Custom Lab creation AWS EC2 image issue
Hi, I am trying to create a custom lab in AWS EC2 Ubuntu but our works AWS account blocks the security group for inbound rules for SSH 22 and RDP 3389, so get to the point were I can save the EC2 image to an AMI for the lab. The other option for connecting to the lab is to use Web http port 80. Are the any helpful custom lab guides for helping set up an AWS EC2 with a web app? I was thinking a browser as the web app would be OK as the lab would involve looking at static web pages. TIA Rob
ICS Malware: Triton - unpack trilog.exe
Hi. I get the following error when trying to unpack trilog.exe by: iml-user@ics-malware-triton:~/Desktop/Lab-Files/python_exe_unpacker$ python3 python_exe_unpack.py /Desktop/Lab-Files/trilog.exe Traceback (most recent call last): File "python_exe_unpack.py", line 14, in <module> import pefile ModuleNotFoundError: No module named 'pefile' Thanks.
Modern Encryption: Demonstrate Your Skills
Hi there, I have completed all questions except for Q.10 which involves the decryption of an RSA-encrypted file. To the best of my knowledge, a private key is required to decrypt this asymmetrically encrypted file, but I only see a public "public.pem" key in the "~/Desktop/Lab-Files" directory. Am I missing something? I have completed all the other questions so I believe all necessary files/tokens should have already been generated. Any help would be much appreciated. Many thanks, Pete
Web App Hacking (Lab series): CVE-2022-2143 (iView2)
Hello all, I have spent way to long trying to complete the iView2 exploit. I was expecting a text box on the page for command entry, but I cannot get anything like that. I have been able to send a post request to the NetworkServlet page using the provided exploit string and I know that the test.jsp is created because I can use the query parameter ?cmd=whoami and I get the mysqldump output showing "nt authority \system". I cannot get any other query parameters to execute, even simple ls or dir commands. I found y4er's blog post and everything I see in terms of the syntax of the exploit appears to be identical to the lab. Any directions/suggestions/hints would be greatly appreciated! Thanks in advance. JThreat Research: Dependency Confusion Lab
Hello Community, I am almost finished Threat Research: Dependency Confusion Lab, but I am stuck with the last question "What is the token found in /root/token.txt on the target server?". I have followed all instructions, setup listener, up to python reverse shell (setup.py) but at the end, I don't know how to access token.txt file. Any help would be appreciated. Below are the screenshots from terminal listener and terminal where all commands are executed. Thanks so much OctavioWeb App Hacking (Lab series): CVE-2022-42889 (Text4Shell) – Offensive
Hey all, Anyone have any luck with CVE-2022-42889 (Text4Shell) – Offensive? The first few questions were easy enough, but I have spent hours on the last one trying to get the token. On the attacker server, I can setup the listener, I don't believe my problem is there. I have tried many variations of URL encoding and various nc commands in the payload including ones similar to the blog post. If any one has any suggestions I would love to hear them! Thanks. JWindows Sysinternals: ProcDump
What exception is reported by ProcDump when monitoring the execution of ExceptionCatcher.exe? I´ve started "cmd" as administrator but I get the following message. No clue how to launch procdump and how to see the exception. I´ve tried with: procdump.exe -e 1 c:\Users\IMLUser\Desktop\ExceptionCatcher.exe exception.dmp procdump.exe -ma c:\Users\IMLUser\Desktop\ExceptionCatcher.exe exception.dmp Thanks in advanceS3: Demonstrate Your Skills
I have completed all 10 questions except question 6. 6. Access control Create an access point (AP) called metrolio-dev-ap attached to the metrolio-data-467e6352 bucket. This should allow developers working in the dev vpc vpc-08333ea4fc7562479 using the role arn:aws:iam::447645673093:role/metrolio-developer to list and get all objects in the bucket. Ensure you follow best practices of blocking public access. NOTE: AWS often faces internal errors – we believe these to be race conditions – when applying policies to new access points. You may need to re-apply the policy to the AP. I have re-applied the Access Point policy several times but still is not detected. I’m not sure if it is my Access Point policy or the AWS Immersivelabs that is at fault. Any help would be greatly appreciated. This is my Access Point Policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::447645673093:role/metrolio-developer" }, "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:eu-west-1:447645673093:accesspoint/metrolio-dev-ap/object/*", "arn:aws:s3:eu-west-1:447645673093:accesspoint/metrolio-dev-ap" ], "Condition": { "StringEquals": { "aws:SourceVpc": "vpc-08333ea4fc7562479" } } } ] } I tried to replicate similar permissions on bucket policy only to be denied by restrictive permission. NOTE: Account ID, Bucket names and few other identifiers do not match between screenshot 1-2 and screenshot 3. The screenshot 3 is from different attempt.
