Hintru EN ES ← All labs

✎

Improve lab

Improved version of Bugforge MesaNet

You are creating a new version of this lab. The original stays untouched. Your version will be signed by a cryptographic key generated in your browser — no email, no password. If you clear browser data without exporting your identity, you lose authorship over your contributions.

You do not have a signing identity yet in this browser.

Lab metadata

Title Summary Target type Difficulty Tags (comma-separated)

Steps

Map the Rail API surface

▾

Phase recon, web, foothold, privesc, etc. Title Short action-oriented title. Avoid spoiling the vuln class.

Objective What the student must achieve in this step. Context Optional: setup or prior info needed.

💡 Hint 1 — directional

Directional nudge — point at where to look without naming the technique.

🎯 Hint 2 — technique

Reveal the vulnerability class or technique without the exact payload.

🔑 Hint 3 — near solution

Near-solution: specific approach or command without the final flag.

Solution Exact command, payload, or approach. Code stays in original language. Validation criteria What a correct attempt DOES (action), not what output it produces.

Analyze the /api/rail/display response headers

▾

Phase recon, web, foothold, privesc, etc. Title Short action-oriented title. Avoid spoiling the vuln class.

Objective What the student must achieve in this step. Context Optional: setup or prior info needed.

💡 Hint 1 — directional

Directional nudge — point at where to look without naming the technique.

🎯 Hint 2 — technique

Reveal the vulnerability class or technique without the exact payload.

🔑 Hint 3 — near solution

Near-solution: specific approach or command without the final flag.

Solution Exact command, payload, or approach. Code stays in original language. Validation criteria What a correct attempt DOES (action), not what output it produces.

Confirm header reflection and injection point

▾

Phase recon, web, foothold, privesc, etc. Title Short action-oriented title. Avoid spoiling the vuln class.

Objective What the student must achieve in this step. Context Optional: setup or prior info needed.

💡 Hint 1 — directional

Directional nudge — point at where to look without naming the technique.

🎯 Hint 2 — technique

Reveal the vulnerability class or technique without the exact payload.

🔑 Hint 3 — near solution

Near-solution: specific approach or command without the final flag.

Solution Exact command, payload, or approach. Code stays in original language. Validation criteria What a correct attempt DOES (action), not what output it produces.

Craft the cache-poisoning XSS payload

▾

Phase recon, web, foothold, privesc, etc. Title Short action-oriented title. Avoid spoiling the vuln class.

Objective What the student must achieve in this step. Context Optional: setup or prior info needed.

💡 Hint 1 — directional

Directional nudge — point at where to look without naming the technique.

🎯 Hint 2 — technique

Reveal the vulnerability class or technique without the exact payload.

🔑 Hint 3 — near solution

Near-solution: specific approach or command without the final flag.

Solution Exact command, payload, or approach. Code stays in original language. Validation criteria What a correct attempt DOES (action), not what output it produces.

Poison the cache with the XSS payload

▾

Phase recon, web, foothold, privesc, etc. Title Short action-oriented title. Avoid spoiling the vuln class.

Objective What the student must achieve in this step. Context Optional: setup or prior info needed.

💡 Hint 1 — directional

Directional nudge — point at where to look without naming the technique.

🎯 Hint 2 — technique

Reveal the vulnerability class or technique without the exact payload.

🔑 Hint 3 — near solution

Near-solution: specific approach or command without the final flag.

Solution Exact command, payload, or approach. Code stays in original language. Validation criteria What a correct attempt DOES (action), not what output it produces.

Understand the bot submission mechanism

▾

Phase recon, web, foothold, privesc, etc. Title Short action-oriented title. Avoid spoiling the vuln class.

Objective What the student must achieve in this step. Context Optional: setup or prior info needed.

💡 Hint 1 — directional

Directional nudge — point at where to look without naming the technique.

🎯 Hint 2 — technique

Reveal the vulnerability class or technique without the exact payload.

🔑 Hint 3 — near solution

Near-solution: specific approach or command without the final flag.

Solution Exact command, payload, or approach. Code stays in original language. Validation criteria What a correct attempt DOES (action), not what output it produces.

Execute the full attack chain and capture the flag

▾

Phase recon, web, foothold, privesc, etc. Title Short action-oriented title. Avoid spoiling the vuln class.

Objective What the student must achieve in this step. Context Optional: setup or prior info needed.

💡 Hint 1 — directional

Directional nudge — point at where to look without naming the technique.

🎯 Hint 2 — technique

Reveal the vulnerability class or technique without the exact payload.

🔑 Hint 3 — near solution

Near-solution: specific approach or command without the final flag.

Solution Exact command, payload, or approach. Code stays in original language. Validation criteria What a correct attempt DOES (action), not what output it produces.