Aleyna
This website has an unauthenticated admin panel at /admin, but a front-end system has been configured to block external access to that path. However, the back-end application is built on a framework that supports the X-Original-URL header. To solve the lab, access the admin panel and delete the user carlos. Lab link. We try to access the /admin URL. …
Learn the basics of TShark and take your protocol and PCAP analysis skills a step further. Lab link. Task 2: Command-Line Packet Analysis Hints | TShark and Supplemental CLI Tools 2.2. View the details of the demo.pcapng file with “capinfos”.What is the “RIPEMD160” value? 6ef5f0c165a1db4a3cad3116b0c5bcc0cf6b9ab7 Task 3: TShark Fundamentals I | Main Parameters I 3.1. …
Discover the forensic artefacts present within iOS. Room Link Task 2: iOS Pairing 2.1. What is the name of a type of certificate that is used when an iPhone and a device pair together? Trust Certificate 2.2. What is the expiry timer on these certificates? 30 Days Task 3: Preserving Evidence 3.1. What is the …
Discover the inner workings of SSRF and explore multiple exploitation techniques. Room link. Task2: Anatomy of SSRF Attack 2.1. What is the average weighted impact for the SSRF vulnerability as per the OWASP Top 10? 6.72 Task 3: Types of SSRF – Basic If we change the URL to config, we can access the username, …
Lab link. This lab has an admin panel at /admin. It’s only accessible to logged-in users with a roleid of 2. Solve the lab by accessing the admin panel and using it to delete the user carlos. You can log in to your own account using the following credentials: wiener:peter We log in with the account information provided and try …
Lab link. This lab has an admin panel at /admin, which identifies administrators using a forgeable cookie. Solve the lab by accessing the admin panel and using it to delete the user carlos. You can log in to your own account using the following credentials: wiener:peter We log in to the account using the user credentials provided. If …
Lab link. This lab has an unprotected admin panel. It’s located at an unpredictable location, but the location is disclosed somewhere in the application. Solve the lab by accessing the admin panel, and using it to delete the user carlos. Look at the source code of the site, you can go with Ctrl+U. This JavaScript code …
Lab link. This lab has an unprotected admin panel. Solve the lab by deleting the user carlos. We visit the robots.txt file. This prevents the specified user agent (in this case all bots) from accessing the URL path /administrator-panel. In other words, the website does not want search engines to crawl the /administrator-panel directory. Try to …
CTF link. My potions would kill you, traveler. You cannot handle my potions. The app allows users to borrow gold, buy rotation, and pay back the borrowed gold. To get to Flag, we need to go through certain steps. Borrow gold using the /borrow URL: The user must borrow a certain amount of gold by …
CTF link. Sometimes you can exfiltrate data with more than just plain text. Can you figure out how the attacker smuggled out the flag on our network? If we examine HTTP requests, we notice the flag in the ASCII DUMP section. swampCTF{w3lc0m3_70_7h3_l4nd_0f_7h3_pc4p}