Start interactive tutorial

← Back to Projects

Insider Threats: The Impostor

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

  • linux

    • cybersecurity

    blue-team

  • incident response

  • privilege-escalation

  • lateral-movement

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Insider Threats: The Impostor
🌱 How to start this lab
📄 Instructions
  • Your mission:

Insider Threats: The Impostor

Welcome to "Systems, Inc.", an IT infrastructure and management company. Today, there’s a crisis: the main web service is unstable, crashing repeatedly. This isn’t a random failure; the anomalies point to deliberate sabotage by an internal "impostor".

Your mission is clear: restore the website permanently and unmask the culprit to neutralize the threat at its source.

This lab will challenge you to:

  • Investigate a compromised server.
  • Navigate and move laterally between users.
  • Escalate privileges to take control.
  • Identify and neutralize the threat.

🌱 How to start this lab

  1. Download the virtual machine from this link:
We are sorry, you don't have enough privileges to access this block of content, please signup or upgrade your plan to access it.
1https://storage.googleapis.com/cybersecurity-machines/the_imposter_lab.ova

  1. Import the machine into VirtualBox.

  2. Log in as user student:4geeks_lab.

📄 Instructions

When you connect, the main website (the VM’s IP from your browser) will be down or constantly interrupted. Your goal is to stop this sabotage.

Your mission:

  1. Investigate the system:

    • Start by exploring the environment. What users are there? What files do you find in your home directory and others?
    • You don’t have sudo access initially; the key is lateral movement and gathering clues to escalate privileges. Look for configurations, unusual files, or communications that reveal the sabotage. Each user may hold a piece of the puzzle.

  2. Neutralize the sabotage:

    • Once you identify the cause of the outages, you’ll need to gain root access to disable the attack.
    • Restore the web service to ensure its stability.

  3. Unmask the impostor and capture the Flag:

    • The evidence will guide you to the saboteur’s identity.

  4. Only when you have identified the impostor and are root, use the following command in the terminal to validate the impostor’s name:

1validate-imposter-name
  1. Enter the culprit’s name when prompted. If correct, you’ll get the flag:
Impostor identified!
Flag: 4GEEKS{EXAMPLE_FLAG}

Think like a cybersecurity detective. Every clue is valuable.

Good luck, Analyst!

Sign up and get access to solution files and videos for free

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Sign up and get access to solution files and videos for free

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies