Modern Web Exploitation Techniques  

  1. Page 20
  2. Skills Assessment

Skills Assessment

Scenario

Inlanefreight, our valued client, has contacted us to conduct an external penetration test against some of their web applications. However, this is not just any ordinary penetration test because they are on the brink of launching a groundbreaking PDF creator.

Inlanefreight has provided us with a list of subdomains and their corresponding local port numbers where the web applications live, all within the defined scope of this penetration test. Any targets beyond the boundaries of this explicitly mentioned list are strictly off-limits and fall outside the scope of our assessment.

In-Scope Subdomains

Target Local Port
library.inlanefreight.local 8001
vault.inlanefreight.local 8002
pdf.inlanefreight.local 8003
webmin.inlanefreight.local 10000

To add these subdomains to your /etc/hosts file, use the command below, replacing <Target_IP> with the spawned target's IP address:

[!bash!]$ sudo tee -a /etc/hosts > /dev/null <<EOT

## inlanefreight hosts 
<Target_IP> library.inlanefreight.local vault.inlanefreight.local webmin.inlanefreight.local pdf.inlanefreight.local
EOT

Harness the modern web exploitation techniques you learned in this module to disclose all of Inlanefreight's security vulnerabilities.

VPN Servers

Warning: Each time you "Switch", your connection keys are regenerated and you must re-download your VPN connection file.

All VM instances associated with the old VPN Server will be terminated when switching to a new VPN server.
Existing PwnBox instances will automatically switch to the new VPN server.

PROTOCOL

/ 1 spawns left

Waiting to start...

Questions

Answer the question(s) below to complete this Section and earn cubes!

Click here to spawn the target system!

Target: Click here to spawn the target system!

Download VPN Connection File

+10 Streak pts

+10 Streak pts

+10 Streak pts

+10 Streak pts

Previous

+10 Streak pts