Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/el634dev/jinja2-exploitexercise

Exercise only
https://github.com/el634dev/jinja2-exploitexercise

Last synced: 29 days ago
JSON representation

Exercise only

Awesome Lists containing this project

README

        

# Jinja2-ExploitMe

Clone this repo to begin the SSTI exploit activity in [ACS 3230](https://github.com/Tech-at-DU/ACS-3230-Web-Security/master/Lessons/ServerSideExploits.md).

**Complete the first two exploits and document your findings in your `README`. The rest are stretch challenges!**

## Setup (Docker)

### 1. Build the Image

```bash
docker build -t flask-image .
```

### 2. Run the Container

```bash
docker run -p 5001:5000 --rm --name flask-container flask-image
```

### 3. Access via Browser

## Setup (Manual)

1. Create a [new GitHub repo](https://github.com/new) and name it `Jinja2-ExploitMe`
2. Clone the [Jinja2-ExploitMe](https://github.com/Tech-at-DU/Jinja2-ExploitMe) repository
3. Run `git remote rm origin` in your local copy
4. Replace it using your new GitHub URL: `git remote add origin https://github.com/YOUR_USERNAME/YOUR_REPO_NAME`
5. Create a virtual environment for the project: `python3 -m venv venv`
6. Activate the virtual environment: `source venv/bin/activate`
7. Install the requirements `pip install -r requirements.txt`

**IMPORTANT**: DO NOT USE `pip3`! ALWAYS use `pip` and `python` with an activated virtual environment.
8. Run `export FLASK_ENV=development; flask run` to get started! Be sure to read the instructions on the sidebar.
9. Be sure to activate the virtual environment each time you work on the project.

## Usage

Run the following commands in your terminal:

```bash
source venv/bin/activate
export FLASK_ENV=development; flask run
```

Then, visit `http://localhost:5000` and complete the challenges listed in the sidebar.

## Deliverables

Please turn in your deliverables on [Gradescope](https://gradescope.com).

The first two challenges are graded. The remaining are stretch challenges!