Spider Write-up by evyatar9

Read my writeup for Spider machine machine on:


User: Playing with the registration of the website and examining the cookie, Use STTI Attack on username field, Get SECRET_KEY and use it to sign a session cookie, Using Flask-Unsign to create malicious cookies and discover SQL Injection Using sqlmap, Getting Chiv’s password from sqlmap then logging into the web portal, On the portal, we found a message with a link to another portal with submitting ticket option, From that, we can use STTI-Server-Side-Template-Injection to get a reverse shell.

Root: Found local port 8080 with shopping portal, Using SSH tunnel to setup a port forward which allows us to hit on the remote host, Using XXE injection on login/logout fields to read files, Grabbing the SSH key and logging in as root.