Gossip Lab- SQL injection

Welcome to GOSSIP, a lab where you will put your skills to the test by identifying flaws in internal applications, analyzing compromised databases, and reading between the lines to uncover the true saboteur.

This application simulates the internal system of a corporate hotel named Alabama Suites, where everything seems to be in order… until you start digging through the data. Sabotage has been reported against one of the employees, and your mission is to access the system, explore the available information as different users, and discover who is behind the sabotage.

🌱 How to Start This Lab

Follow these instructions to get started:

1. Download the virtual machine from this link:

1  https://storage.googleapis.com/cybersecurity-machines/gossip-lab.ova

1. Import the machine into your preferred virtualization software (VirtualBox, VMware, etc.).
2. Start the VM and begin the challenge.

🛠 Recommended Tools

During your analysis, you may consider using:

• Nmap, Netdiscover – for network and port discovery
• Burp Suite, cURL, web browser – for interacting with forms
• SQLMap, manual injection – to detect and exploit database vulnerabilities
• John the Ripper, Hashcat, CyberChef – for password analysis and cracking

Happy hacking!