Start interactive tutorial

← Back to Projects

Intercepting traffic and cryptographic failures

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

  • ftp

  • burpsuite

  • cybersecurity

  • linux

  • A02:2021 - Cryptographic Failures

  • A03:2021 - Injection

  • red team

  • A05:2021 - Security Misconfiguration

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

  • ftp

  • burpsuite

  • cybersecurity

  • linux

  • A02:2021 - Cryptographic Failures

  • A03:2021 - Injection

  • red team

  • A05:2021 - Security Misconfiguration

🌱 How to Start This Lab

In this lab, you will investigate a vulnerable web application that transmits sensitive information without any form of encryption. At first glance, the site appears simple and harmless, but upon closer inspection, it reveals serious implementation flaws.

Your goal is to identify data leaks in the frontend, intercept unprotected HTTP traffic, and uncover how these poor practices can lead to remote access to other services. This exercise tests your observation skills and your strategic use of tools. Moreover, it offers a realistic exploration of how a single mistake can compromise an entire system.

🌱 How to Start This Lab

Follow these instructions to get started:

  1. Download the virtual machine from this link:
We are sorry, you don't have enough privileges to access this block of content, please signup or upgrade your plan to access it.
1 https://storage.googleapis.com/cybersecurity-machines/blindma1den-lab.ova
  1. Import the machine into your preferred virtualization software (VirtualBox, VMware, etc.).
  2. Start the VM and begin the challenge.

During your investigation, you may consider using:

  • Burp Suite – to intercept and analyze web traffic
  • Nmap, Netdiscover, arp-scan – for network reconnaissance
  • John the Ripper, CyberChef, base64 – for hash cracking and data decoding
  • FTP, curl, cat, less – to connect and remotely explore the system

Remember: Unencrypted traffic is a goldmine for attackers. Learn to see it as an attacker... or an auditor would.

Happy hacking!

Sign up and get access to solution files and videos for free

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

  • ftp

  • burpsuite

  • cybersecurity

  • linux

  • A02:2021 - Cryptographic Failures

  • A03:2021 - Injection

  • red team

  • A05:2021 - Security Misconfiguration

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

  • ftp

  • burpsuite

  • cybersecurity

  • linux

  • A02:2021 - Cryptographic Failures

  • A03:2021 - Injection

  • red team

  • A05:2021 - Security Misconfiguration

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

  • ftp

  • burpsuite

  • cybersecurity

  • linux

  • A02:2021 - Cryptographic Failures

  • A03:2021 - Injection

  • red team

  • A05:2021 - Security Misconfiguration

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

  • ftp

  • burpsuite

  • cybersecurity

  • linux

  • A02:2021 - Cryptographic Failures

  • A03:2021 - Injection

  • red team

  • A05:2021 - Security Misconfiguration

Sign up and get access to solution files and videos for free

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

  • ftp

  • burpsuite

  • cybersecurity

  • linux

  • A02:2021 - Cryptographic Failures

  • A03:2021 - Injection

  • red team

  • A05:2021 - Security Misconfiguration

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

  • ftp

  • burpsuite

  • cybersecurity

  • linux

  • A02:2021 - Cryptographic Failures

  • A03:2021 - Injection

  • red team

  • A05:2021 - Security Misconfiguration