Hacking the Basics: A 17-Flag Guide to the MBPTL Pen Testing Lab
Most Basic Penetration Testing Lab (MBPTL)
A comprehensive, hands-on penetration testing lab designed to teach cybersecurity fundamentals through practical exercises.
This document outlines the complete process for discovering and collecting all 17 flags across the MBPTL environment. The lab is designed to simulate real-world penetration testing scenarios and demonstrate various attack vectors and techniques.
Flag Checklist
Phase 1: Reconnaissance (Flags 1-3)
- Flag 1: Page source analysis (HTML comments)
- Flag 2: HTTP header analysis (
curl -I) - Flag 3: Alternative web service discovery (port 8080)
Phase 2: Web Enumeration (Flag 4)
- Flag 4: Administrator panel discovery (
/administrator/)
Phase 3: SQL Injection (Flags 5-7)
- Flag 5: SQL injection vulnerability discovery (
details.php?id=1') - Flag 6: Database flag extraction (SQLMap)
- Flag 7: Admin panel access (credentials)
Phase 4: Post-Exploitation (Flags 8-9)
- Flag 8: User-level flag (
/flag/user.txt) - Flag 9: Root-level flag (
/flag/root.txt)
Phase 5: SOC Analysis (Flags 10-12)
- Flag 10: Web access log analysis (
/var/log/apache2/access.log) - Flag 11: Command history analysis (
/root/.bash_history) - Flag 12: Shell configuration analysis (
/root/.bashrc)
Phase 6: Network Pivoting (Flags 13-14)
- Flag 13: Internal application discovery (port 5000, reachable only from the compromised container)
- Flag 14: Server-Side Template Injection (SSTI)
Phase 7: Binary Exploitation (Flags 15-17)
- Flag 15: Binary analysis and reverse engineering
- Flag 16: Internal service discovery (port 31337, reachable only from the compromised container)
- Flag 17: Buffer overflow exploitation
What You’ll Learn
This lab covers complete penetration testing methodology with 17 hands-on flags. Complete the lab in this order:
- Reconnaissance → Information gathering and target enumeration
- Vulnerability Assessment → Identifying security weaknesses
- Exploitation → Exploiting vulnerable applications and services
- Password Cracking → Breaking authentication mechanisms
- Post-Exploitation → Maintaining access and privilege escalation
- Network Pivoting → Moving between networks and accessing internal systems
- Binary Exploitation → Exploiting memory corruption vulnerabilities in compiled programs
- Reverse Engineering → Analyzing software to understand its functionality and identify vulnerabilities
- SOC Analysis → Log analysis and forensic techniques
Lab Architecture
The lab simulates a realistic network environment with 3 interconnected containers:
Main Container (mbptl-main)
Primary target with web applications
- Port 80: Web application with SQL injection vulnerability
- Port 8080: Administrator panel with file upload vulnerability
- Port 3306: MySQL database (internal-only, reachable from other containers)
- Objective: Initial compromise and privilege escalation
Internal Container (mbptl-internal)
Internal service for binary exploitation
- Port 31337: Custom binary service with buffer overflow vulnerability (internal-only)
- Objective: Binary exploitation and reverse engineering
- Access: Only accessible after compromising main container
Web Internal Container (mbptl-app)
Internal web application for pivoting
- Port 5000: Flask application with template injection vulnerability (internal-only)
- Objective: Advanced web application exploitation
- Access: Only accessible after compromising main container
Install
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
