Exploiting Java Tomcat With a Crazy JSP Web Shell – Real World CTF 2022

35 Comments | Back end By · 28/11/2022



Exploiting Java Tomcat With a Crazy JSP Web Shell – Real World CTF 2022

Exploiting Java Tomcat With a Crazy JSP Web Shell - Real World CTF 2022

This was a hard web CTF challenge involving a JSP file upload with very restricted character sets. We had to use the Expression Language (EL) to construct useful primitives and upload an ascii-only .jar file.

Alternative writeups: https://github.com/voidfyoo/rwctf-4th-desperate-cat/tree/main/writeup
Fuzzing log4j with Jazzer: https://www.youtube.com/watch?v=kvREvOvSWt4

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

Comments are closed.

53GB.COM GPTSTORE CPU Yougpt Gptsio Gpt-store-Nav