offensive cyber
61 Topics
699Views0likes1CommentPen Test CTFs: Jinja2 Exploitation
Good morning Team, This one has my head spinning and i feel like im tickling the method but not quite pulling it off. "Jinja2 is a templating engine for Python. It's often used with Flask web applications all over the internet. Templating engines are often vulnerable to Server-Side Template Injection (SSTI), which allows an attacker to inject a template directive as user input that could result in the execution of arbitrary code on the server. This system has a template injection vulnerability in the registration flow. If you try to create an account with a duplicate email address, the email address is passed into the template rendering engine. This email address can contain template syntax, allowing arbitrary code execution. To make things more complicated, the injected value can't be longer than a certain length and must match the expected format of an email address." I have to read the file within /data/token.txt but the strict syntax is keeping at bay. Could anyone offer some direction for this, please.Solved599Views1like8Comments
Reverse Engineering (Offensive) JavaScript Analysis: JSDetox
I'm stuck at below two questions Q6: Which variable does the initial script try to return? Q8: The exploit kit contains a large block of hex encoded shellcode stored in a variable. This shellcode is also XOR encoded. What is the single byte xor key? (In the format 0xNN e.g. 0x11.) So far I downloaded the HTTP objects via Wireshark, extracted the script to JSDetox then decoded base64 strings which resolves to other 2 scripts. With these steps I was able to answer other questions but I can't go any further, any guidance? Thanks in advanceSolved500Views1like10Comments
Server-Side Request Forgery
I need help with step 5 and 6 of Server-Side Request Forgery lab. I was able to find the location of potential SSRF i.e "lookup?url=http://localhost:3000/online" after that I have tried directory traversal and other methods in place of HTTP (FTP). Nothing seems to working to get the bot name/service accountSolved500Views1like4CommentsHow do you use the clipboard feature within labs?
Can anyone tell me how I can use the clipboard feature within labs?Solved400Views0likes2CommentsI want to start again with the lab. Can you reset the lab for me?
I want to complete the lab for a second time.Solved325Views0likes1Comment
