Weaponization: Payloads – Obfuscation Using PowerShell
For question 5 to 7 I have completed but I am not able to find the tokens.txt file. Any hint or guidance? how to get that or where to find? Q7: Save the result to a file named shell.txt in the /home/iml-user/Desktop/ directory. If you've done this correctly, a token will be added to token.txt
Powershell Deobsfuscation Ep.7
I was working on this and got stuck with Ep.7. Appreciate if anyone can assist with this Powershell de-obfuscation. Step 1: I removed the splits accordingly and converted from hexadecimal Step 2: Next, there was another set of splits to perform and ascii conversion. Ended up with the small snip of string at the bottom with a lot of (spaces and tabs) at the beginning. Basically empty spaces before coming to this short scripts. I am not sure on how to move from here. Anyone can assist with this pls?Pen Test CTFs: Jinja2 Exploitation
Good morning Team, This one has my head spinning and i feel like im tickling the method but not quite pulling it off. "Jinja2 is a templating engine for Python. It's often used with Flask web applications all over the internet. Templating engines are often vulnerable to Server-Side Template Injection (SSTI), which allows an attacker to inject a template directive as user input that could result in the execution of arbitrary code on the server. This system has a template injection vulnerability in the registration flow. If you try to create an account with a duplicate email address, the email address is passed into the template rendering engine. This email address can contain template syntax, allowing arbitrary code execution. To make things more complicated, the injected value can't be longer than a certain length and must match the expected format of an email address." I have to read the file within /data/token.txt but the strict syntax is keeping at bay. Could anyone offer some direction for this, please.
Anyone finished the "Etherium Smart Contracts"?
Need help on three labs on the Ethereum smart contracts. I managed to do some but stuck on 3 of them so far: Ethereum: Contract Challenge 2 – Sisyphean Brute force the hash? Ethereum: Contract Challenge 4 – Random Can't get my code to work for prediciting the numbers... Ethereum: Contract Challenge 5 – Robin Hood Absolutely no idea.... Any help would be appreciated :)Your first lab level 9
What was the first level 9 lab you conquered? :). It does not matter that you will seek advice from other giants, or that you will manage to complete it on your own: share your journey with us!; to get the token or become root on that server. I start: I think that my first conquest of Lab level 9 is related to debugging ByteCode in Java (and only a few days ago!): my background is Oracle, and from years ago, so imagine how lost I was :). After loading the project into the IDE (along with the required plugin) I started debugging bit by bit... until one particular string caught my attention; it stood out from the rest!. And it was the solution :). Good luck!💻🔐 Study Group Vote Revealed! Get Involved! 💻🔐
The Votes are In! For the second week running, you've chosen an Offensive lab for Study Group. What are we studying? This week, we've selected Tuoni 101: Ep.2 – Listeners where you'll explore the Tuoni framework often used in red teaming and penetration testing, configure and launch two different Tuoni listeners and identify and stop a listener. How can I get involved? Dive into the lab: Get started on the lab and challenge yourself to complete it by the end of the week. Join the discussion: Don’t forget to share your experiences, ask questions, and drop any tips or tricks you’ve picked up along the way in this forum discussion. Support each other: This is all about collaboration—whether you’re struggling with a concept or want to share an "aha" moment, jump into the conversation! Remember, we’ll re-vote on Friday for next week’s lab, so stay engaged and help shape where this study group goes. Let’s learn together and level up our skills! Every community member who has access to an Immersive license is welcome to join this study group.💻🔐 Study Group Announcement - Offensive Cybersecurity Lab Chosen! 💻🔐
You may have heard that we're launching a Study Group within the community. And for the first time, the votes are in, and we’re diving into Offensive Cybersecurity for our very first Study Group 🖥️💥 This week, we’ll be exploring hands-on tactics in offensive cybersecurity in a safe, controlled environment, and the chosen lab is Hack Your First Web App: Ep.1 – Ozone Energy How to get involved: Dive into the lab: Get started on the lab and challenge yourself to complete it by the end of the week. Join the discussion: Don’t forget to share your experiences, ask questions, and drop any tips or tricks you’ve picked up along the way in this forum discussion. Support each other: This is all about collaboration—whether you’re struggling with a concept or want to share an "aha" moment, jump into the conversation! Remember, we’ll re-vote on Friday for next week’s lab, so stay engaged and help shape where this study group goes. Let’s learn together and level up our skills! Every community member who has access to an Immersive license is welcome to join this study group. Happy hacking! 🔓💻
