TLS Fundamentals: Ep.8 – Final Challenge
TLS Fundamentals: Ep.8 – Final Challenge the 15th question Connect to the localhost using the answer from the previous task as the port. What is the six character token value embedded in the ticket name? The hint is : Hint Look at the session ticket data. The token is a random six character string that is prefixed with "TOKEN=". the answer from the previous task as the port is 64321, but no token with prefix "TOKEN=" I doubt there is no correct answer, looking forward your feedback. iml-user@secure-ops-wireshark-with-nginx:~$ openssl s_client -connect localhost:64321 CONNECTED(00000003) Can't use SSL_get_servername depth=2 O = TLS Fundamentals, CN = TLS Fundamentals Root CA verify error:num=19:self-signed certificate in certificate chain verify return:1 depth=2 O = TLS Fundamentals, CN = TLS Fundamentals Root CA verify return:1 depth=1 O = TLS Fundamentals, CN = TLS Fundamentals Intermediate CA verify return:1 depth=0 CN = admin.immersive.local verify return:1 --- Certificate chain 0 s:CN = admin.immersive.local i:O = TLS Fundamentals, CN = TLS Fundamentals Intermediate CA a:PKEY: rsaEncryption, 2048 (bit); sigalg: ecdsa-with-SHA256 v:NotBefore: Dec 5 12:16:11 2025 GMT; NotAfter: Dec 6 12:16:11 2025 GMT 1 s:O = TLS Fundamentals, CN = TLS Fundamentals Intermediate CA i:O = TLS Fundamentals, CN = TLS Fundamentals Root CA a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA256 v:NotBefore: Dec 5 12:16:10 2025 GMT; NotAfter: Dec 3 12:16:10 2035 GMT 2 s:O = TLS Fundamentals, CN = TLS Fundamentals Root CA i:O = TLS Fundamentals, CN = TLS Fundamentals Root CA a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA256 v:NotBefore: Dec 5 12:16:09 2025 GMT; NotAfter: Dec 3 12:16:09 2035 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICwzCCAmqgAwIBAgIQMMvZLi8quT3QmIsn4NgfcDAKBggqhkjOPQQDAjBGMRkw FwYDVQQKExBUTFMgRnVuZGFtZW50YWxzMSkwJwYDVQQDEyBUTFMgRnVuZGFtZW50 YWxzIEludGVybWVkaWF0ZSBDQTAeFw0yNTEyMDUxMjE2MTFaFw0yNTEyMDYxMjE2 MTFaMCAxHjAcBgNVBAMTFWFkbWluLmltbWVyc2l2ZS5sb2NhbDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBANZ3bl6LliwxKY10jKAMcpBEb/GqrQJugR3+ sUD7JarTRNYKPG3rGuDbDabVytl8Oc8/VnTQuzulPyPeFSufsxki+3WgrFGBcK+5 mxoQrR7zAl0p4l+jzR6uSxnh5vSoMaPpnlIGqW6Ipw5SR5SGTyp4jSh/xwbxDY4U 8vKeIu1fvgAADRDrZ4XzUAlNGw6nTBdEj/TV03cbE7RDJwrsahi/w9pDi3vkeQCW ftD/ZMV7vLFrl5MkeFmKV2guI8+HBUXRt9fx6ilu5016Atzl5VMGDOOkufXNnZGq Sh3J2PCcR5uheFFllk9dkgwfqdNevqBgzL5VZUyxKzbv3tY/86ECAwEAAaOBlDCB kTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC MB0GA1UdDgQWBBRhm48B5yPrTvgjlo5f5bJPihOJ4TAfBgNVHSMEGDAWgBTVISkB T81TtwfzgFQI18fLxUMLIDAgBgNVHREEGTAXghVhZG1pbi5pbW1lcnNpdmUubG9j YWwwCgYIKoZIzj0EAwIDRwAwRAIgOf6y/oGxlmuKuLrGMzIjq+y2OgqVXThzXr2d x/CHgMICIFJhSxJSPeSIyobZKC0QmB+057ns1NI27oOMuR1fjax7 -----END CERTIFICATE----- subject=CN = admin.immersive.local issuer=O = TLS Fundamentals, CN = TLS Fundamentals Intermediate CA --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2219 bytes and written 373 bytes Verification error: self-signed certificate in certificate chain --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 19 (self-signed certificate in certificate chain) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: DF37EF25B8F57F8A61A64BE228EC58AC2B113B991479961CBDAFC029B9482892 Session-ID-ctx: Resumption PSK: E230CD3D18A2BB48A51A7C04EE16FDAF79EFBEEA3D8605B70FFC0DEB68098CF355060AF8DF360EACFBC480C5B3AFE462 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 4a ac bb b1 83 bd fc b7-ed 94 ea db b1 10 60 48 J.............`H 0010 - 82 38 28 98 95 e3 7b 18-6f e7 0c c8 54 ef 3d 1f .8(...{.o...T.=. 0020 - b9 2c aa b2 b2 57 d8 5e-4e aa e9 75 c0 68 7c ce .,...W.^N..u.h|. 0030 - 00 c6 85 ae 2c 96 26 44-54 88 a1 d1 b0 58 a9 d3 ....,.&DT....X.. 0040 - 88 1c 2a d8 85 a3 f1 a2-09 a8 33 9e 1f b1 db af ..*.......3..... 0050 - 84 f9 92 b3 78 2c 17 7e-11 87 12 1c 49 81 e1 2d ....x,.~....I..- 0060 - 08 79 00 e8 9d bf 7e fb-10 41 ec 93 c1 5e 30 a4 .y....~..A...^0. 0070 - 61 92 2a 79 a2 09 2d 66-97 f8 d9 fa bb b3 c8 a2 a.*y..-f........ 0080 - d3 e3 ab bd 45 36 68 00-11 98 0e 68 ea 1e 52 ee ....E6h....h..R. 0090 - 08 7b 2b aa 80 42 31 b0-ec 9b 51 ae b1 ca cf ee .{+..B1...Q..... 00a0 - d8 bd c5 31 dd b9 22 c3-8a 0b 76 c3 a6 ca 50 e2 ...1.."...v...P. 00b0 - 2a 85 f8 9e 68 0b 13 cb-bf 92 c7 0e 4f ad 49 ab *...h.......O.I. 00c0 - c5 57 20 55 c5 47 6a b1-34 f1 1d 19 c3 5f 6f dd .W U.Gj.4...._o. 00d0 - c8 38 01 7c 62 11 74 ef-f1 17 15 6d a7 7a 7c d5 .8.|b.t....m.z|. Start Time: 1764942947 Timeout : 7200 (sec) Verify return code: 19 (self-signed certificate in certificate chain) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 6D76BD7F89AB457ACE03494B528103EF5A71D03E1434867610C4751172D68E4A Session-ID-ctx: Resumption PSK: 0CDCF4F49EB91C1A74B76442B31D70C8976BD6EA6ECD52B47BC84A10EE151BD8EFA32134A678784FB138B0AAB2F4DB21 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 4a ac bb b1 83 bd fc b7-ed 94 ea db b1 10 60 48 J.............`H 0010 - c6 a4 ef 5d c9 62 7a 08-15 66 b9 8c 24 1e f3 17 ...].bz..f..$... 0020 - b1 1f 84 10 60 b0 fb c7-2b 03 1d 79 2e 97 ca 52 ....`...+..y...R 0030 - 14 5c d8 aa 8b 3a ae 37-93 c0 73 dd c5 b7 7f f0 .\...:.7..s..... 0040 - 2a 1f 6a 14 25 8b d3 ed-3c 60 33 fb 11 64 05 26 *.j.%...<`3..d.& 0050 - b3 9f 9c 8f 64 23 ca b5-5a 13 c5 d2 22 5f 92 b6 ....d#..Z..."_.. 0060 - fd 40 9e b4 f0 5e 42 40-79 d5 18 c6 ba 6a 0e fe .@...^B@y....j.. 0070 - 7b 38 c5 9b 87 e9 b1 1b-e8 5d 98 7c a4 51 a6 9c {8.......].|.Q.. 0080 - d5 4a 75 40 22 b6 62 4f-00 b2 54 30 a1 3f 8d b8 .Ju@".bO..T0.?.. 0090 - 07 c2 6b 67 64 d2 c3 2d-e1 d1 ae 70 e3 0d 2b 54 ..kgd..-...p..+T 00a0 - f2 5f 4c 96 25 2c 77 43-1d a4 e8 67 0b 1e d0 10 ._L.%,wC...g.... 00b0 - 9f 40 cb 85 52 01 47 9d-07 0d c7 3c 7d 13 64 2f .@..R.G....<}.d/ 00c0 - ee 13 36 6e 7c 0b d7 16-d0 e6 94 ef f8 99 9e 16 ..6n|........... 00d0 - 95 c3 21 8a 3c af f4 4b-09 2d 14 a0 3d 22 58 db ..!.<..K.-..="X. Start Time: 1764942947 Timeout : 7200 (sec) Verify return code: 19 (self-signed certificate in certificate chain) Extended master secret: no Max Early Data: 0 --- read R BLOCK
IoT & Embedded Devices: Certificate Underpinning
I am also stuck on Step 5 and having trouble with the trigger. I have self-signed certs, an HTTP server listening on 443 (bound to 0.0.0.0) as well as a sniffer for anything coming from the target. I have tried to trigger the target to connect using: for i in {1..5}; do echo '{"Update":"1","ClientId":"AXG1337VFXL","Server Ip":"<KALI_IP>"}' | nc -u <TARGET_IP> 8080; sleep 2; done Can anyone point me in the right direction?
PowerShell Deobfuscation: Ep.10
I’ve been struggling with this script and I reached the point of VyN and key, but when I try to run it, I get an error as if the VyN function was not defined. But I don’t know how to define it Can anyone guide me on how to skip over this or how to solve this in CyberChef ?
CVE-2022-26134 (Confluence) – OGNL Injection
For Question 6. Look at the first exploit attempt by this attacker. What command did they run? I am wondering about why when sharing the commands found in the logs, it still outputs wrong. even if typing in "X-Cmd-Response" as the command as well as the entire string found. Wondering if they are exepecting a different format/snippet of the code, or the GET requests instead?Hack Your First Web App: Ep.6 – Demonstrate Your Skills Q10
Hello, I need a hint to solve the question 10 for the "Hack Your First Web App: Ep.6 – Demonstrate Your Skills" I`m already loggedin to the dashboard and i`m also able to store a onmouseover XSS. However i can get the document.cookie which shows only the TrackingID. But how to find the token?Terrapoint (Hats off, Immersive Labs)
Small clues about the labs I consider most important, after solving all of them: Norway and Rwanda; but this is just the beginning of your journey :). Because for the others in the collection, I want to think that you are capable of looking up a phone number: right? ;). The most evil labs, Norwegians and Rwandans ones (in my opinion): In both cases, you must make the most of every pixel in the image provided: such as signs, symbols, and landmarks; once you have done so, try to find out where you really are!. And that's how I won them over: study where that road begins and ends... and simply let yourself be carried away by it, kilometer by kilometer. Tip: don't trust primary sources, they are wrong!: for example, on the main roads of that African country.
Kate's Story - Ep.1
Hi, I am currently completing chapter one of Kate's Story (Gathering Intelligence Episode 1) but I've been having trouble with using the Wayback Machine and its integration with X. It might just be me being stupid, but I don't know how to answer this question without seeing what the tweet is - and obviously as you can see, I tried the the date of when the capture was taken as a last-ditch attempt but obviously didn't work lmao. Please let me know if I'm missing something or if this is something I might need to raise a support ticket about. Thanks! :)
