https://hussienmisbah.github.io/tags/ssti/ Recent content in Ssti on 0xMesbaha Hugo en Mon, 25 Jul 2022 12:49:18 +0200 https://hussienmisbah.github.io/posts/web-exploitation/2022-07-25-flused-emoji/ Mon, 25 Jul 2022 12:49:18 +0200 https://hussienmisbah.github.io/posts/web-exploitation/2022-07-25-flused-emoji/ <p>Lexington Informatics Tournament CTF CTF 2022 was held from the 22nd of July Until the 25th of the month , and we have participated under the team 0xcha0s, we have managed to solve multiple challenges. this challenge was solved less than 50 times in the 3 days and it was really nice.</p> https://hussienmisbah.github.io/posts/linux-machines/2022-02-18-bolt/ Fri, 18 Feb 2022 00:45:12 +0200 https://hussienmisbah.github.io/posts/linux-machines/2022-02-18-bolt/ <p>In this Hackthebox we will go analyze a docker img files and from there will find some juicy stuff will help us login to a vhost &ldquo;demo&rdquo; which has some functions aren&rsquo;t in the main web application , from there we will exploit SSTI and gain low-privilege shell as www-data , during box enumeration we will find some passwords in the system which will let us get a user access , after that we will connect to a mysql database then will find a PGP encrypted message , somehow will gain the user private gpg key to decrypt the message which contains the root password .</p>