baby ninja jinja

Hope you guys enjoy the challenge, I've started a discussion since I didn't see one yet.

Tagged:

Comments

  • edited June 2020

    SSTI?

  • How do you scan a Docker? Like we do wpscan?

  • another one of those challenges where i feel like the solution should be relatively simple and quick, but in the end it takes me hours and a convoluted payload :P

    had a lot of fun though and i learned a trick or two

    0x41

  • I used a technique from interdimensional internet to exfiltrate the data (the right one, not the slow one), but I have a gut feeling that there is a better way

    joeblogg801

  • edited June 2020

    Type your comment> @joeblogg801 said:

    I used a technique from interdimensional internet to exfiltrate the data (the right one, not the slow one), but I have a gut feeling that there is a better way

    i did the same thing, only better way would be to set the l***** s****** c***** and at that point you might as well just not ¯\_(ツ)_/¯
    hmu if you wanna exchange payloads :P

    0x41

  • I think there are multiple way to solve it, in my case I wrote data in i****.****

    Hack The Box

  • Wow this was harder than expected.

  • The console doesn't work at all for me... i'm not talking about the PIN. Is this a rabbit-hole ?

    lebutter
    eCPPT | OSCP

  • edited June 2020

    Could you share your hints please? Is the "story" relevant? Where should we dig deeper? Is d---g or c-----e the way to go? S--i? etc. Thanks!

  • Can anyone please help me how to get start with this?
  • Can anyone help. Stuck much time

  • Wow. I learned a lot about how jinja can be exploited. Should be marked as a hard challenge though.
    Trying not to spoil to give you some hints:

    • lots of info on google about typical jinja attack
    • bypass
    • what can you control when you're in the dark and hungry?
  • needed a little push but that was a great challenge! the best I've played so far.

  • I'm stuck at one of the bypasses. Can anyone drop me a hint via DM?
    Thanks!!! T_T

  • That was quite hard and lots of fun!!! I wasn't able to bypass the filters and this made getting the response a bit harder, DM me if you could and we can exchange payloads. I'm glad I didn't have to sleep for days without the flag. Kudos @makelaris

  • edited August 2020

    Can I get a small nudge on this ? I bypassed everything (saw the db as well) but I'm not sure where the flag is. Am I supposed to use imports ? Would appreciate any nudge in a DM

    Edit: Got it, nevermind

  • I am not able to bypass the filter, can anyone help ?

  • Didn't sleep tonight, but I did. Very nice challenge!

  • Is there supposed to be a cookie? One isn't being set, and if I just make my own, nothing happens

    Hilbert

  • figured it out, two diff ways actually

    that was hard

    Hilbert

  • I have the l***** s****** c***** but now I don't know how to continue. Maybe SQLi? I would appreciate some hints, thanks :)

Sign In to comment.