Want to design a CTF lab to share? 🤩🖥️
For this year's Community Challenge Series of labs, we want to see what you can make! Our Lab Builder allows users to build custom labs with the help of ai tooling. We'll give some guidance on creating the lab, then you build it, we assess it and add it to the Challenge Series 2026. If you're interested, drop a comment below or email community@immersivelabs.com 💡👇 Here are tutorials on how to build your first practical lab: Building Your First Practical Lab (Part 1) | Immersive Community - 2505 Building Your First Practical Lab (Part 2) | Immersive Community - 2506
Powershell Deobsfuscation Ep.7
I was working on this and got stuck with Ep.7. Appreciate if anyone can assist with this Powershell de-obfuscation. Step 1: I removed the splits accordingly and converted from hexadecimal Step 2: Next, there was another set of splits to perform and ascii conversion. Ended up with the small snip of string at the bottom with a lot of (spaces and tabs) at the beginning. Basically empty spaces before coming to this short scripts. I am not sure on how to move from here. Anyone can assist with this pls?
Radare2 Reverse Engineering: Ep.2 – Windows Binary Part 2; Final Question
I have managed to find the answer to Questions 1-4 of this lab, however I can't seem to identify the answer to the final question (Question 5 - What is the token?). I have run the binary and I get the “You have not met the requirements” message. I understand that there is an some type of execution error within the binary that I must correct for it to work properly however I have not been able to locate the error in order to analyze it and attempt to correct it. Any insight or guidance on what I'm missing / doing incorrectly would be greatly appreciated. Thanks in advance. I am not getting a prompt to provide the password. I am not seeing the prompt to use the calculator to find the answer to the calculation that is presented. I can see that there is a reference to a token.txt file but I can’t seem to get access to the file to determine what the token value is.
NHS Offensive Cyber Range: Armsdon Hospital
Hi all, Just wanted some advice on this as I am stuck. I managed to get into the intranet using SQL injection/union and extract all the usernames and passwords. I am not sure if I am on the wrong path or doing things in the wrong order for the next part. The FTP server seems to only be active on RDP. The DC has no samba vulnerabilities. So... I assume I try to use the credentials from the intranet to RDP to the DC/FTP (then after this elevate access using other techniques) but so far that has failed for the Armsdon users I have tried their users/passwords (from the intranet). Any tips welcome!
CVE-2022-26134 (Confluence) – OGNL Injection
For Question 6. Look at the first exploit attempt by this attacker. What command did they run? I am wondering about why when sharing the commands found in the logs, it still outputs wrong. even if typing in "X-Cmd-Response" as the command as well as the entire string found. Wondering if they are exepecting a different format/snippet of the code, or the GET requests instead?Your first lab level 9
What was the first level 9 lab you conquered? :). It does not matter that you will seek advice from other giants, or that you will manage to complete it on your own: share your journey with us!; to get the token or become root on that server. I start: I think that my first conquest of Lab level 9 is related to debugging ByteCode in Java (and only a few days ago!): my background is Oracle, and from years ago, so imagine how lost I was :). After loading the project into the IDE (along with the required plugin) I started debugging bit by bit... until one particular string caught my attention; it stood out from the rest!. And it was the solution :). Good luck!
CVE-2021-25281 (SaltStack) – Offensive
I've tried every way I can think of to use the python script for this lab. Here's and example using the state option: I've also tried creating a python script to try to write to the /var/cache/salt/master/extmods/ directory, and tried creating the ssh key and uploading the public key with the ssh option. I've thrown some print commands in to see what is being passed in the requests. All end up with the Traceback similar to above. Is there something I'm missing in the syntax?
