Offensive Security Intro

Offensive Security is about thinking like an attacker to find weaknesses before real hackers do.

In this room, you'll hack your first website in a safe and legal environment to see how ethical hackers operate. 

This room uses a virtual desktop to simulate a real system. Press the "View Site" button below to get started.

A fake banking application called FakeBank will launch. When the lab loads, you'll see the banking application running in your browser.

Now we will find a weakness in the FakeBank website. Click the button below to get started with this portion of the room.

After clicking the above "View Site" button, we will begin using the terminal. The terminal is used to interact with the device and cybersecurity tools.

One common mistake websites make is leaving hidden pages accessible. We'll use the terminal to run a command that can look for these.

Inside the terminal, copy and paste the dirb command below and wait for it to finish. Any lines from the output that start with + are pages that have been found.

dirb http://fakebank.thm

Dirb will find two URLs. Use this information to answer the question below.

You should now have found a hidden admin panel that lets you add money to your account. Click the "View Site" button below to complete this section.

To naviate to this hidden admin panel, we will add this newly discovered page to the search bar located at the top within the website. To do so, you will need to add the following: /bank-transfer

Select the account number 8881 and deposit $2000 (or more). After clicking "Deposit Money", a flag will popup. Use this flag to answer the question below.