Start interactive tutorial

← Back to Projects

Customer Service - Broken access control and Password Cracking

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

  • read-team

  • apache

  • web

  • md5

  • linux

  • cybersecurity

  • broken-access-control

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

🌱 How to Start This Lab

A hosting, domain, and VPS service company has published a web application with supposedly secure measures. However, there are signs that some sections of the system may be improperly exposed and could contain sensitive credentials.

Your mission is to identify whether there are uncontrolled entry points, analyze potential access flaws, and determine if it's possible to simulate the behavior of legitimate users based on the exposed information.

🌱 How to Start This Lab

Follow these instructions to get started:

  1. Download the virtual machine from this link:
We are sorry, you don't have enough privileges to access this block of content, please signup or upgrade your plan to access it.
1 https://storage.googleapis.com/cybersecurity-machines/customer-service-lab.ova
  1. Import the machine into your preferred virtualization software (VirtualBox, VMware, etc.).
  2. Start the VM and begin the challenge.

While the approach is up to you, you may consider using the following tools during your investigation:

  • Nmap – for host and service discovery
  • Gobuster, Dirb, or FFUF – for exploring hidden directories and paths
  • John the Ripper, Hashcat – for analyzing and cracking password hashes
  • Burp Suite, cURL, or your browser – to simulate requests or perform login attempts
  • CyberChef – for quick manipulation of text and hashes

Remember: systems do not always fail due to complex issues. Sometimes, it is enough to bypass a basic access control.

Good luck!

Sign up and get access to solution files and videos for free

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Sign up and get access to solution files and videos for free

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies