In this lab, you will take on the role of a digital intelligence analyst tasked with locating a missing undercover agent. Their last signal was detected on an abandoned monitoring server. On it, a web panel was found with no official documentation and signs of a rushed installation. Although it seems harmless at first glance, certain anomalous behaviors suggest the agent left hidden clues before being captured.
Your mission is to carefully analyze the environment, deduce the agent’s location using geographic logic and OSINT techniques, and access the system.
👉 This challenge is solved entirely from a local Kali Linux environment. You do not need to log in to the proposed downloadable virtual machine. You only need it running to access its vulnerable web server.
1https:/cybersecurity-machines/web-threats-lab.ova
Import the virtual machine into VirtualBox.
Start the VM and access the investigated website in your browser: http://<vm_ip>/thepolice/
The undercover agent, known as Officer M., disappeared during a secret operation in Eastern Europe. It is a coastal country. Communications were cut off, but an old server revealed a trail: a web application with no manual or controls, using weak credentials based on the deployment region and names of nearby cities. The agent left clues before disappearing, trusting someone would know how to interpret them.
A suspicious file was detected on the website. It is undocumented, but its name starts with a dot. Perhaps the agent hid something there containing vital information to identify the country and city where they are being held...
Discover the country and the city where the officer is located. Only then will the flag confirming the success of the mission be revealed.
We’re counting on you! 🕵️♀️