Labs / Broken Chain
- Hard
- Released 01 Apr 2025
🔗 Can you break through this chain of security controls?
A sophisticated web application environment hosts multiple interconnected services with layered security mechanisms. Each security control presents a unique challenge, but when properly chained together, even the most robust defenses can be systematically compromised. 🎯 Time to demonstrate advanced web application penetration testing skills!
Start Lab Environment
Launch your dedicated AWS machine to begin hacking
🔗 Advanced Web Application Vulnerability Chain
This comprehensive penetration testing challenge focuses on chaining multiple web application vulnerabilities including IDOR, Zip Slip, and Server-Side Template Injection (SSTI). You'll need to exploit these vulnerabilities systematically to gain initial access, then leverage internal services and privilege escalation techniques for complete system compromise.
🎯 What You'll Learn
- ✓ Insecure Direct Object Reference (IDOR) exploitation
- ✓ Zip Slip vulnerability and file overwrite attacks
- ✓ Server-Side Template Injection (SSTI) techniques
- ✓ Internal service discovery and port forwarding
- ✓ Backup service exploitation
- ✓ Credential harvesting from system files
- ✓ Sudo privilege escalation via vim
🔍 Challenge Overview
You'll encounter a blog application with hidden administrative features and internal backup services. The challenge requires exploiting IDOR to discover credentials, using Zip Slip to replace application code, leveraging SSTI for command execution, and escalating privileges through internal service exploitation.