Weaponization: Payloads – Obfuscation Using PowerShell
For question 5 to 7 I have completed but I am not able to find the tokens.txt file. Any hint or guidance? how to get that or where to find? Q7: Save the result to a file named shell.txt in the /home/iml-user/Desktop/ directory. If you've done this correctly, a token will be added to token.txt12Views0likes1CommentPowershell Deobsfuscation Ep.7
I was working on this and got stuck with Ep.7. Appreciate if anyone can assist with this Powershell de-obfuscation. Step 1: I removed the splits accordingly and converted from hexadecimal Step 2: Next, there was another set of splits to perform and ascii conversion. Ended up with the small snip of string at the bottom with a lot of (spaces and tabs) at the beginning. Basically empty spaces before coming to this short scripts. I am not sure on how to move from here. Anyone can assist with this pls?53Views2likes2CommentsPen Test CTFs: Jinja2 Exploitation
Good morning Team, This one has my head spinning and i feel like im tickling the method but not quite pulling it off. "Jinja2 is a templating engine for Python. It's often used with Flask web applications all over the internet. Templating engines are often vulnerable to Server-Side Template Injection (SSTI), which allows an attacker to inject a template directive as user input that could result in the execution of arbitrary code on the server. This system has a template injection vulnerability in the registration flow. If you try to create an account with a duplicate email address, the email address is passed into the template rendering engine. This email address can contain template syntax, allowing arbitrary code execution. To make things more complicated, the injected value can't be longer than a certain length and must match the expected format of an email address." I have to read the file within /data/token.txt but the strict syntax is keeping at bay. Could anyone offer some direction for this, please.37Views1like3CommentsPen Test CTFs: Immersive Code Q4
Fellow Cyber Enthusiasts, Im having a slight issue with the CTF Immersive code Question 4 - The fourth token can be found once you've obtained RCE on the target server. What's the fourth token? Without giving the game away, I have; 1. Gained access using the creds left in credentials.txt. 2. Used a similar method to read the README file after using cyberchef. 3. Accessed the Werkzeug app for token 3. Q1s vulnerable **.php was useful for Q1 & Q2. but doesnt help me get RCE. I have another r_s.php i also think could be vulnerable but i dont get anything visible back. I have bypassed the session check with the correct one pulled from the function. What could i be missing. Not after the correct answer as i know its a CTF but a steer would be appreciated. Cyber Sharpe S&BSolved14Views0likes1CommentAnyone finished the "Etherium Smart Contracts"?
Need help on three labs on the Ethereum smart contracts. I managed to do some but stuck on 3 of them so far: Ethereum: Contract Challenge 2 – Sisyphean Brute force the hash? Ethereum: Contract Challenge 4 – Random Can't get my code to work for prediciting the numbers... Ethereum: Contract Challenge 5 – Robin Hood Absolutely no idea.... Any help would be appreciated :)140Views2likes11CommentsYour first lab level 9
What was the first level 9 lab you conquered? :). It does not matter that you will seek advice from other giants, or that you will manage to complete it on your own: share your journey with us!; to get the token or become root on that server. I start: I think that my first conquest of Lab level 9 is related to debugging ByteCode in Java (and only a few days ago!): my background is Oracle, and from years ago, so imagine how lost I was :). After loading the project into the IDE (along with the required plugin) I started debugging bit by bit... until one particular string caught my attention; it stood out from the rest!. And it was the solution :). Good luck!127Views1like6Comments💻🔐 Study Group Vote Revealed! Get Involved! 💻🔐
The Votes are In! For the second week running, you've chosen an Offensive lab for Study Group. What are we studying? This week, we've selected Tuoni 101: Ep.2 – Listeners where you'll explore the Tuoni framework often used in red teaming and penetration testing, configure and launch two different Tuoni listeners and identify and stop a listener. How can I get involved? Dive into the lab: Get started on the lab and challenge yourself to complete it by the end of the week. Join the discussion: Don’t forget to share your experiences, ask questions, and drop any tips or tricks you’ve picked up along the way in this forum discussion. Support each other: This is all about collaboration—whether you’re struggling with a concept or want to share an "aha" moment, jump into the conversation! Remember, we’ll re-vote on Friday for next week’s lab, so stay engaged and help shape where this study group goes. Let’s learn together and level up our skills! Every community member who has access to an Immersive license is welcome to join this study group.80Views2likes5Comments💻🔐 Study Group Announcement - Offensive Cybersecurity Lab Chosen! 💻🔐
You may have heard that we're launching a Study Group within the community. And for the first time, the votes are in, and we’re diving into Offensive Cybersecurity for our very first Study Group 🖥️💥 This week, we’ll be exploring hands-on tactics in offensive cybersecurity in a safe, controlled environment, and the chosen lab is Hack Your First Web App: Ep.1 – Ozone Energy How to get involved: Dive into the lab: Get started on the lab and challenge yourself to complete it by the end of the week. Join the discussion: Don’t forget to share your experiences, ask questions, and drop any tips or tricks you’ve picked up along the way in this forum discussion. Support each other: This is all about collaboration—whether you’re struggling with a concept or want to share an "aha" moment, jump into the conversation! Remember, we’ll re-vote on Friday for next week’s lab, so stay engaged and help shape where this study group goes. Let’s learn together and level up our skills! Every community member who has access to an Immersive license is welcome to join this study group. Happy hacking! 🔓💻228Views3likes9Comments