ReelHouse
ReelHouse is an independent cinema chain's management platform with ticketing, staff scheduling, and interconnected internal systems.
The Scenario
An independent cinema chain discovers irregularities in its internal management platform. Multiple interconnected systems may be at risk.
Lab Intel
Synopsis
ReelHouse have enlisted your services to audit their cinema management platform after irregularities were spotted across several interconnected internal systems -- ticketing, booth calibration, print distribution, and concession supply chains.
Architecture
A hard-rated lab comprising six Docker services (nginx gateway, main app, prints, pantry, booth, and MySQL database) that simulate an independent cinema chain's internal toolset. Its difficulty comes from chaining exploits across multiple loosely-coupled services -- mass assignment, PIN brute-forcing, API key extraction, and second-order SQL injection -- each building on the last.
Who It's For
Designed for intermediate-to-advanced testers who are comfortable pivoting between multiple web services in a single engagement. You should have prior experience with HTTP API testing, basic SQL injection techniques, and understand how credentials and API keys flow between backend services.
Skills You'll Practice
- HTTP proxy usage and API endpoint enumeration
- Understanding of mass assignment vulnerabilities
- Familiarity with SQL injection fundamentals
- Brute-force tooling (Burp Intruder, ffuf, or similar)
- Reading and correlating data across multiple service APIs
What You'll Gain
- Mass assignment privilege escalation
- PIN brute-force on authenticated endpoints
- API key extraction from logs and config
- Second-order SQL injection
- Cross-service credential reuse and pivoting