Final boss Red Team - The Final Corporate Challenge

🌱 How to start this lab

Follow these instructions to get started:

1. Download the virtual machine from this link.
2. Import the machine into your preferred virtualization manager (VirtualBox, VMware, etc.).
3. Once the machine is running, you can start the lab!

📄 Instructions

You are facing a web server belonging to Umbrella Corporation, a company with questionable cybersecurity practices. Your goal is to access the system with administrator privileges and obtain a hidden flag on the Administrator user's desktop.

1. Discover the IP address of the Final Boss machine.

2. Investigate the website.

   • Access it from your browser at http://<IP>.
   • Explore routes such as:
     • index.php?page=home
     • index.php?page=about
     • index.php?page=contact

3. Fuzz for hidden directories. Use tools like gobuster or dirb.

4. Extract the credentials.

5. Connect to the machine using Evil-WinRM. Use the discovered credentials to obtain a shell.

6. Escalate privileges by editing a misconfigured script.

7. Find the final flag. The flag is base64-encrypted. Use CyberChef to decode it.

Remember: Not everything that looks vulnerable actually is. Learn to follow the real clues among the decoys.

Good luck, agent!