Hi everyone! This is a Linux machine that requires exploiting SSTI in a Java SpringFramework application via a search bar on the webpage for RCE and then initial access. For privilege escalation, we will need to emulate what group the user is in, discover a log file he/she has access to, use pspy to discover […]
Hi everyone! This is a Linux machine challenge that was created on 24 April 2022. This machine requires us to utilize Optical Character Recognition (OCR) in Python for SSTI which gives us initial access. For privilege escalation, we are required to enumerate files in the victim machine owned by the user and modify a script […]
Dear readers, Recently I finished another web challenge called Templated on HackTheBox. It was a really short and fun Server Side Template Injection (SSTI) challenge created on 24th October 2020. Let’s go straight into the write-up. Files provided There are no files provided which is pretty rare for an challenges in HackTheBox. Outlook of the […]
Lamecarrot 