Difficulty
intermediate
Average duration
2 hrs
Technologies
ftp
burpsuite
cybersecurity
linux
A02:2021 - Cryptographic Failures
A03:2021 - Injection
red team
A05:2021 - Security Misconfiguration
Difficulty
intermediate
Average duration
2 hrs
Technologies
ftp
burpsuite
cybersecurity
linux
A02:2021 - Cryptographic Failures
A03:2021 - Injection
red team
A05:2021 - Security Misconfiguration
In this lab, you will investigate a vulnerable web application that transmits sensitive information without any form of encryption. At first glance, the site appears simple and harmless, but upon closer inspection, it reveals serious implementation flaws.
Your goal is to identify data leaks in the frontend, intercept unprotected HTTP traffic, and uncover how these poor practices can lead to remote access to other services. This exercise tests your observation skills and your strategic use of tools. Moreover, it offers a realistic exploration of how a single mistake can compromise an entire system.
Follow these instructions to get started:
1 https://storage.googleapis.com/cybersecurity-machines/blindma1den-lab.ova
During your investigation, you may consider using:
Remember: Unencrypted traffic is a goldmine for attackers. Learn to see it as an attacker... or an auditor would.
Happy hacking!
Difficulty
intermediate
Average duration
2 hrs
Technologies
ftp
burpsuite
cybersecurity
linux
A02:2021 - Cryptographic Failures
A03:2021 - Injection
red team
A05:2021 - Security Misconfiguration
Difficulty
intermediate
Average duration
2 hrs
Technologies
ftp
burpsuite
cybersecurity
linux
A02:2021 - Cryptographic Failures
A03:2021 - Injection
red team
A05:2021 - Security Misconfiguration
Difficulty
intermediate
Average duration
2 hrs
Technologies
ftp
burpsuite
cybersecurity
linux
A02:2021 - Cryptographic Failures
A03:2021 - Injection
red team
A05:2021 - Security Misconfiguration
Difficulty
intermediate
Average duration
2 hrs
Technologies
ftp
burpsuite
cybersecurity
linux
A02:2021 - Cryptographic Failures
A03:2021 - Injection
red team
A05:2021 - Security Misconfiguration
Difficulty
intermediate
Average duration
2 hrs
Technologies
ftp
burpsuite
cybersecurity
linux
A02:2021 - Cryptographic Failures
A03:2021 - Injection
red team
A05:2021 - Security Misconfiguration
Difficulty
intermediate
Average duration
2 hrs
Technologies
ftp
burpsuite
cybersecurity
linux
A02:2021 - Cryptographic Failures
A03:2021 - Injection
red team
A05:2021 - Security Misconfiguration