questions & feedback
36 TopicsPwntools: Ep. 2 Token
I've completed the coding for the lab, but the system seems to think the token I am entering is wrong. I've tried resetting the machine in case it is out of sync since a new token is generated each time the code is run, but that didn't fix it. Can someone help?10Views0likes1Commenthelp with A Christmas Catastrophe: A Letter to Santa
I am in the scalation privileges part. Tried to create a symlink to /root/root.txt and to /root in /etc/letters/ waiting cron /etc/chmod.sh takes ownership with chmod 666 instruction and then extract token, but doesn't work Any help? Is there something missing?18Views0likes1CommentIncident Response Suspicious Email Part 2 last Question
Hello I am getting slowly crazy here. The last question of Suspicious Email Part 2 asks to find the FQDN of the threat actor within the output that in the previous questions we had to deobfuscate after unpacking the vbaProject.bin using Oletools and / or a script. I created a script to convert Decimal to ASCII and the Hash in the end was matching and I solved the 2nd to last question. However afterwards it says the FQDN should be in the file I just created. This is not the case. I checked the file with strings and even read the whole file line by line to find any FQDN. The only sites in there are apache and zeustech which are only in there because ApacheBench got used in the Malware. There is no trace of any further FQDN. So I'm effectively stuck there because I can't find any worthwhile Info. Does anyone have any Idea? Or is this Lab just broken? I redid the whole Lab from scratch 2 times already. Both times I wrote a new Script aswell and everytime the Hash is correct but there is no FQDN to be found anywhere in there.9Views0likes1CommentHalloween Labs - ideas, suggestions, wants π»ππ¦
What would you want to see from future Halloween labs? Did you really enjoy a particular aspect of previous years? Any technologies, themes, rewards you want to see? Want more Community content - webinars, events, media within the labs? π»ππ¦141Views3likes6CommentsModern Encryption: Demonstrate Your Skills
Hi there, I have completed all questions except for Q.10 which involves the decryption of an RSA-encrypted file. To the best of my knowledge, a private key is required to decrypt this asymmetrically encrypted file, but I only see a public "public.pem" key in the "~/Desktop/Lab-Files" directory. Am I missing something? I have completed all the other questions so I believe all necessary files/tokens should have already been generated. Any help would be much appreciated. Many thanks, Pete163Views3likes5CommentsTake part in Immersive research: AI Chatbot in labs
π’ We would love to hear your opinions on a new AI Chatbot concept within our labs. Can you spare an hour to come along to a research call? During the call, you will be asked to undertake a lab on our test environment, using the AI chatbot to assist. We will then ask for feedback on your experience. You will need to attend the call on a laptop or desktop (no tablets or phones) and be able to share your screen throughout. The session will be recorded and will take place using Google Meet. Upon completion of the session, you will receive a Β£50 eGift card (or local currency equivalent). Sessions are taking place August 12-14th. ποΈ Sign up at a time that is convenient for you, using this booking form..63Views3likes4CommentsIncident Response: P2 - stuck on Q11
I successfully completed the previous question, but Iβm currently encountering difficulties with Question 11: βWhat are the last 6 characters of the MD5 checksum of the malware executable?β Iβve identified and extracted the malware executable and the associated IOCs; however, none of the MD5 hashes Iβve generated appear to match the expected result. Upon reviewing the instructions, I revisited the step: βUsing a Python script or a manual deobfuscation method, get the binary from the VBA script.β I suspect this is where my process may be breaking down β specifically in extracting the correct binary from the VBA script. Could one of the instructors kindly provide guidance or clarification on where I might be going wrong?143Views2likes2CommentsCSP Hash Incorrect Despite Correct Script and Hash (CSP Lab Issue?)
Hello all! I'm working on Introduction to Content Security Policy (CSP) Lab: Content Security Policy: Hashes exercise that requires generating the correct hash for an inline script like: <script>document.body.style.backgroundColor = "#ADDADE";</script> Iβve used both CyberChef and the SHA-256 JavaScript snippet to generate hashes like: sha256-+BWzTX+GJrse8ifajvHg6QFPdmE+JjXYmrYBn+kLITo= sha256-Msn/9dD1zBN7LGZyQyglKL9JMVyCsVqvZ7MAkmm/BpU= I've accounted for trailing newlines and whitespaces (CRLF, LF), used View Source (not dev tools), and verified that I'm hashing the exact script content. However, the lab continues to mark the answer as βincorrect.β Is this likely a glitch in the lab setup, or is there a common mistake I might be overlooking? Would appreciate any help or confirmation from someone whoβs completed this lab or run into a similar problem68Views1like1CommentSnort Rules: Ep.7 β Lokibot Infection Traffic
I need help with the last question please. I tried so many rules and I am still getting it wrong 13-Create a Snort rule to detect this User-Agent string in the HTTP header for connections using port 49167, then submit the token. Tried this one which to me it should be able to work. alert tcp any any -> any 49167 (msg:"User-Agent match"; content:"Mozilla/4.08 (Charon; Inferno)"; sid:5000031;) alert tcp any any -> any 49167 (msg:"User-Agent Mozilla/4.08 (Charon; Inferno) detected"; content:"User-Agent: Mozilla/4.08 (Charon; Inferno)"; http_header; sid:5000020;)Solved52Views0likes2Comments