Official RedPanda Discussion

Official discussion thread for RedPanda. Please do not post any spoilers or big hints.

Anyone got an ideas? Im stuck trying to do SQL injects, not even sure if im on the right track

trying rev shell but cant work

rev shell? how?

I have found #{7*7} SSTI. I haven’t found any other payload that works even if i escape all special/banned characters. Am i even on the right path?

yes it is. i get the user flag now with SSTI

STAR is the key :wink:

1 Like

Wow, thanks for the good and subtle hint!

1 Like

This is fun to hack around on but now i am stuck with stuff like
You searched for: Process[pid=50496, exitValue="not exited"

What is the technique to … i dont know - get the results of the command ? Or - am I never able to do that
do i have to send the output of the command to the “attack” box ?

Did i say too much ?

I think that Java is your problem. I can read, execute etc. just play with it :slight_smile:

1 Like

true , i like coffee but i do not do Java :wink:
almost threre … thanks

check you DM :smiley:

stuck found the injection point but having trouble getting any RCE

Someone help me with the SSTI syntax please.

Rooted. The difference in difficulty between User and Root is insane.

4 Likes

Stuck at privesc. Can someone give me some nudges please

The same for me please

what @sekkabak said and “PayloadsAllTheThings” github repo is enough to get access to the machine

1 Like

Could someone help me with ssti please. Dm me

Help me with ssti please. Dm me