Avatar

Labs / Corporate Breach 2

  • Daily Challenge
  • Released 09 Jul 2025

Corporate Breach 2

Start the machine, hack the system, and find the hidden flags to complete this challenge and earn points!

1
Flags
1
Points
Daily Challenge
Solution Available
Pro Exclusive
Start Lab Environment
~1-2 min setup
AWS dedicated
Private instance
Industry standard
Daily Challenge

Corporate Breach 2 - Solution Walkthrough

Step 1: Reconnaissance

  1. Access the corporate website at
  2. Explore the navigation and observe the URL structure
  3. Notice the page parameter in URLs like ?page=about

Step 2: Understanding the Vulnerability

  1. The application uses include $page . '.php'
  2. This means ?page=about becomes include 'about.php'
  3. Try accessing ?page=admin/index
  4. This becomes include 'admin/index.php'

Step 3: Exploiting the LFI

  1. Navigate to ?page=admin/index
  2. This will include the admin panel file
  3. The admin panel will display the flag

Step 4: The Flag

  1. The flag is displayed in the admin panel: 6a702640-7e26-47fb-ab55-93475c2d6040
  2. Submit this as your answer

Technical Details

  • This demonstrates a more subtle LFI vulnerability
  • The automatic .php extension can be exploited to access files in subdirectories
  • No directory traversal needed - just path manipulation
  • Shows the importance of proper file inclusion validation