Return to forum

venom_1991 · October 23, 2022 at 5:05 PM

thanks!

mitas3c · October 23, 2022 at 5:07 PM

(October 23, 2022, 03:21 PM)Hacker2222 Wrote: web challenge:
ssti in mako templates

thank you

roobie · October 23, 2022 at 5:09 PM

Thanks,!

br4v0ch4rl33 · October 23, 2022 at 5:17 PM

sweet

bozonas · October 23, 2022 at 5:21 PM

thanks

Stofii · October 23, 2022 at 5:22 PM

thanks

tsartsa · October 23, 2022 at 5:30 PM

thanks

KnoxRestard · October 23, 2022 at 5:38 PM

thanks

MonclerDremy · October 23, 2022 at 5:39 PM

thank you

HTBContestant · October 23, 2022 at 5:50 PM

(October 23, 2022, 04:33 PM)Meep Wrote:
(October 23, 2022, 04:13 PM)tryingNew1 Wrote:

(October 23, 2022, 03:37 PM)Meep Wrote: A hint for Pwn: p.send(b'\xc9\x07\xcc\x00\x00\x00\x00\x00' + b'
')

pls be more specific

Use pwntools for python3, walk the program. My instructions to get the flag are T -> S -> \xc9\x07\xcc\x00\x00\x00\x00\x00 -> R -> L -> C. Don't forget newlines. Or use something to write the bytes as characters over nc.

Very cool. I'm curious, though, how you found that input value. When I tried it via netcat manually, I always ended up with values far away from 13371337. Is there a method/tool that can generate the correct sequence based on the desired values or did you brute force it until the value was correct?