Exploiting Java Tomcat With a Crazy JSP Web Shell - Real World CTF 2022
LiveOverflow
@liveoverflowAbout
just a wannabe hacker... making videos about various IT security topics and participating in hacking competitions. -=[ β€οΈ Support me ]=- Patreon per Video: https://www.patreon.com/join/liveoverflow YouTube Membership per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ π Imprint ]=- Security Flag GmbH MΓΌhlenstraΓe 8a 14167 Berlin Germany
Latest Posts
Video Description
This was a hard web CTF challenge involving a JSP file upload with very restricted character sets. We had to use the Expression Language (EL) to construct useful primitives and upload an ascii-only .jar file. Alternative writeups: https://github.com/voidfyoo/rwctf-4th-desperate-cat/tree/main/writeup Fuzzing log4j with Jazzer: https://www.youtube.com/watch?v=kvREvOvSWt4 -=[ β€οΈ Support ]=- β per Video: https://www.patreon.com/join/liveoverflow β per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ π Social ]=- β Twitter: https://twitter.com/LiveOverflow/ β Instagram: https://instagram.com/LiveOverflow/ β Blog: https://liveoverflow.com/ β Subreddit: https://www.reddit.com/r/LiveOverflow/ β Facebook: https://www.facebook.com/LiveOverflow/
Secure Your Server Now
AI-recommended products based on this video
MOTOPOWER MP69033 Car OBD2 Scanner Code Reader Engine Fault Scanner CAN Diagnostic Scan Tool for All OBD II Protocol Cars Since 1996, Yellow
