ZipSlip w/ TAR & Server-Side Template Injection - HackTheBox University CTF - "Slippy"

heyy John, I've been watching hours of your content and I think this is the right moment to leave a comment.
I really love your videos and especially the rythm and the way you say everything that goes through your mind
I'm still kind of half a noob at programming but listening to you thinking and testing stuff is way more enjoyable and inspiring than boring tutorials
Thank your for sharing your knowledge, I wish you the best from France
-A random dude that learns and devs web and python apps in his bedroom at parents'

Love your vids man, teaching me to be a better programmer and problem solver...thanks for sharing your brain and time.

"Werkzeug" is german for "tool". Watching you is so interesting and helpful, love your videos. Greetings from germany.

john i've been subscribed for years and was really big on your channel about early last year. I fell off because of school and other stuff but tonight i sat down and watched the whole thing through, which I normally never do to any youtube video. now my itch is back and I want to get back into CTFs. thanks for sticking around and for the constant flow of informative engaging content.

I found your channel many months ago through these kinds of videos, and here I am, still watching these videos.

That's why I always run the webserver as a low privileged user and set all permission on files as read-only (for the web server user).
Anyway as always thank you for sharing the knowledge!

I’m a front end dev but can’t stop watching your videos. Is this a sign?? Haha

Love the videos, they are always so much to absorb I love it. your probably aware of this one, but when you get a code output that's is all jumbled.
rather then trying to splitting the code up. which works no doubt, just seems quicker or run it through an online code beautifier. some code editors might have a auto beautifier. they have them for most of the code language's.
they doesn't alter the code just makes it human readable. puts in the tabs in the right spot for python. or other code types. also adds color for more complicated code which is a nice touch.

opening a totally new world with you man, excellent

Would be interested to see a CTF where you are to attack a Spring Boot Java application. Love the videos BTW!

I'm 100% using "That floated my fancy" in my day to day conversation from now on.

no chapters in a 40 min video 😱 this was a great challenge! nice to see the extra exploration of SSTI, i just replaced one of the python files with a modified version containing some friendly (totally non malicious) code 😈

As always, amazing video. Thank you John.

Since it was running as root, could have just injected a python script to give you reverse TCP and it should be a reverse shell running as root, correct?

I am your great fan john,
I have learnt many stuffs from your vids

Sublime allows you to open an entire folder at a time so that its easier for the viewers to follow along on where you are in the file tree

well done as always! Thanks.

Great video, thanks for sharing!

So cool

I love pretending like I know what's going on.
*internal screaming*

impressed and subscribed

That tickled my boat

How did u find that file i want that filewhere i can that file or information plzz reply

can you tell us about Cyber Santa is Coming to Town (hackthebox ) challenge

Is StackOverflow really for anything Other Than new bastardized code?

If that's Difficulty 1 I'm curious to what's involved in the 4-star problems.

welcom back cyber sct

As a hypothetical, if you were to engage this type of web app in a black box situation, how would you go about identifying the Zip Slip vuln on this machine? I'm having trouble wrapping my head around how to look at CTF boxes from a scope of work type of perspective. Do most of these types of vulns only get discovered in situations where you're allowed to audit (via source code or some other grey/white box situation) that this app is mishandling TAR and such? sorry if that's a complex question. Love your videos. Thanks for all you do for this community.

why are all these unlisted?

Hey man .. can u please share the downloadable files (Dockerfile , app source code etc) from the challenge ?

Class Pickle??!!??!! That better damn well be a DILL class!!!
Look near his image at 34:00

when day 2?

Malloc?

I loved how you were analysing the source codes, is there any tutorials for that?

Ya know.... The thing that actually bothers me deeply is .
'Why the hell .. Why the bloody hell is directory climbing ALLOWED?'
Preventing the ' .. ' would seriously nix the 'slippy' faults, and alot of the injection exploits?
-- I'd also be very warry of how I allowed updates & debugging, let alone enabling some Read Only access to the web server to key script files.

didn’t even get a reverse shell into the container, very disappointed

dont get the exploit. its just normal posix behaviour? lol

Where i can learn cybersec from scratch for free (sorry for my english)

Is it only me or is there something weird with the sound?

How this is supposed to be beginner level

I posted the phone number Melissa Vicky Stevenson and Jimbo identity thefts scammers ask to call me

2nd comment

God damn. Those soy face thumbnails are really an eye sore in my suggestions...

Finally gotta unsubscribe because of the thumbnails.

Anybody know why changing info.mtime make it work ?