hardPro

FrostByte

A tech consulting firm's public website and admin systems hide a sophisticated attack chain involving LDAP injection, password reset manipulation, and SQL injection leading to full system compromise.

ldap-injectionhost-header-injectionsecond-order-sql-injectionfile-uploadphp-webshellmysqlopenldaprce

phpnodejsmysqlopenldapnginx

Unlock with Pro

The Scenario

A tech consulting firm's public website and admin systems hide a sophisticated attack chain involving LDAP injection, password reset manipulation, and SQL injection leading to full system compromise.

Lab Intel

Synopsis

FrostByte runs a consulting firm's public website and admin systems with a cascade of vulnerabilities spanning LDAP injection, host-header injection, second-order SQL injection, and file upload leading to remote code execution.

Architecture

A hard-difficulty five-service lab built on PHP, Node.js, MySQL, OpenLDAP, and nginx. The public website contains an LDAP-injectable employee search that feeds credentials into a Node admin panel; password reset emails are vulnerable to host-header manipulation; the admin audit logging mechanism executes second-order SQL injection via unsanitised display names; and the database has FILE privilege to write PHP webshells to the shared docroot.

Who It's For

Built for intermediate to advanced practitioners ready to chain multiple vulnerability classes across different technologies and datastores. You should understand web requests, SQL syntax, LDAP query semantics, and PHP file operations. Prior experience with Node.js and MySQL internals is helpful but not required.

Skills You'll Practice

LDAP injection via unsanitised filter construction
Host-header injection exploitation in password reset flows
Second-order SQL injection through stored payload execution
File operations and code execution via SQL INTO OUTFILE
Multi-service reconnaissance and credential propagation across boundaries

What You'll Gain

Understanding how input validation vulnerabilities in one service can compromise downstream systems
Recognition of second-order injection patterns and the dangers of trusting data from user-editable fields
Practical knowledge of how directory services, email systems, and database privileges interact in attacks
Experience with multi-stage exploitation chains requiring coordination across different environments and protocols

Ready to hack FrostByte?

Upgrade to Pro to unlock this lab and the full library.

View Pro Plans