To access material, start machines and answer questions login.
Set up your virtual environment
To successfully complete this room, you'll need to set up your virtual environment. This involves starting both your AttackBox (if you're not using your VPN) and Target Machines, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.
Attacker machine
Status:Off
Lab machine - Task 1
Status:Off
assigned the identifier -2023-38408 on July 19th in response to a critical vulnerability in OpenSSH's PKCS#11 feature prior to version 9.3p2. This security flaw, which allows remote code execution if an agent is forwarded to an attacker-controlled system due to an insufficiently trustworthy search path, has been found by The Qualys Threat Research Unit (TRU) (opens in new tab). It's essential to note that loading code from /usr/lib into -agent can pose significant risks. This vulnerability represents an incomplete fix for a previous -2016-10009.
The discovered vulnerability impacts all OpenSSH versions preceding 9.3p2, posing substantial risks for users who utilize agent forwarding in untrusted environments. To safeguard against the threat of remote code execution, it is strongly advised to upgrade to OpenSSH version 9.3p2 or above.
To deploy the attached , press the green Start Lab Machine button at the top of the task and connect to the machine via , you can use the following credentials:

| Username | redqueenrebel |
| Password | DownTheRabbitHole! |
Answer the questions below
Let’s get started!
Ready to learn Cyber Security?
The CVE-2023-38408 room is only available for Premium or Max subscribers. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in

