@ymousanon10 said:
Ok, i found this ssti but i can’t find the flag i’m a newbee, so… how does a flag look like? Its like the invite code?
It will look something like HTB{…}
Type your comment> @4mby said:
@ymousanon10 said:
Ok, i found this ssti but i can’t find the flag i’m a newbee, so… how does a flag look like? Its like the invite code?It will look something like HTB{…}
Thx, my friend
Type your comment> @ymousanon10 said:
Type your comment> @4mby said:
@ymousanon10 said:
Ok, i found this ssti but i can’t find the flag i’m a newbee, so… how does a flag look like? Its like the invite code?It will look something like HTB{…}
Thx, my friend
and in this case it will be a text file (i.e. flag.txt)
i hope i’m not spoiling anything
Can someone pass me a hint on this one? Im able to get all the classes, but not creating file class or accessing any file.
Type your comment> @malm said:
Can someone pass me a hint on this one? Im able to get all the classes, but not creating file class or accessing any file.
You can search for common s*ti payloads.
If any one want a tip, just DM me.
Type your comment> @malm said:
Can someone pass me a hint on this one? Im able to get all the classes, but not creating file class or accessing any file.
same with me…
got to list all the classes, but dont know what to do anymore,… where are the flag is located at?
just trying to learn new skills, any hint is greatly appreciated
Done, Nice Challenge,
Remind me with Baby ninja web challenge 
I think i have located the flag.txt file but i cannot read it using read() function. Any help?
Spoiler Removed
@Bowolf i will PM you
Type your comment> @Unkn0wnUs3r123 said:
I think i have located the flag.txt file but i cannot read it using read() function. Any help?
maybe cat func will help u
managed to figure i needed to use ssti, but i’m stuck on what to inject, or if there is any other variable i should be using
guys am i supposed to only see a “site under construction” message? like is that part of the challenge?
@matrak091 said:
guys am i supposed to only see a “site under construction” message? like is that part of the challenge?
Yes
Type your comment> @Laur3n3 said:
@matrak091 said:
guys am i supposed to only see a “site under construction” message? like is that part of the challenge?
Yes
yo, could i get some help in dms
Hey, I am fairly new to CTF competitions. Could anyone help me on this. Also, how did you guys learn to do the CTF challenges. I found no learning material out there except for writeups that just give you the solution, so I feel very confused trying to work on problems because I don’t even know where to start. Any help would be amazing. Thank you in advance! P.S. I am in the 9th grade and want to learn cybersecurity, especially pen testing.
Type your comment> @alyslon said:
Type your comment> @Unkn0wnUs3r123 said:
I think i have located the flag.txt file but i cannot read it using read() function. Any help?
maybe cat func will help u
yes finally done with challenge. Last bit was how to read the flag which was rather easy actually
Hi all! Im a newbie and could use some help. Still stuck on the initial screen, I’m aware that there is an ssti exploit for jinja2. However not sure how to apply this. I tried to pass code through some random parameters in the url but didn’t get any reply.
Help is much appreciated, thanks in advance!
Hi! i found the vulnerability but no way to exploit it, i can’t find the flag