Capture Flag Enumeration And Access To Exposed Credentials Lab

In this lab, you will investigate a Windows server hosting the personal blog of an amateur photographer. Although it may seem harmless at first glance, the system exposes certain misconfigured services that could reveal more than they should.

Your mission is to explore the exposed surfaces, identify relevant clues, build your own custom password dictionary, and gain access to both shared resources and the blog’s administration panel. If your deductions are accurate, you’ll be able to access confidential information.

🌱 How to Start This Lab

Follow these instructions to get started:

1. Download the virtual machine from this link:

1  https://storage.googleapis.com/cybersecurity-machines/blog-lab.ova

1. Import the machine into your preferred virtualization software (VirtualBox, VMware, etc.).
2. To perform this lab, you will need an additional virtual machine to act as your attacking environment. This machine must have cybersecurity tools. We recommend using Kali Linux.
   • Download the pre-built Kali Linux virtual machine image from its official website. Use the "Virtual Machines" option from this link.
3. Once the machine is started, you can begin the lab!

Tip: Not everything is solved by brute force. Sometimes, a well-placed clue is the key.

Happy hacking!