 5 to 7 I have completed but I am not able to find the tokens.txt file. Any hint or guidance? how to get that or where to find? Q7: Save the result to a file named shell.txt in the /home/iml-user/Desktop/ directory. If you've done this correctly, a token will be added to token.txt
Solved
ViGo
7 months ago Place Help
70Views
0likes
1Comment