CVE-2024-0012 and CVE-2024-9474 (Palo Alto PAN-OS) – Offensive Question
Hi, I am stuck on number 8 in this lab which is: What is the value you find in /root/token.txt? I am having trouble trying to determine what vulnerability to exploit in order to obtain this token. Can you please provide assistance to me regarding this step? Regards, RockySuperSonic: Ep.7 – LIFTON
Hi there, Has anyone completed SuperSonic: Ep.7 – LIFTON recently? I have answered all the questions up to question 10. I believe I need to obtain files from the ftp server, however, when trying to login with the credentials from questions 7 and 8 I get failed authentication. I wanted to confirm if this is a me issue, or there is an issue with the FTP server itself? Any help would be greatly appreciated :)GuardDuty: Demonstrate Your Skills
Has anyone had any issues with the GuardDuty lab. GuardDuty: Demonstrate Your Skills - Labs - Immersive In task no.4 It asked you: In order to encrypt findings being exported to S3, GuardDuty requires a KMS key The KMS key policy must give the required permissions to the GuardDuty service principal. I have amended the policy as followed. "Version": "2012-10-17", "Statement": [ { "Sid": "Allow GuardDutytoencryptfindings", "Effect": "Allow", "Principal": { "Service": "guardduty.amazonaws.com" }, "Action": [ "kms:GenerateDataKey", ], "Resource": "*" The lab isn't progressing past this. Am I doing something wrong or is it a bug in the lab. Any help is appreciated, Thanks I
Foundational Static Analysis: API Analysis step 10
Step 10 of this lab says to go to the command line and run xelfviewer. In my virtual machine, that is not found. I see a directory for the building of it, but I don't find the binary anywhere to be able to execute it, and I don't have permissions to be able to do the build. Anyone have any suggestions about that?Snort Rules: Ep.9 – Exploit Kits
I am pulling my hair with question number 8 Create a Snort rule to detect the third GET request in the second PCAP file, then submit the token. This one should do it but it is not working. alert tcp any any -> any any (msg:"detect the third GET request"; content:"e31e6edb08bf0ae9fbb32210b24540b6fl"; sid:1000001) I tried so many rules base on the first GET header and still unable to get the token. Any tips?
CSP Hash Incorrect Despite Correct Script and Hash (CSP Lab Issue?)
Hello all! I'm working on Introduction to Content Security Policy (CSP) Lab: Content Security Policy: Hashes exercise that requires generating the correct hash for an inline script like: <script>document.body.style.backgroundColor = "#ADDADE";</script> I’ve used both CyberChef and the SHA-256 JavaScript snippet to generate hashes like: sha256-+BWzTX+GJrse8ifajvHg6QFPdmE+JjXYmrYBn+kLITo= sha256-Msn/9dD1zBN7LGZyQyglKL9JMVyCsVqvZ7MAkmm/BpU= I've accounted for trailing newlines and whitespaces (CRLF, LF), used View Source (not dev tools), and verified that I'm hashing the exact script content. However, the lab continues to mark the answer as “incorrect.” Is this likely a glitch in the lab setup, or is there a common mistake I might be overlooking? Would appreciate any help or confirmation from someone who’s completed this lab or run into a similar problem
Threat Research: Dependency Confusion Lab
Hello Community, I am almost finished Threat Research: Dependency Confusion Lab, but I am stuck with the last question "What is the token found in /root/token.txt on the target server?". I have followed all instructions, setup listener, up to python reverse shell (setup.py) but at the end, I don't know how to access token.txt file. Any help would be appreciated. Below are the screenshots from terminal listener and terminal where all commands are executed. Thanks so much Octavio
