Renderquest
https://app.hackthebox.com/challenges/renderquest
Last updated
https://app.hackthebox.com/challenges/renderquest
Last updated
CHALLENGE DESCRIPTION
You've found a website that lets you input remote templates for rendering. Your task is to exploit this system's vulnerabilities to access and retrieve a hidden flag. Good luck!
It's a website that allows you to make websites with templates, the website here will render it and display the output.
The juicy data lies here:
The provided features of the website will be rendered through this code:
It's a classic SSTI. Since we can load our own template here, we can abuse FetchServerInfo
method to get RCE.
{{.FetchServerInfo "cat /flag*" }}
what this line will do is call FetchServerInfo and send cat /flag*
as a parameter, as it's using sh -c
it will execute our cmd, giving us the flag
Flag: HTB{qu35t_f0r_th3_f0rb1dd3n_t3mpl4t35!!}
___________heapbytes' still pwning