Avatar

Labs / Compromised 2

  • Hard
  • Released 01 Jan 2025

🏭 Can you compromise this multi-layered enterprise infrastructure?

A sophisticated enterprise environment runs multiple critical services including SCADA systems, web applications, and mobile components. With proper reconnaissance and exploitation techniques, even the most complex infrastructures can be systematically compromised. 🎯 Time to demonstrate advanced penetration testing skills across multiple attack vectors!

2
Flags
60
Points
Hard
Guided Mode
Solution Available
Pro Exclusive
Start Lab Environment
~1-2 min setup
AWS dedicated
Private instance
Industry standard
Hard

🏭 Advanced Multi-Vector Enterprise Compromise

This advanced penetration testing challenge simulates a complex enterprise environment with multiple services, SCADA systems, and layered security controls. You'll need to chain multiple vulnerabilities across different technologies to achieve complete system compromise.

🎯 What You'll Learn
  • ✓ Advanced reconnaissance and enumeration
  • ✓ Android APK reverse engineering
  • ✓ SCADA/HMI system exploitation
  • ✓ CVE-2023-33831 RCE exploitation
  • ✓ Authentication bypass techniques
  • ✓ Tomcat configuration analysis
  • ✓ Multi-stage privilege escalation
🔍 Challenge Overview

You'll encounter a sophisticated enterprise infrastructure running multiple services including Apache HTTP server, Tomcat application server, SSH services, and a FUXA SCADA system. The environment contains an Android APK file, configuration vulnerabilities, and a critical RCE vulnerability that requires authentication bypass.

Penetration Testing Context: This challenge represents a realistic enterprise compromise scenario involving industrial control systems, web applications, and mobile applications. The multi-vector attack chain demonstrates how attackers pivot through different systems to achieve complete domain compromise.