
The Template That Read the Disk
An internet-facing CrushFTP 10.6.0 portal at Tideglow Logistics is exploited via CVE-2024-4040. An attacker grabs an anonymous session, abuses the <INCLUDE> template tag to escape the virtual file system sandbox and read /etc/passwd, exfiltrates the serialized session store, lifts a live crushadmin token, and replays it from a second IP to take over the administrator account. Walk the access logs and firewall traffic step by step to trace the injection, the session theft, and the takeover.
Launches in 5 days
Tuesday, July 14, 2026 at 9:00 AM
Be ready the moment it drops — free forever.
Training Tools
What you'll investigate
6 objectives unlock when this operation goes live.
Be first when it launches
Create your free account now. The moment this operation goes live on Jul 14, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.
Get Started FreeNo credit card required — free forever