Channel: LiveOverflow

Category: Education

Tags: jsp shellroot.warjvmliveoverflowtomcatreal world ctfweb.xmlcapture the flagdesperate catweb shellrealworld ctfdockerhow to hackexploit tutorialjdklive overflowhacking tutorialjavactfmd5

Description: This was a hard web CTF challenge involving a JSP file upload with very restricted character sets. We had to use the Expression Language (EL) to construct useful primitives and upload an ascii-only .jar file. Alternative writeups: github.com/voidfyoo/rwctf-4th-desperate-cat/tree/main/writeup Fuzzing log4j with Jazzer: youtube.com/watch?v=kvREvOvSWt4 -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow