Difficulty
intermediate
Average duration
2 hrs
Technologies
linux
cybersecurity
wordpress
red team
A05:2021 - Security Misconfiguration
A01:2021 - Broken Access Control
Difficulty
intermediate
Average duration
2 hrs
Technologies
linux
cybersecurity
wordpress
red team
A05:2021 - Security Misconfiguration
A01:2021 - Broken Access Control
In this lab, you will investigate the website of a fictional beer brand called Cheers! Brewery, built on an outdated version of WordPress. Although the site appears functional and static, it is suspected to contain a vulnerable component associated with a popular script used in older WordPress themes.
Your objective is to study the structure of the site, identify potentially suspicious paths, and assess whether any components could allow remote code execution due to poor implementation.
This lab is not focused on brute force or direct access techniques, but rather on your ability to observe, deduce, and reason technically in the face of a weak configuration.
Follow these instructions to get started:
1 https://storage.googleapis.com/cybersecurity-machines/cheers-lab.ova
During your investigation, you may consider using the following:
Remember: not all attacks require brute force. Sometimes, it is enough to observe, analyze, and understand how the system works to find a flaw.
Happy hacking!
Difficulty
intermediate
Average duration
2 hrs
Technologies
linux
cybersecurity
wordpress
red team
A05:2021 - Security Misconfiguration
A01:2021 - Broken Access Control
Difficulty
intermediate
Average duration
2 hrs
Technologies
linux
cybersecurity
wordpress
red team
A05:2021 - Security Misconfiguration
A01:2021 - Broken Access Control
Difficulty
intermediate
Average duration
2 hrs
Technologies
linux
cybersecurity
wordpress
red team
A05:2021 - Security Misconfiguration
A01:2021 - Broken Access Control
Difficulty
intermediate
Average duration
2 hrs
Technologies
linux
cybersecurity
wordpress
red team
A05:2021 - Security Misconfiguration
A01:2021 - Broken Access Control
Difficulty
intermediate
Average duration
2 hrs
Technologies
linux
cybersecurity
wordpress
red team
A05:2021 - Security Misconfiguration
A01:2021 - Broken Access Control
Difficulty
intermediate
Average duration
2 hrs
Technologies
linux
cybersecurity
wordpress
red team
A05:2021 - Security Misconfiguration
A01:2021 - Broken Access Control