baby ninja jinja

Hope you guys enjoy the challenge, I've started a discussion since I didn't see one yet.

Tagged:

Comments

  • edited June 1

    SSTI?

  • How do you scan a Docker? Like we do wpscan?

  • another one of those challenges where i feel like the solution should be relatively simple and quick, but in the end it takes me hours and a convoluted payload :P

    had a lot of fun though and i learned a trick or two

    0x41

  • I used a technique from interdimensional internet to exfiltrate the data (the right one, not the slow one), but I have a gut feeling that there is a better way

    joeblogg801

  • edited June 2

    Type your comment> @joeblogg801 said:

    I used a technique from interdimensional internet to exfiltrate the data (the right one, not the slow one), but I have a gut feeling that there is a better way

    i did the same thing, only better way would be to set the l***** s****** c***** and at that point you might as well just not ¯\_(ツ)_/¯
    hmu if you wanna exchange payloads :P

    0x41

  • I think there are multiple way to solve it, in my case I wrote data in i****.****

    Hack The Box

  • Wow this was harder than expected.

  • The console doesn't work at all for me... i'm not talking about the PIN. Is this a rabbit-hole ?

    lebutter
    eCPPT | OSCP

  • edited June 9

    Could you share your hints please? Is the "story" relevant? Where should we dig deeper? Is d---g or c-----e the way to go? S--i? etc. Thanks!

  • Can anyone please help me how to get start with this?
  • Can anyone help. Stuck much time

  • Wow. I learned a lot about how jinja can be exploited. Should be marked as a hard challenge though.
    Trying not to spoil to give you some hints:

    • lots of info on google about typical jinja attack
    • bypass
    • what can you control when you're in the dark and hungry?
  • needed a little push but that was a great challenge! the best I've played so far.

  • I'm stuck at one of the bypasses. Can anyone drop me a hint via DM?
    Thanks!!! T_T

Sign In to comment.