Difficulty
intermediate
Average duration
2 hrs
Technologies
windows
cybersecurity
red team
A05:2021 - Security Misconfiguration
A01:2021 - Broken Access Control
A02:2021 - Cryptographic Failures
evil-winrm
web fuzzing
Difficulty
intermediate
Average duration
2 hrs
Technologies
windows
cybersecurity
red team
A05:2021 - Security Misconfiguration
A01:2021 - Broken Access Control
A02:2021 - Cryptographic Failures
evil-winrm
web fuzzing
In this lab, you will face a seemingly large and vulnerable website belonging to the fictional Umbrella Corporation. Although it is full of false leads (SQLi, LFI, etc.), you must thoroughly analyze its structure, discover an exposed backup file, and exploit a misconfiguration in scheduled tasks to escalate privileges on a Windows system.
In this lab you will learn:
Follow these instructions to get started:
You are facing a web server belonging to Umbrella Corporation, a company with questionable cybersecurity practices. Your goal is to access the system with administrator privileges and obtain a hidden flag on the Administrator
user's desktop.
Discover the IP address of the Final Boss machine.
Investigate the website.
http://<IP>
.index.php?page=home
index.php?page=about
index.php?page=contact
Extract the credentials.
Connect to the machine using Evil-WinRM. Use the discovered credentials to obtain a shell.
Escalate privileges by editing a misconfigured script.
Find the final flag. The flag is base64-encrypted. Use CyberChef to decode it.
Remember: Not everything that looks vulnerable actually is. Learn to follow the real clues among the decoys.
Good luck, agent!
Difficulty
intermediate
Average duration
2 hrs
Technologies
windows
cybersecurity
red team
A05:2021 - Security Misconfiguration
A01:2021 - Broken Access Control
A02:2021 - Cryptographic Failures
evil-winrm
web fuzzing
Difficulty
intermediate
Average duration
2 hrs
Technologies
windows
cybersecurity
red team
A05:2021 - Security Misconfiguration
A01:2021 - Broken Access Control
A02:2021 - Cryptographic Failures
evil-winrm
web fuzzing
Difficulty
intermediate
Average duration
2 hrs
Technologies
windows
cybersecurity
red team
A05:2021 - Security Misconfiguration
A01:2021 - Broken Access Control
A02:2021 - Cryptographic Failures
evil-winrm
web fuzzing
Difficulty
intermediate
Average duration
2 hrs
Technologies
windows
cybersecurity
red team
A05:2021 - Security Misconfiguration
A01:2021 - Broken Access Control
A02:2021 - Cryptographic Failures
evil-winrm
web fuzzing
Difficulty
intermediate
Average duration
2 hrs
Technologies
windows
cybersecurity
red team
A05:2021 - Security Misconfiguration
A01:2021 - Broken Access Control
A02:2021 - Cryptographic Failures
evil-winrm
web fuzzing
Difficulty
intermediate
Average duration
2 hrs
Technologies
windows
cybersecurity
red team
A05:2021 - Security Misconfiguration
A01:2021 - Broken Access Control
A02:2021 - Cryptographic Failures
evil-winrm
web fuzzing