Pwned! - Find the Backdoor

This lab tests your observation skills, your command of basic Unix tools, and your judgment in recognizing malicious code.

In this lab you will practice:

• Manual exploration of a real web server's file system
• Using tools like find, grep, less, and cat to search for suspicious artifacts
• Identifying common patterns in PHP reverse shells

🌱 How to start this lab

Follow these steps to get started:

1. Download the lab files from this link:

1    https://storage.googleapis.com/cybersecurity-machines/web-threats-lab.ova

1. Import the virtual machine into VirtualBox or VMware.
2. Start the VM, log in as the user student:4geeks-lab, and open the website in your browser if you wish:

1  http://<ip_machine>/pwned/

Your Mission: Find the Exact Path to the Malicious File

TerraSafe is a cybersecurity consulting firm with international clients. But someone on the team — possibly a disgruntled former employee — has planted malicious code inside the web server.

Your job as a threat hunter is to investigate the site. The malicious code is still active and hidden in plain sight. You must find the exact path to the compromised file and validate it to uncover evidence of the attack.

Validation

Once you believe you’ve found the absolute path to the file, run the following command on the virtual machine:

1validate-malicious-path

The script will prompt you to enter the absolute file path. If it’s correct, it will reveal what you're looking for.

💡 Tips

• Look for comments in the code — they may contain subtle clues.

Good luck!