Aleyna
This lab contains an access control vulnerability where sensitive information is leaked in the body of a redirect response. To solve the lab, obtain the API key for the user carlos and submit it as the solution. You can log in to your own account using the following credentials: wiener:peter Lab link. We log in with the given user login …
This lab has a horizontal privilege escalation vulnerability on the user account page, but identifies users with GUIDs. To solve the lab, find the GUID for carlos, then submit his API key as the solution. You can log in to your own account using the following credentials: wiener:peter Lab link. Login with the given username and password. …
This lab has a horizontal privilege escalation vulnerability on the user account page. To solve the lab, obtain the API key for the user carlos and submit it as the solution. You can log in to your own account using the following credentials: wiener:peter Lab link. We log in to the system with the login information provided. /my-account?id=wiener …
This lab implements access controls based partly on the HTTP method of requests. You can familiarize yourself with the admin panel by logging in using the credentials administrator:admin. To solve the lab, log in using the credentials wiener:peter and exploit the flawed access controls to promote yourself to become an administrator. Lab link. We log in as admin and examine …
Take your TShark skills to the next level by implementing Wireshark functionalities in the CLI. Lab link. Task 2: Command-Line Wireshark Features I | Statistics I 2.1. Use the “write-demo.pcap” to answer the questions.What is the byte value of the TCP protocol? 62 2.2. In which packet lengths row is our packet listed? 40-79 2.3. What …
This website has an unauthenticated admin panel at /admin, but a front-end system has been configured to block external access to that path. However, the back-end application is built on a framework that supports the X-Original-URL header. To solve the lab, access the admin panel and delete the user carlos. Lab link. We try to access the /admin URL. …
Learn the basics of TShark and take your protocol and PCAP analysis skills a step further. Lab link. Task 2: Command-Line Packet Analysis Hints | TShark and Supplemental CLI Tools 2.2. View the details of the demo.pcapng file with “capinfos”.What is the “RIPEMD160” value? 6ef5f0c165a1db4a3cad3116b0c5bcc0cf6b9ab7 Task 3: TShark Fundamentals I | Main Parameters I 3.1. …
Discover the forensic artefacts present within iOS. Room Link Task 2: iOS Pairing 2.1. What is the name of a type of certificate that is used when an iPhone and a device pair together? Trust Certificate 2.2. What is the expiry timer on these certificates? 30 Days Task 3: Preserving Evidence 3.1. What is the …
Discover the inner workings of SSRF and explore multiple exploitation techniques. Room link. Task2: Anatomy of SSRF Attack 2.1. What is the average weighted impact for the SSRF vulnerability as per the OWASP Top 10? 6.72 Task 3: Types of SSRF – Basic If we change the URL to config, we can access the username, …
Lab link. This lab has an admin panel at /admin. It’s only accessible to logged-in users with a roleid of 2. Solve the lab by accessing the admin panel and using it to delete the user carlos. You can log in to your own account using the following credentials: wiener:peter We log in with the account information provided and try …