Start interactive tutorial

← Back to Projects

Final boss Red Team - The Final Corporate Challenge

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

  • windows

  • cybersecurity

    red team

  • A05:2021 - Security Misconfiguration

  • A01:2021 - Broken Access Control

  • A02:2021 - Cryptographic Failures

  • evil-winrm

  • web fuzzing

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

  • windows

  • cybersecurity

    red team

  • A05:2021 - Security Misconfiguration

  • A01:2021 - Broken Access Control

  • A02:2021 - Cryptographic Failures

  • evil-winrm

  • web fuzzing

📄 Instructions

In this lab, you will face a seemingly large and vulnerable website belonging to the fictional Umbrella Corporation. Although it is full of false leads (SQLi, LFI, etc.), you must thoroughly analyze its structure, discover an exposed backup file, and exploit a misconfiguration in scheduled tasks to escalate privileges on a Windows system.

In this lab you will learn:

  • Analyzing websites with multiple decoys
  • Directory fuzzing and credential extraction
  • Remote access via Evil-WinRM
  • Privilege escalation in Windows using scheduled tasks
  • Decoding base64-encrypted flags

🌱 How to start this lab

Follow these instructions to get started:

  1. Download the virtual machine from this link.
  2. Import the machine into your preferred virtualization manager (VirtualBox, VMware, etc.).
  3. Once the machine is running, you can start the lab!

📄 Instructions

You are facing a web server belonging to Umbrella Corporation, a company with questionable cybersecurity practices. Your goal is to access the system with administrator privileges and obtain a hidden flag on the Administrator user's desktop.

  1. Discover the IP address of the Final Boss machine.

  2. Investigate the website.

    • Access it from your browser at http://<IP>.
    • Explore routes such as:
      • index.php?page=home
      • index.php?page=about
      • index.php?page=contact
  3. Fuzz for hidden directories. Use tools like gobuster or dirb.

  4. Extract the credentials.

  5. Connect to the machine using Evil-WinRM. Use the discovered credentials to obtain a shell.

  6. Escalate privileges by editing a misconfigured script.

  7. Find the final flag. The flag is base64-encrypted. Use CyberChef to decode it.

Remember: Not everything that looks vulnerable actually is. Learn to follow the real clues among the decoys.

Good luck, agent!

Sign up and get access to solution files and videos for free

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

  • windows

  • cybersecurity

    red team

  • A05:2021 - Security Misconfiguration

  • A01:2021 - Broken Access Control

  • A02:2021 - Cryptographic Failures

  • evil-winrm

  • web fuzzing

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

  • windows

  • cybersecurity

    red team

  • A05:2021 - Security Misconfiguration

  • A01:2021 - Broken Access Control

  • A02:2021 - Cryptographic Failures

  • evil-winrm

  • web fuzzing

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

  • windows

  • cybersecurity

    red team

  • A05:2021 - Security Misconfiguration

  • A01:2021 - Broken Access Control

  • A02:2021 - Cryptographic Failures

  • evil-winrm

  • web fuzzing

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

  • windows

  • cybersecurity

    red team

  • A05:2021 - Security Misconfiguration

  • A01:2021 - Broken Access Control

  • A02:2021 - Cryptographic Failures

  • evil-winrm

  • web fuzzing

Sign up and get access to solution files and videos for free

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

  • windows

  • cybersecurity

    red team

  • A05:2021 - Security Misconfiguration

  • A01:2021 - Broken Access Control

  • A02:2021 - Cryptographic Failures

  • evil-winrm

  • web fuzzing

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

  • windows

  • cybersecurity

    red team

  • A05:2021 - Security Misconfiguration

  • A01:2021 - Broken Access Control

  • A02:2021 - Cryptographic Failures

  • evil-winrm

  • web fuzzing