About this lab

In the storm-battered depths of a discreet mountain peak range, lies ProtoVault, an arcane sanctuary governed by the secretive guild known as the Everbound Order. They safeguard some of the most hidden knowledge across the Cyber Realms. Its defenses are forged in dragonfire and sealed with runes that demand the blood, breath, and soulprint of their masters.

But magic can't guard everything.

Whispers ripple through the cyber realm. The vault's inner sanctuary has been breached. A ransom scroll claims access to the Corespell – the foundational arcane code for ProtoVault – and issues a chilling demand:

"Surrender the Archivist Verin."

Verin holds command over the hidden vaults – each safeguarding knowledge not meant to be accessed, but to protect the balance of the Cyber Realms.

If Verin isn't given over, the ProtoVault could unravel everything they were built to defend.

AnchorHelm, an OffSec Legend, has summoned you, a skilled codecaster, to stop this before it goes any further.

Determine if the leak could have come from the application. Review the database connection string to ensure it is secure. Submit the connection string here.

postgresql://assetdba:8d631d2207ec1debaafd806822122250@pgsql_prod_db01.protoguard.local/pgamgt?sslmode=verify-full

Review the other source files. Which one may have leaked the database? Provide the file name.

backup_db.py

Using the results of your analysis, discover the public address of the database leak. Verify the contents of the leak by submitting the password hash for Naomi Adler.

pbkdf2:sha256:600000$YQqIvcDipYLzzXPB$598fe450e5ac019cdd41b4b10c5c21515573ee63a8f4881f7d721fd74ee43d59

Submit the public address of the database leak, including the name of the file.

https://protoguard-asset-management.s3.us-east-2.amazonaws.com/db_backup.xyz**