Return to forum

NotEvenME · October 23, 2022 at 4:07 PM

typing something stupid to see

Amonguss · October 23, 2022 at 4:11 PM

(October 23, 2022, 03:21 PM)Hacker2222 Wrote: web challenge:
ssti in mako templates

Thanksss

NotEvenME · October 23, 2022 at 4:12 PM

Could someone elaborate on the web challenge? ssti in mako templates doesnt say enough for me unfortunately.

ludovschneck · October 23, 2022 at 4:13 PM

(October 23, 2022, 03:21 PM)Hacker2222 Wrote: forensics challenge:
dns exfil

rename gives corrupted unrecoverable file :(

tryingNew1 · October 23, 2022 at 4:13 PM

(October 23, 2022, 04:12 PM)NotEvenME Wrote: Could someone elaborate on the web challenge? ssti in mako templates doesnt say enough for me unfortunately.

its server side template injection...
payload is already there
copy and paste it in search
enjoy!!!!!

(October 23, 2022, 03:37 PM)Meep Wrote: A hint for Pwn: p.send(b'\xc9\x07\xcc\x00\x00\x00\x00\x00' + b'
')

pls be more specific

jehnhammend · October 23, 2022 at 4:14 PM

(October 23, 2022, 04:13 PM)ludovschneck Wrote:
(October 23, 2022, 03:21 PM)Hacker2222 Wrote: forensics challenge:
dns exfil

rename gives corrupted unrecoverable file :(

Don't use excel . Use his site or similar : https://products.aspose.app/cells/viewer/xlsx

nirs · October 23, 2022 at 4:15 PM

(October 23, 2022, 04:13 PM)ludovschneck Wrote:
(October 23, 2022, 03:21 PM)Hacker2222 Wrote: forensics challenge:
dns exfil

rename gives corrupted unrecoverable file :(

dont forget about last "00" and remove new lines

keygen · October 23, 2022 at 4:15 PM

ooooops, i was struglling with web

first6444444 · October 23, 2022 at 4:29 PM

(October 23, 2022, 03:21 PM)Hacker2222 Wrote: web challenge:
ssti in mako templates

thanks

deathfrom · October 23, 2022 at 4:29 PM

thanks