Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/el634dev/jinja2-exploitexercise
Exercise only
https://github.com/el634dev/jinja2-exploitexercise
Last synced: 29 days ago
JSON representation
Exercise only
- Host: GitHub
- URL: https://github.com/el634dev/jinja2-exploitexercise
- Owner: el634dev
- License: mit
- Created: 2024-11-05T22:47:49.000Z (about 2 months ago)
- Default Branch: main
- Last Pushed: 2024-11-06T20:44:23.000Z (about 2 months ago)
- Last Synced: 2024-11-06T21:37:09.672Z (about 2 months ago)
- Language: HTML
- Size: 74.2 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Jinja2-ExploitMe
Clone this repo to begin the SSTI exploit activity in [ACS 3230](https://github.com/Tech-at-DU/ACS-3230-Web-Security/master/Lessons/ServerSideExploits.md).
**Complete the first two exploits and document your findings in your `README`. The rest are stretch challenges!**
## Setup (Docker)
### 1. Build the Image
```bash
docker build -t flask-image .
```### 2. Run the Container
```bash
docker run -p 5001:5000 --rm --name flask-container flask-image
```### 3. Access via Browser
## Setup (Manual)
1. Create a [new GitHub repo](https://github.com/new) and name it `Jinja2-ExploitMe`
2. Clone the [Jinja2-ExploitMe](https://github.com/Tech-at-DU/Jinja2-ExploitMe) repository
3. Run `git remote rm origin` in your local copy
4. Replace it using your new GitHub URL: `git remote add origin https://github.com/YOUR_USERNAME/YOUR_REPO_NAME`
5. Create a virtual environment for the project: `python3 -m venv venv`
6. Activate the virtual environment: `source venv/bin/activate`
7. Install the requirements `pip install -r requirements.txt`
**IMPORTANT**: DO NOT USE `pip3`! ALWAYS use `pip` and `python` with an activated virtual environment.
8. Run `export FLASK_ENV=development; flask run` to get started! Be sure to read the instructions on the sidebar.
9. Be sure to activate the virtual environment each time you work on the project.## Usage
Run the following commands in your terminal:
```bash
source venv/bin/activate
export FLASK_ENV=development; flask run
```Then, visit `http://localhost:5000` and complete the challenges listed in the sidebar.
## Deliverables
Please turn in your deliverables on [Gradescope](https://gradescope.com).
The first two challenges are graded. The remaining are stretch challenges!