LiveOverflow | Exploiting Java Tomcat With a Crazy JSP Web Shell - Real World CTF 2022 @LiveOverflow | Uploaded 2 years ago | Updated 4 hours ago
This was a hard web CTF challenge involving a JSP file upload with very restricted character sets. We had to use the Expression Language (EL) to construct useful primitives and upload an ascii-only .jar file.
Alternative writeups: github.com/voidfyoo/rwctf-4th-desperate-cat/tree/main/writeup
Fuzzing log4j with Jazzer: youtube.com/watch?v=kvREvOvSWt4
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
This was a hard web CTF challenge involving a JSP file upload with very restricted character sets. We had to use the Expression Language (EL) to construct useful primitives and upload an ascii-only .jar file.
Alternative writeups: github.com/voidfyoo/rwctf-4th-desperate-cat/tree/main/writeup
Fuzzing log4j with Jazzer: youtube.com/watch?v=kvREvOvSWt4
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow