Official discussion thread for RedPanda. Please do not post any spoilers or big hints.
Anyone got an ideas? Im stuck trying to do SQL injects, not even sure if im on the right track
trying rev shell but cant work
rev shell? how?
I have found #{7*7} SSTI. I haven’t found any other payload that works even if i escape all special/banned characters. Am i even on the right path?
1 Like
yes it is. i get the user flag now with SSTI
STAR is the key 
2 Likes
Wow, thanks for the good and subtle hint!
1 Like
This is fun to hack around on but now i am stuck with stuff like
You searched for: Process[pid=50496, exitValue="not exited"
What is the technique to … i dont know - get the results of the command ? Or - am I never able to do that
do i have to send the output of the command to the “attack” box ?
Did i say too much ?
I think that Java is your problem. I can read, execute etc. just play with it 
1 Like
true , i like coffee but i do not do Java
almost threre … thanks
check you DM 
stuck found the injection point but having trouble getting any RCE
Someone help me with the SSTI syntax please.
Rooted. The difference in difficulty between User and Root is insane.
5 Likes
Stuck at privesc. Can someone give me some nudges please
The same for me please
what @sekkabak said and “PayloadsAllTheThings” github repo is enough to get access to the machine
1 Like
Could someone help me with ssti please. Dm me
Help me with ssti please. Dm me